Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with Sirefef / Conedex.B /agent.BA


  • This topic is locked This topic is locked
14 replies to this topic

#1 peter_uk

peter_uk

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 29 July 2012 - 03:33 PM

Hi there,
I had just resumed my computer from sleep to be confronted by eset nod32 telling me that services.exe is infected with patched.B.Gen trojan attached a small selection of the start of the nod32 log. At the moment I don't seem to be suffering for any noticeable problems except for nod32 reattime system protection poping up saying that it has deleted/ quarantined another file.
Any help on how to remove this would be much appriciated
Thanks



29/07/2012 18:15:02 Real-time file system protection file C:\Windows\assembly\GAC_32\Desktop.ini Win32/Sirefef.EZ trojan deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\System32\services.exe.

29/07/2012 18:14:51 Real-time file system protection file C:\Windows\assembly\GAC_64\Desktop.ini Win64/Sirefef.AD trojan deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Windows\System32\services.exe.

29/07/2012 18:14:50 Real-time file system protection file C:\Windows\system32\services.exe Win64/Patched.B.Gen trojan unable to clean NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Users\Peter\AppData\Local\Temp\0138d3bb8a66.exe.

29/07/2012 18:14:50 Real-time file system protection file C:\Windows\Installer\{cb6c7b0b-775a-f759-a47c-d7cd0d0ebe41}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\Users\Peter\AppData\Local\Temp\0138d3bb8a66.exe.

29/07/2012 18:14:45 Real-time file system protection file C:\Users\Peter\AppData\Local\{cb6c7b0b-775a-f759-a47c-d7cd0d0ebe41}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined Peter-PC\Peter Event occurred on a new file created by the application: C:\Users\Peter\AppData\Local\Temp\0138d3bb8a66.exe.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Peter at 20:38:11 on 2012-07-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.6143.3398 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe
C:\Program Files (x86)\OpenDNS\DNSCrypt\dnscrypt-proxy.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k bthaudiosvc
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\VIA\RAID\vialogsv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\atieclxx.exe
C:\Program Files\Protector Suite\upeksvr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSInterface.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Protector Suite\psqltray.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Canon\CanoScan Toolbox Ver4.9\CSTBox.exe
C:\Program Files (x86)\Mozilla Firefox4\firefox.exe
C:\Program Files (x86)\Mozilla Firefox4\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Program Files (x86)\Mozilla Firefox4\plugin-container.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\Downloads\aswMBR.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox4\plugin-container.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.ask.com?o=15007&l=dis
uInternet Settings,ProxyServer = 200.192.248.11:8080
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Sopcast Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Sopcast Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [<NO NAME>]
uRun: [userlogon32] C:\Users\Peter\AppData\Roaming\userlogon32\userlogon32.exe
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [AdobeBridge]
uRun: [Google Update] "C:\Users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1
StartupFolder: C:\Users\Peter\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENDN~1.LNK - C:\Windows\Installer\{E811D3DC-A647-4744-9CA6-BD4707D2808B}\_41100329364C94A5913B21.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
Trusted Zone: shopandscan.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{04A66736-DEC4-41FD-BB75-2D0D966E6797} : DhcpNameServer = 87.194.255.155
TCP: Interfaces\{04A66736-DEC4-41FD-BB75-2D0D966E6797}\26F687 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1D92BCE9-907B-4F92-BB40-9F4D7A1BF7A7} : NameServer = 127.0.0.1
TCP: Interfaces\{1D92BCE9-907B-4F92-BB40-9F4D7A1BF7A7} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1D92BCE9-907B-4F92-BB40-9F4D7A1BF7A7}\244584572633D215437443 : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{1D92BCE9-907B-4F92-BB40-9F4D7A1BF7A7}\4646D2772747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{841BD38A-6E0F-46A7-936A-8758DEE7E09E} : NameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{8BE020F7-5495-4807-A97A-49730D6F1523} : NameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{942B82F8-5864-4CE1-8C8F-06EEB90B37D1} : NameServer = 127.0.0.1
TCP: Interfaces\{942B82F8-5864-4CE1-8C8F-06EEB90B37D1} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B81B67B2-E3C7-40E7-AB84-2390CD81623C} : DhcpNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Sopcast Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Sopcast Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun-x64: [CTHelper] CTHELPER.EXE
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\uz41i18u.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:newtab
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Users\Peter\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\uz41i18u.default\extensions\coralietab@mozdev.org\plugins\npCoralIETab.dll
FF - plugin: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\uz41i18u.default\extensions\passwordbank@authentec.com\plugins\5.9.6.7134\nppbff.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Soluto;Soluto;C:\Windows\system32\Drivers\Soluto.sys --> C:\Windows\system32\Drivers\Soluto.sys [?]
R0 viamrx64;viamrx64;C:\Windows\system32\DRIVERS\viamrx64.sys --> C:\Windows\system32\DRIVERS\viamrx64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DNSCrypt;OpenDNSCrypt;C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe [2012-5-17 14336]
R2 Dokan;Dokan;\??\C:\Windows\system32\drivers\dokan.sys --> C:\Windows\system32\drivers\dokan.sys [?]
R2 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2010-7-5 11776]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-11-16 735960]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 HFGService;Handsfree Headset Service;C:\Windows\system32\svchost.exe -k bthaudiosvc [2009-7-14 20992]
R2 VRAID Log Service;VRAID Log Service;C:\Program Files (x86)\VIA\RAID\vialogsv.exe [2010-2-4 52888]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BthAudioHF;BthAudioHF Service;C:\Windows\system32\DRIVERS\BthAudioHF.sys --> C:\Windows\system32\DRIVERS\BthAudioHF.sys [?]
R3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\system32\DRIVERS\BthAvrcp.sys --> C:\Windows\system32\DRIVERS\BthAvrcp.sys [?]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
R3 csr_a2dp;Bluetooth AV Profile;C:\Windows\system32\drivers\bthav.sys --> C:\Windows\system32\drivers\bthav.sys [?]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
R3 ctgame;Game Port;C:\Windows\system32\DRIVERS\ctgame.sys --> C:\Windows\system32\DRIVERS\ctgame.sys [?]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
R3 LgBttPort;LGE Bluetooth TransPort;C:\Windows\system32\DRIVERS\lgbtpt64.sys --> C:\Windows\system32\DRIVERS\lgbtpt64.sys [?]
R3 lgbusenum;LG Bluetooth Bus Enumerator;C:\Windows\system32\DRIVERS\lgbtbs64.sys --> C:\Windows\system32\DRIVERS\lgbtbs64.sys [?]
R3 LGVMODEM;LGE Virtual Modem;C:\Windows\system32\DRIVERS\lgvmdm64.sys --> C:\Windows\system32\DRIVERS\lgvmdm64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\rtl8187.sys --> C:\Windows\system32\DRIVERS\rtl8187.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-3-24 148072]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 .EsetTrialReset;Eset Trial Reset;C:\Windows\reset.exe [2009-3-13 357182]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-24 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 257224]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
S3 COMMONFX;COMMONFX;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-2-4 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-2-4 79360]
S3 CsrBtPort;Csr Bluetooth Device Driver;C:\Windows\system32\DRIVERS\CsrBtPort.sys --> C:\Windows\system32\DRIVERS\CsrBtPort.sys [?]
S3 csrusb;CSR USB driver for Bluetooth dongle;C:\Windows\system32\Drivers\csrusb.sys --> C:\Windows\system32\Drivers\csrusb.sys [?]
S3 CTAUDFX;CTAUDFX;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTSBLFX;CTSBLFX;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
S3 ghsdiagMDM;Handset Diagnostic Port;C:\Windows\system32\DRIVERS\ghsdiagMDM.sys --> C:\Windows\system32\DRIVERS\ghsdiagMDM.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-24 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-14 20992]
S3 optousb;OPTO ELECTRONICS optousb;C:\Windows\system32\DRIVERS\optousb.sys --> C:\Windows\system32\DRIVERS\optousb.sys [?]
S3 optovcm;OPTO ELECTRONICS optovcm;C:\Windows\system32\DRIVERS\optovcm.sys --> C:\Windows\system32\DRIVERS\optovcm.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe [2010-9-14 93848]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 usbUDisc;usbUDisc;C:\Windows\system32\DRIVERS\USBDrv_AMD64.sys --> C:\Windows\system32\DRIVERS\USBDrv_AMD64.sys [?]
S3 zghsdiag;ZTE General Handset Diagnostic Port;C:\Windows\system32\DRIVERS\zghsdiag.sys --> C:\Windows\system32\DRIVERS\zghsdiag.sys [?]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary;C:\Windows\system32\DRIVERS\zghsmdm.sys --> C:\Windows\system32\DRIVERS\zghsmdm.sys [?]
S3 zghsnmea;ZTE General Handset NMEA Port;C:\Windows\system32\DRIVERS\zghsnmea.sys --> C:\Windows\system32\DRIVERS\zghsnmea.sys [?]
S4 AutoKMS;AutoKMS;C:\Windows\AutoKMS\AutoKMS.exe [2011-12-8 732160]
S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S4 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-10 993848]
S4 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-10 399416]
S4 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-1-25 547872]
.
=============== Created Last 30 ================
.
2012-07-29 19:34:28 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-29 19:33:32 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-29 17:20:52 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-27 10:24:49 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AF2CF6E0-6CD5-4ACE-9849-42ADF7415EE1}\mpengine.dll
2012-07-27 10:24:27 -------- d-----w- C:\be5c36ca97819c4d9a0c689d6f93c1
2012-07-22 09:41:21 -------- d-----w- C:\ProgramData\Canneverbe Limited
2012-07-22 09:41:20 -------- d-----w- C:\Users\Peter\AppData\Roaming\Canneverbe Limited
2012-07-17 21:27:21 -------- d-----w- C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 7.5
2012-07-14 15:33:05 -------- d-----w- C:\Program Files (x86)\GUM2B7A.tmp
2012-07-12 14:23:37 -------- d-----w- C:\Program Files (x86)\GUM9DAB.tmp
2012-07-11 23:32:07 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 08:59:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 08:58:59 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 08:58:59 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-07-03 10:46:47 -------- d-----w- C:\Windows\KMSAct
.
==================== Find3M ====================
.
2012-07-27 16:40:08 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 16:40:08 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-27 16:40:04 9821896 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-07-05 21:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-03 11:09:42 151552 ----a-w- C:\Windows\KMSEmulator.exe
2012-06-18 12:34:44 19032 ------w- C:\Windows\System32\pwdrvio.sys
2012-06-18 12:34:42 2966720 ----a-w- C:\Windows\System32\pwNative.exe
2012-06-18 12:34:42 12384 ------w- C:\Windows\System32\pwdspio.sys
2012-06-12 11:40:04 1110248 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll
2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll
2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll
2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe
2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll
2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll
2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-04 00:17:40 17280 ----a-w- C:\Windows\System32\drivers\USBDrv_AMD64.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 11:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-30 06:17:46 71680 ----a-w- C:\Windows\System32\frapsv64.dll
2012-05-30 06:17:44 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2012-05-12 19:37:48 64 ----a-w- C:\Windows\Fh.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 11:00:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
.
============= FINISH: 20:41:53.74 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 PM

Posted 30 July 2012 - 12:42 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 peter_uk

peter_uk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 30 July 2012 - 07:53 AM

When booting up pc this morning nod32 service for scanning http and pop mail had been disabled and I was unable to check windows firewall or windows update. Nod32 was still deleting / quartering infected files.

30/07/2012 11:00:48 Startup scanner file Operating memory » firefox.exe(4736) a variant of Win32/Sirefef.FD trojan unable to clean

30/07/2012 11:00:47 Startup scanner file Operating memory » C:\Windows\assembly\GAC_32\Desktop.ini a variant of Win32/Sirefef.EZ trojan

These were 2 new enqueue entries in nod32.

After running combofix nod32 seems to be running fine. I am now able to run windows firewall and check windows update and nod32 real time scanner is not flagging anything up.

Below is security check and combo fix log.


Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
ESET NOD32 Antivirus 4.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
Secunia PSI (3.0.0.3001)
JavaFX 2.1.1
Java™ 7 Update 5
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
Google Chrome Dec_Config.ini..
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````




ComboFix 12-07-30.01 - Peter 30/07/2012 11:39:48.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.6143.4567 [GMT 1:00]
Running from: c:\users\Peter\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml7215.tmp
c:\programdata\xml73AC.tmp
c:\programdata\xml74D5.tmp
c:\users\Laura\Neil .vcf
c:\users\Peter\AppData\Roaming\ctfmon.exe
c:\users\Peter\AppData\Roaming\userlogon32\userlogon32.exe
c:\users\Public\22192010
c:\users\Public\22192010\P21-09-10_15.59.JPG
c:\users\Public\22192010\P21-09-10_15.59[01].JPG
c:\users\Public\22192010\P21-09-10_15.59[02].JPG
c:\users\Public\22192010\P21-09-10_15.59[03].JPG
c:\windows\Fh.dll
c:\windows\Installer\{cb6c7b0b-775a-f759-a47c-d7cd0d0ebe41}\@
c:\windows\Installer\{cb6c7b0b-775a-f759-a47c-d7cd0d0ebe41}\L\00000004.@
c:\windows\Installer\{cb6c7b0b-775a-f759-a47c-d7cd0d0ebe41}\L\201d3dde
c:\windows\Installer\{cb6c7b0b-775a-f759-a47c-d7cd0d0ebe41}\U\00000004.@
c:\windows\Installer\{cb6c7b0b-775a-f759-a47c-d7cd0d0ebe41}\U\80000000.@
c:\windows\Installer\{cb6c7b0b-775a-f759-a47c-d7cd0d0ebe41}\U\80000032.@
c:\windows\Installer\{cb6c7b0b-775a-f759-a47c-d7cd0d0ebe41}\U\80000064.@
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\WinRAR
c:\windows\WinRAR\uninstall.exe
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 10:53 . 2012-07-30 10:53 -------- d-----w- c:\users\Laura\AppData\Local\temp
2012-07-30 10:53 . 2012-07-30 10:53 -------- d-----w- c:\users\test\AppData\Local\temp
2012-07-30 10:53 . 2012-07-30 10:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 19:35 . 2012-07-29 19:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-29 19:34 . 2012-07-29 19:34 -------- d-----w- c:\program files (x86)\Oracle
2012-07-29 19:33 . 2012-07-05 21:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-29 17:20 . 2012-07-29 17:20 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-25 11:13 . 2012-07-25 11:13 -------- d-----w- c:\program files\Recuva
2012-07-22 09:41 . 2012-07-22 09:41 -------- d-----w- c:\programdata\Canneverbe Limited
2012-07-22 09:41 . 2012-07-22 09:41 -------- d-----w- c:\users\Peter\AppData\Roaming\Canneverbe Limited
2012-07-22 09:41 . 2012-07-22 09:41 -------- d-----w- c:\program files (x86)\CDBurnerXP
2012-07-21 18:41 . 2012-07-21 18:41 -------- d-----w- c:\program files\WinRAR
2012-07-17 21:27 . 2012-07-17 21:27 -------- d-----w- c:\program files (x86)\MiniTool Partition Wizard Home Edition 7.5
2012-07-14 15:33 . 2012-07-14 15:33 -------- d-----w- c:\program files (x86)\GUM2B7A.tmp
2012-07-12 14:23 . 2012-07-12 14:23 -------- d-----w- c:\program files (x86)\GUM9DAB.tmp
2012-07-11 23:32 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 08:59 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 08:58 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 08:58 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-03 10:46 . 2012-07-03 10:46 -------- d-----w- c:\windows\KMSAct
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 16:40 . 2012-03-29 19:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 16:40 . 2011-05-15 09:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 16:40 . 2012-04-19 20:40 9821896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-11 23:25 . 2009-10-14 12:51 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-05 21:06 . 2010-06-03 19:41 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 11:09 . 2011-12-08 12:21 151552 ----a-w- c:\windows\KMSEmulator.exe
2012-06-29 10:04 . 2012-07-27 10:24 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF2CF6E0-6CD5-4ACE-9849-42ADF7415EE1}\mpengine.dll
2012-06-18 12:34 . 2010-10-12 02:50 19032 ------w- c:\windows\system32\pwdrvio.sys
2012-06-18 12:34 . 2010-10-12 02:50 2966720 ----a-w- c:\windows\system32\pwNative.exe
2012-06-18 12:34 . 2010-10-12 02:50 12384 ------w- c:\windows\system32\pwdspio.sys
2012-06-12 11:40 . 2012-06-12 11:10 1110248 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2010-11-26 02:58 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2010-05-05 02:18 1090560 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2010-05-05 01:56 6914560 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2010-11-26 02:30 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2010-11-26 02:22 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2010-05-05 01:22 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2010-08-26 01:19 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-04 00:17 . 2012-06-04 00:17 17280 ----a-w- c:\windows\system32\drivers\USBDrv_AMD64.sys
2012-06-02 22:19 . 2012-06-21 09:07 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 09:07 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 09:08 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 09:08 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 09:07 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 09:07 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 09:07 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-21 09:07 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-21 09:07 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 11:25 . 2009-10-14 12:52 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-30 06:17 . 2012-05-30 06:17 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-05-30 06:17 . 2012-05-30 06:17 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2012-05-04 11:06 . 2012-06-13 09:04 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-13 10:48 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-13 09:04 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 09:04 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-13 10:48 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 18:17 1487240 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-03-24 597736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"AsioThk32Reg"="CTASIO.DLL" [2009-06-23 47104]
"CTHelper"="CTHELPER.EXE" [2009-06-23 19456]
"VirtualCloneDrive"="c:\program files (x86)\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
c:\users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OpenDNSCrypt.lnk - c:\windows\Installer\{E811D3DC-A647-4744-9CA6-BD4707D2808B}\_41100329364C94A5913B21.exe [2012-6-29 4710]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [2009-03-20 357182]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 257224]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-10-18 38424]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2009-06-23 158744]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-02-04 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-04 79360]
R3 CsrBtPort;Csr Bluetooth Device Driver;c:\windows\system32\DRIVERS\CsrBtPort.sys [2011-01-13 2053632]
R3 csrusb;CSR USB driver for Bluetooth dongle;c:\windows\system32\Drivers\csrusb.sys [2011-01-13 44032]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2009-06-23 706584]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2009-06-23 141848]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2009-06-23 141848]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2009-06-23 680984]
R3 ghsdiagMDM;Handset Diagnostic Port;c:\windows\system32\DRIVERS\ghsdiagMDM.sys [2011-11-28 122496]
R3 GPU-Z;GPU-Z;c:\users\Peter\AppData\Local\Temp\GPU-Z.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2010-07-26 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2010-07-26 171008]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\DRIVERS\optousb.sys [2010-03-24 27264]
R3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\DRIVERS\optovcm.sys [2010-03-24 34304]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-06-18 19032]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-06-18 12384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 448512]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe [2009-08-10 93848]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-07-25 1326176]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 usbUDisc;usbUDisc;c:\windows\system32\DRIVERS\USBDrv_AMD64.sys [2012-06-04 17280]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys [2011-01-13 122624]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [2011-01-13 122624]
R3 zghsnmea;ZTE General Handset NMEA Port;c:\windows\system32\DRIVERS\zghsnmea.sys [2011-01-13 122624]
R4 AutoKMS;AutoKMS;c:\windows\AutoKMS\AutoKMS.exe [2011-12-08 732160]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R4 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-01-25 547872]
S0 Soluto;Soluto;c:\windows\system32\Drivers\Soluto.sys [2012-01-25 54728]
S0 viamrx64;viamrx64;c:\windows\system32\DRIVERS\viamrx64.sys [2008-07-09 136192]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 DNSCrypt;OpenDNSCrypt;c:\program files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe [2012-05-17 14336]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2010-07-06 106888]
S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2010-07-05 11776]
S2 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 136584]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 123200]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-07-25 681056]
S2 VRAID Log Service;VRAID Log Service;c:\program files (x86)\VIA\RAID\vialogsv.exe [2008-09-24 52888]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [2009-12-21 52224]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2009-06-23 158744]
S3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [2009-12-21 78848]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2009-06-23 706584]
S3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [2009-06-23 26264]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2009-06-23 680984]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [2009-09-29 16384]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [2009-09-29 14848]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [2009-09-29 17408]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 17:32]
.
2012-07-03 c:\windows\Tasks\AutoKMSCustom.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-12-08 12:14]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 10:32]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 10:32]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1536288215-1771163988-3955357307-1001Core.job
- c:\users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-27 22:45]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1536288215-1771163988-3955357307-1001UA.job
- c:\users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-27 22:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2011-04-07 23:02 5928264 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2011-04-07 23:02 5928264 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2716216]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2011-04-07 85320]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://uk.ask.com?o=15007&l=dis
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 200.192.248.11:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: shopandscan.com\www
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1D92BCE9-907B-4F92-BB40-9F4D7A1BF7A7}: NameServer = 127.0.0.1
TCP: Interfaces\{841BD38A-6E0F-46A7-936A-8758DEE7E09E}: NameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{8BE020F7-5495-4807-A97A-49730D6F1523}: NameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{942B82F8-5864-4CE1-8C8F-06EEB90B37D1}: NameServer = 127.0.0.1
DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\uz41i18u.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:newtab
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-userlogon32 - c:\users\Peter\AppData\Roaming\userlogon32\userlogon32.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-AsioReg - CTASIO.DLL
HKLM-Run-userlogon32 - c:\users\Peter\AppData\Roaming\userlogon32\userlogon32.exe
HKLM-Run-EvtMgr6 - c:\program files\Logitech\SetPointP\SetPoint.exe
AddRemove-CheckCRC - c:\users\Peter\AppData\Local\Temp\Rar$EX00.075\CheckCRC.exe
AddRemove-dBpoweramp Batch Ripper - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp CD Writer - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Dalet Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Mp2 and BwfMp2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp mp3 (Fraunhofer IIS) Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Real Audio (Helix) Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPoweramp tooLame MP2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Wave64 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Arrange Audio] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Audio Info] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Calculate Audio CRC] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Channel Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ID Tag Update] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Length Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Multi Encoder] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ReplayGain] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Tag From Filename] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-Foxit Reader_is1 - c:\program files (x86)\Foxit Software\Foxit Reader\unins000.exe
AddRemove-McAfee Security Scan - c:\program files (x86)\McAfee Security Scan\uninstall.exe
AddRemove-Ulisess Seguridad 10.0.2 - c:\users\Peter\Desktop\nod\New folder\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\OpenDNS\DNSCrypt\dnscrypt-proxy.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\OpenDNS\DNSCrypt\OpenDNSInterface.exe
c:\windows\SysWOW64\CtHelper.exe
.
**************************************************************************
.
Completion time: 2012-07-30 12:02:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-30 11:02
.
Pre-Run: 134,976,081,920 bytes free
Post-Run: 200,372,985,856 bytes free
.
- - End Of File - - DA79A17B189F21E62BA81C49B54C5095

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 PM

Posted 30 July 2012 - 11:27 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 peter_uk

peter_uk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 31 July 2012 - 05:31 AM

I had no problems running TDSS and it reported no problems but I couldn't get awsMBR to complete a scan always crashing somewhere around the 30-40 min mark. I had tried it after a reboot, disabling nod32, booting into safe mode and as admin in safe mode it either crashed or once I even got a bsod


20:43:53.0159 2900 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:43:53.0819 2900 ============================================================
20:43:53.0819 2900 Current date / time: 2012/07/30 20:43:53.0819
20:43:53.0819 2900 SystemInfo:
20:43:53.0819 2900
20:43:53.0819 2900 OS Version: 6.1.7601 ServicePack: 1.0
20:43:53.0819 2900 Product type: Workstation
20:43:53.0819 2900 ComputerName: PETER-PC
20:43:53.0819 2900 UserName: Peter
20:43:53.0819 2900 Windows directory: C:\Windows
20:43:53.0819 2900 System windows directory: C:\Windows
20:43:53.0819 2900 Running under WOW64
20:43:53.0819 2900 Processor architecture: Intel x64
20:43:53.0819 2900 Number of processors: 2
20:43:53.0819 2900 Page size: 0x1000
20:43:53.0819 2900 Boot type: Normal boot
20:43:53.0819 2900 ============================================================
20:43:54.0779 2900 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:43:54.0779 2900 Drive \Device\Harddisk1\DR1 - Size: 0x4CB1100000 (306.77 Gb), SectorSize: 0x200, Cylinders: 0x9C6D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:43:54.0809 2900 ============================================================
20:43:54.0809 2900 \Device\Harddisk0\DR0:
20:43:54.0809 2900 MBR partitions:
20:43:54.0809 2900 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:43:54.0809 2900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
20:43:54.0809 2900 \Device\Harddisk1\DR1:
20:43:54.0809 2900 MBR partitions:
20:43:54.0809 2900 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2658152D
20:43:54.0809 2900 ============================================================
20:43:54.0879 2900 C: <-> \Device\Harddisk0\DR0\Partition1
20:43:54.0919 2900 D: <-> \Device\Harddisk1\DR1\Partition0
20:43:54.0919 2900 ============================================================
20:43:54.0919 2900 Initialize success
20:43:54.0919 2900 ============================================================
20:44:11.0689 3460 ============================================================
20:44:11.0689 3460 Scan started
20:44:11.0689 3460 Mode: Manual;
20:44:11.0689 3460 ============================================================
20:44:12.0459 3460 .EsetTrialReset - ok
20:44:12.0579 3460 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:44:12.0579 3460 1394ohci - ok
20:44:12.0639 3460 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:44:12.0639 3460 ACPI - ok
20:44:12.0669 3460 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:44:12.0669 3460 AcpiPmi - ok
20:44:12.0709 3460 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
20:44:12.0719 3460 adfs - ok
20:44:12.0839 3460 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:44:12.0839 3460 AdobeFlashPlayerUpdateSvc - ok
20:44:12.0889 3460 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:44:12.0889 3460 adp94xx - ok
20:44:12.0919 3460 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:44:12.0919 3460 adpahci - ok
20:44:12.0939 3460 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:44:12.0939 3460 adpu320 - ok
20:44:12.0959 3460 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:44:12.0959 3460 AeLookupSvc - ok
20:44:13.0009 3460 AF15BDA (0517e1670a58213e3f206066cd209273) C:\Windows\system32\DRIVERS\AF15BDA.sys
20:44:13.0019 3460 AF15BDA - ok
20:44:13.0079 3460 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:44:13.0089 3460 AFD - ok
20:44:13.0119 3460 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:44:13.0119 3460 agp440 - ok
20:44:13.0129 3460 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:44:13.0139 3460 ALG - ok
20:44:13.0159 3460 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:44:13.0159 3460 aliide - ok
20:44:13.0189 3460 AMD External Events Utility (9c616ba191b80f5cd1a1b9553e107100) C:\Windows\system32\atiesrxx.exe
20:44:13.0189 3460 AMD External Events Utility - ok
20:44:13.0209 3460 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:44:13.0209 3460 amdide - ok
20:44:13.0219 3460 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:44:13.0229 3460 AmdK8 - ok
20:44:13.0549 3460 amdkmdag (5165e83751b8ff40e5e4925996fcc506) C:\Windows\system32\DRIVERS\atikmdag.sys
20:44:13.0689 3460 amdkmdag - ok
20:44:13.0759 3460 amdkmdap (86ab3cf484260c4318f3a6e8b035f422) C:\Windows\system32\DRIVERS\atikmpag.sys
20:44:13.0769 3460 amdkmdap - ok
20:44:13.0799 3460 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:44:13.0829 3460 AmdPPM - ok
20:44:13.0859 3460 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:44:13.0859 3460 amdsata - ok
20:44:13.0879 3460 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:44:13.0879 3460 amdsbs - ok
20:44:13.0899 3460 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:44:13.0899 3460 amdxata - ok
20:44:13.0939 3460 androidusb (fad35699987baa96e22e13b24ff44769) C:\Windows\system32\Drivers\androidusb.sys
20:44:13.0939 3460 androidusb - ok
20:44:13.0969 3460 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:44:13.0969 3460 AppID - ok
20:44:13.0969 3460 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:44:13.0969 3460 AppIDSvc - ok
20:44:14.0009 3460 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:44:14.0009 3460 Appinfo - ok
20:44:14.0039 3460 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:44:14.0039 3460 AppMgmt - ok
20:44:14.0059 3460 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:44:14.0059 3460 arc - ok
20:44:14.0069 3460 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:44:14.0069 3460 arcsas - ok
20:44:14.0089 3460 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:44:14.0089 3460 AsyncMac - ok
20:44:14.0099 3460 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:44:14.0099 3460 atapi - ok
20:44:14.0149 3460 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
20:44:14.0149 3460 AtiHDAudioService - ok
20:44:14.0189 3460 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
20:44:14.0189 3460 AtiHdmiService - ok
20:44:14.0259 3460 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:44:14.0299 3460 AudioEndpointBuilder - ok
20:44:14.0299 3460 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:44:14.0309 3460 AudioSrv - ok
20:44:14.0409 3460 AutoKMS (521267a93f070becf2d679973d809d40) C:\Windows\AutoKMS\AutoKMS.exe
20:44:14.0429 3460 AutoKMS - ok
20:44:14.0479 3460 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:44:14.0479 3460 AxInstSV - ok
20:44:14.0509 3460 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:44:14.0519 3460 b06bdrv - ok
20:44:14.0549 3460 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:44:14.0549 3460 b57nd60a - ok
20:44:14.0559 3460 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:44:14.0569 3460 BDESVC - ok
20:44:14.0579 3460 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:44:14.0579 3460 Beep - ok
20:44:14.0649 3460 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:44:14.0669 3460 BFE - ok
20:44:14.0679 3460 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:44:14.0679 3460 blbdrive - ok
20:44:14.0709 3460 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:44:14.0739 3460 bowser - ok
20:44:14.0749 3460 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:44:14.0749 3460 BrFiltLo - ok
20:44:14.0759 3460 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:44:14.0759 3460 BrFiltUp - ok
20:44:14.0779 3460 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:44:14.0779 3460 BridgeMP - ok
20:44:14.0809 3460 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:44:14.0809 3460 Browser - ok
20:44:14.0839 3460 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:44:14.0849 3460 Brserid - ok
20:44:14.0859 3460 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:44:14.0859 3460 BrSerWdm - ok
20:44:14.0879 3460 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:44:14.0879 3460 BrUsbMdm - ok
20:44:14.0879 3460 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:44:14.0879 3460 BrUsbSer - ok
20:44:14.0929 3460 BthAudioHF (07dcb3c254d584e3949fe2c0ee3963f2) C:\Windows\system32\DRIVERS\BthAudioHF.sys
20:44:14.0929 3460 BthAudioHF - ok
20:44:14.0969 3460 BthAvrcp (832b121e4532919cc49f2438f1dcaa21) C:\Windows\system32\DRIVERS\BthAvrcp.sys
20:44:14.0969 3460 BthAvrcp - ok
20:44:14.0999 3460 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
20:44:14.0999 3460 BthEnum - ok
20:44:15.0019 3460 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:44:15.0019 3460 BTHMODEM - ok
20:44:15.0039 3460 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:44:15.0039 3460 BthPan - ok
20:44:15.0089 3460 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
20:44:15.0099 3460 BTHPORT - ok
20:44:15.0119 3460 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:44:15.0119 3460 bthserv - ok
20:44:15.0149 3460 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
20:44:15.0149 3460 BTHUSB - ok
20:44:15.0179 3460 catchme - ok
20:44:15.0199 3460 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:44:15.0199 3460 cdfs - ok
20:44:15.0229 3460 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:44:15.0229 3460 cdrom - ok
20:44:15.0339 3460 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:44:15.0339 3460 CertPropSvc - ok
20:44:15.0419 3460 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:44:15.0419 3460 circlass - ok
20:44:15.0459 3460 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:44:15.0459 3460 CLFS - ok
20:44:15.0499 3460 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:44:15.0499 3460 clr_optimization_v2.0.50727_32 - ok
20:44:15.0519 3460 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:44:15.0529 3460 clr_optimization_v2.0.50727_64 - ok
20:44:15.0599 3460 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:44:15.0599 3460 clr_optimization_v4.0.30319_32 - ok
20:44:15.0629 3460 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:44:15.0629 3460 clr_optimization_v4.0.30319_64 - ok
20:44:15.0649 3460 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:44:15.0649 3460 CmBatt - ok
20:44:15.0679 3460 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:44:15.0679 3460 cmdide - ok
20:44:15.0719 3460 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
20:44:15.0719 3460 CNG - ok
20:44:15.0769 3460 COMMONFX (463be8e74657c88232d8294e35b57a14) C:\Windows\system32\drivers\COMMONFX.SYS
20:44:15.0789 3460 COMMONFX - ok
20:44:15.0809 3460 COMMONFX.SYS (463be8e74657c88232d8294e35b57a14) C:\Windows\System32\drivers\COMMONFX.SYS
20:44:15.0809 3460 COMMONFX.SYS - ok
20:44:15.0809 3460 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:44:15.0809 3460 Compbatt - ok
20:44:15.0839 3460 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:44:15.0839 3460 CompositeBus - ok
20:44:15.0849 3460 COMSysApp - ok
20:44:15.0889 3460 cpuz135 - ok
20:44:15.0899 3460 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:44:15.0899 3460 crcdisk - ok
20:44:15.0949 3460 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
20:44:15.0949 3460 Creative ALchemy AL6 Licensing Service - ok
20:44:15.0959 3460 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
20:44:15.0959 3460 Creative Audio Engine Licensing Service - ok
20:44:16.0009 3460 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:44:16.0009 3460 CryptSvc - ok
20:44:16.0089 3460 CrystalSysInfo (5228b7a738dc90a06ae4f4a7412cb1e9) C:\Program Files\MediaCoder Audio Edition x64\SysInfoX64.sys
20:44:16.0089 3460 CrystalSysInfo - ok
20:44:16.0139 3460 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:44:16.0139 3460 CSC - ok
20:44:16.0199 3460 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:44:16.0199 3460 CscService - ok
20:44:16.0299 3460 CsrBtPort (ac8f8aaa4b267eadadc4a779479b9ad5) C:\Windows\system32\DRIVERS\CsrBtPort.sys
20:44:16.0319 3460 CsrBtPort - ok
20:44:16.0429 3460 csrusb (9982067e448979a4422057e62f89d7ae) C:\Windows\system32\Drivers\csrusb.sys
20:44:16.0449 3460 csrusb - ok
20:44:16.0489 3460 csr_a2dp (df07c6d98ba7f81d0571e366b1cd6672) C:\Windows\system32\drivers\bthav.sys
20:44:16.0489 3460 csr_a2dp - ok
20:44:16.0539 3460 ctac32k (4a5026d454ed8a356f08fc3949884fff) C:\Windows\system32\drivers\ctac32k.sys
20:44:16.0549 3460 ctac32k - ok
20:44:16.0589 3460 ctaud2k (b5a2cd7a52d25f3fb7cd43ecbe8eda2b) C:\Windows\system32\drivers\ctaud2k.sys
20:44:16.0599 3460 ctaud2k - ok
20:44:16.0629 3460 CTAUDFX (75e6d64b37a20b08fd9edf8fcac779b6) C:\Windows\system32\drivers\CTAUDFX.SYS
20:44:16.0649 3460 CTAUDFX - ok
20:44:16.0649 3460 CTAUDFX.SYS (75e6d64b37a20b08fd9edf8fcac779b6) C:\Windows\System32\drivers\CTAUDFX.SYS
20:44:16.0659 3460 CTAUDFX.SYS - ok
20:44:16.0709 3460 CTAudSvcService (87cb26a58e2b8bf57f4fc92838318c12) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
20:44:16.0709 3460 CTAudSvcService - ok
20:44:16.0749 3460 CTERFXFX (434b481f93149716e2149ba3ba2c7a13) C:\Windows\system32\drivers\CTERFXFX.SYS
20:44:16.0749 3460 CTERFXFX - ok
20:44:16.0749 3460 CTERFXFX.SYS (434b481f93149716e2149ba3ba2c7a13) C:\Windows\System32\drivers\CTERFXFX.SYS
20:44:16.0759 3460 CTERFXFX.SYS - ok
20:44:16.0769 3460 ctgame (ec6bc9d6cae235717de8a8fc53372d7c) C:\Windows\system32\DRIVERS\ctgame.sys
20:44:16.0769 3460 ctgame - ok
20:44:16.0779 3460 ctprxy2k (8ad1bcc81ef6ada2972d9305eaf35730) C:\Windows\system32\drivers\ctprxy2k.sys
20:44:16.0779 3460 ctprxy2k - ok
20:44:16.0819 3460 CTSBLFX (94f78bd6660447b404227f11cd4ab443) C:\Windows\system32\drivers\CTSBLFX.SYS
20:44:16.0869 3460 CTSBLFX - ok
20:44:16.0869 3460 CTSBLFX.SYS (94f78bd6660447b404227f11cd4ab443) C:\Windows\System32\drivers\CTSBLFX.SYS
20:44:16.0879 3460 CTSBLFX.SYS - ok
20:44:16.0899 3460 ctsfm2k (e09eafb16c02cecaaac8bc806f9cec51) C:\Windows\system32\drivers\ctsfm2k.sys
20:44:16.0899 3460 ctsfm2k - ok
20:44:16.0949 3460 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
20:44:16.0949 3460 DAUpdaterSvc - ok
20:44:16.0989 3460 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:44:16.0989 3460 DcomLaunch - ok
20:44:17.0019 3460 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:44:17.0029 3460 defragsvc - ok
20:44:17.0049 3460 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:44:17.0059 3460 DfsC - ok
20:44:17.0079 3460 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:44:17.0079 3460 Dhcp - ok
20:44:17.0099 3460 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:44:17.0099 3460 discache - ok
20:44:17.0119 3460 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:44:17.0119 3460 Disk - ok
20:44:17.0159 3460 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:44:17.0159 3460 Dnscache - ok
20:44:17.0209 3460 DNSCrypt (deea368b6ccf54ed1f8aee6cd2c9eca1) C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe
20:44:17.0209 3460 DNSCrypt - ok
20:44:17.0259 3460 Dokan (1c92ce85ed00554bdd118923e751a162) C:\Windows\system32\drivers\dokan.sys
20:44:17.0259 3460 Dokan - ok
20:44:17.0309 3460 DokanMounter (ca41dfffb8ba956ffe9729d0b3853a58) C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
20:44:17.0309 3460 DokanMounter - ok
20:44:17.0349 3460 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:44:17.0369 3460 dot3svc - ok
20:44:17.0389 3460 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:44:17.0399 3460 DPS - ok
20:44:17.0419 3460 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:44:17.0419 3460 drmkaud - ok
20:44:17.0479 3460 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:44:17.0489 3460 DXGKrnl - ok
20:44:17.0549 3460 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
20:44:17.0579 3460 E1G60 - ok
20:44:17.0599 3460 eamon (85e3ed13ec107a20d9b018328e0c9737) C:\Windows\system32\DRIVERS\eamon.sys
20:44:17.0599 3460 eamon - ok
20:44:17.0629 3460 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:44:17.0629 3460 EapHost - ok
20:44:17.0759 3460 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:44:17.0789 3460 ebdrv - ok
20:44:17.0869 3460 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:44:17.0869 3460 EFS - ok
20:44:17.0899 3460 ehdrv (518fb66d5e21b2c246f96c1d9153cadc) C:\Windows\system32\DRIVERS\ehdrv.sys
20:44:17.0899 3460 ehdrv - ok
20:44:17.0959 3460 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:44:17.0969 3460 ehRecvr - ok
20:44:17.0989 3460 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:44:17.0989 3460 ehSched - ok
20:44:18.0019 3460 EhttpSrv (10511409572f32276688faf184e78008) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
20:44:18.0019 3460 EhttpSrv - ok
20:44:18.0059 3460 ekrn (3543c6195d5ed4eda0316d3e1ba0e6ee) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
20:44:18.0069 3460 ekrn - ok
20:44:18.0119 3460 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
20:44:18.0129 3460 ElbyCDIO - ok
20:44:18.0159 3460 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:44:18.0169 3460 elxstor - ok
20:44:18.0199 3460 emupia (84f11bf126dba1131c1f8fd87fab8330) C:\Windows\system32\drivers\emupia2k.sys
20:44:18.0199 3460 emupia - ok
20:44:18.0219 3460 epfwwfpr (60643217107fd0dd2d11d0936f86506f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
20:44:18.0219 3460 epfwwfpr - ok
20:44:18.0249 3460 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:44:18.0249 3460 ErrDev - ok
20:44:18.0269 3460 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:44:18.0279 3460 EventSystem - ok
20:44:18.0299 3460 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:44:18.0299 3460 exfat - ok
20:44:18.0319 3460 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:44:18.0319 3460 fastfat - ok
20:44:18.0419 3460 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:44:18.0479 3460 Fax - ok
20:44:18.0489 3460 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:44:18.0489 3460 fdc - ok
20:44:18.0509 3460 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:44:18.0509 3460 fdPHost - ok
20:44:18.0519 3460 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:44:18.0519 3460 FDResPub - ok
20:44:18.0529 3460 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:44:18.0529 3460 FileInfo - ok
20:44:18.0549 3460 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:44:18.0549 3460 Filetrace - ok
20:44:18.0559 3460 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:44:18.0559 3460 flpydisk - ok
20:44:18.0589 3460 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:44:18.0589 3460 FltMgr - ok
20:44:18.0659 3460 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:44:18.0669 3460 FontCache - ok
20:44:18.0719 3460 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:44:18.0719 3460 FontCache3.0.0.0 - ok
20:44:18.0739 3460 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:44:18.0739 3460 FsDepends - ok
20:44:18.0769 3460 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:44:18.0769 3460 Fs_Rec - ok
20:44:18.0819 3460 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:44:18.0819 3460 fvevol - ok
20:44:18.0829 3460 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:44:18.0829 3460 gagp30kx - ok
20:44:18.0869 3460 ghsdiagMDM (35c8434a4c8a689cde4723fd61d286e1) C:\Windows\system32\DRIVERS\ghsdiagMDM.sys
20:44:18.0869 3460 ghsdiagMDM - ok
20:44:18.0929 3460 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:44:18.0939 3460 gpsvc - ok
20:44:18.0999 3460 GPU-Z - ok
20:44:19.0079 3460 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:44:19.0079 3460 gupdate - ok
20:44:19.0089 3460 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:44:19.0099 3460 gupdatem - ok
20:44:19.0179 3460 ha10kx2k (19c51da5d42de5b01a1d5a0ef926f6b4) C:\Windows\system32\drivers\ha10kx2k.sys
20:44:19.0209 3460 ha10kx2k - ok
20:44:19.0269 3460 hap16v2k (5a256ddd5bac643d98c638e41b16c0f0) C:\Windows\system32\drivers\hap16v2k.sys
20:44:19.0269 3460 hap16v2k - ok
20:44:19.0299 3460 hap17v2k (7ab7f3d844af3b911ec655cd1931f4ac) C:\Windows\system32\drivers\hap17v2k.sys
20:44:19.0299 3460 hap17v2k - ok
20:44:19.0309 3460 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:44:19.0309 3460 hcw85cir - ok
20:44:19.0349 3460 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:44:19.0359 3460 HdAudAddService - ok
20:44:19.0379 3460 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:44:19.0379 3460 HDAudBus - ok
20:44:19.0429 3460 HFGService (ee8c05f926521a0e24edaf40f45d01e6) C:\Windows\System32\HFGService.dll
20:44:19.0439 3460 HFGService - ok
20:44:19.0449 3460 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:44:19.0449 3460 HidBatt - ok
20:44:19.0489 3460 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:44:19.0489 3460 HidBth - ok
20:44:19.0509 3460 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:44:19.0519 3460 HidIr - ok
20:44:19.0529 3460 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:44:19.0529 3460 hidserv - ok
20:44:19.0569 3460 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:44:19.0569 3460 HidUsb - ok
20:44:19.0609 3460 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:44:19.0609 3460 hkmsvc - ok
20:44:19.0639 3460 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:44:19.0639 3460 HomeGroupListener - ok
20:44:19.0659 3460 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:44:19.0659 3460 HomeGroupProvider - ok
20:44:19.0699 3460 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:44:19.0699 3460 HpSAMD - ok
20:44:19.0759 3460 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:44:19.0779 3460 HTTP - ok
20:44:19.0819 3460 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:44:19.0819 3460 hwpolicy - ok
20:44:19.0849 3460 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:44:19.0849 3460 i8042prt - ok
20:44:19.0879 3460 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:44:19.0889 3460 iaStorV - ok
20:44:19.0959 3460 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:44:19.0979 3460 idsvc - ok
20:44:19.0989 3460 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:44:19.0989 3460 iirsp - ok
20:44:20.0039 3460 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:44:20.0049 3460 IKEEXT - ok
20:44:20.0059 3460 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:44:20.0059 3460 intelide - ok
20:44:20.0069 3460 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:44:20.0069 3460 intelppm - ok
20:44:20.0099 3460 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:44:20.0099 3460 IPBusEnum - ok
20:44:20.0129 3460 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:44:20.0129 3460 IpFilterDriver - ok
20:44:20.0189 3460 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:44:20.0189 3460 iphlpsvc - ok
20:44:20.0209 3460 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:44:20.0209 3460 IPMIDRV - ok
20:44:20.0249 3460 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:44:20.0249 3460 IPNAT - ok
20:44:20.0279 3460 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:44:20.0299 3460 IRENUM - ok
20:44:20.0309 3460 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:44:20.0309 3460 isapnp - ok
20:44:20.0349 3460 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:44:20.0349 3460 iScsiPrt - ok
20:44:20.0369 3460 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:44:20.0369 3460 kbdclass - ok
20:44:20.0389 3460 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:44:20.0389 3460 kbdhid - ok
20:44:20.0429 3460 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:44:20.0429 3460 KeyIso - ok
20:44:20.0459 3460 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
20:44:20.0459 3460 KSecDD - ok
20:44:20.0489 3460 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
20:44:20.0489 3460 KSecPkg - ok
20:44:20.0499 3460 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:44:20.0499 3460 ksthunk - ok
20:44:20.0529 3460 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:44:20.0539 3460 KtmRm - ok
20:44:20.0569 3460 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:44:20.0569 3460 LanmanServer - ok
20:44:20.0609 3460 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:44:20.0619 3460 LanmanWorkstation - ok
20:44:20.0659 3460 LgBttPort (174803f2eea3b22165dfe0e5a1f20685) C:\Windows\system32\DRIVERS\lgbtpt64.sys
20:44:20.0659 3460 LgBttPort - ok
20:44:20.0679 3460 lgbusenum (565f93bb7c0361e61b3daea670c354d6) C:\Windows\system32\DRIVERS\lgbtbs64.sys
20:44:20.0679 3460 lgbusenum - ok
20:44:20.0709 3460 LGVMODEM (abf477857b7ced873362ec92c6ce10a7) C:\Windows\system32\DRIVERS\lgvmdm64.sys
20:44:20.0719 3460 LGVMODEM - ok
20:44:20.0759 3460 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:44:20.0759 3460 LHidFilt - ok
20:44:20.0779 3460 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:44:20.0779 3460 lltdio - ok
20:44:20.0799 3460 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:44:20.0809 3460 lltdsvc - ok
20:44:20.0819 3460 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:44:20.0819 3460 lmhosts - ok
20:44:20.0829 3460 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:44:20.0829 3460 LMouFilt - ok
20:44:20.0859 3460 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:44:20.0869 3460 LSI_FC - ok
20:44:20.0889 3460 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:44:20.0889 3460 LSI_SAS - ok
20:44:20.0899 3460 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:44:20.0909 3460 LSI_SAS2 - ok
20:44:20.0919 3460 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:44:20.0919 3460 LSI_SCSI - ok
20:44:20.0929 3460 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:44:20.0929 3460 luafv - ok
20:44:20.0959 3460 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:44:20.0969 3460 Mcx2Svc - ok
20:44:20.0989 3460 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:44:21.0019 3460 megasas - ok
20:44:21.0029 3460 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:44:21.0029 3460 MegaSR - ok
20:44:21.0099 3460 Microsoft SharePoint Workspace Audit Service - ok
20:44:21.0119 3460 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:44:21.0119 3460 MMCSS - ok
20:44:21.0119 3460 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:44:21.0129 3460 Modem - ok
20:44:21.0139 3460 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:44:21.0139 3460 monitor - ok
20:44:21.0159 3460 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:44:21.0159 3460 mouclass - ok
20:44:21.0169 3460 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:44:21.0169 3460 mouhid - ok
20:44:21.0209 3460 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:44:21.0209 3460 mountmgr - ok
20:44:21.0289 3460 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:44:21.0289 3460 MozillaMaintenance - ok
20:44:21.0329 3460 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:44:21.0329 3460 mpio - ok
20:44:21.0359 3460 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:44:21.0359 3460 mpsdrv - ok
20:44:21.0439 3460 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:44:21.0459 3460 MpsSvc - ok
20:44:21.0509 3460 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:44:21.0509 3460 MRxDAV - ok
20:44:21.0539 3460 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:44:21.0539 3460 mrxsmb - ok
20:44:21.0569 3460 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:44:21.0579 3460 mrxsmb10 - ok
20:44:21.0589 3460 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:44:21.0589 3460 mrxsmb20 - ok
20:44:21.0599 3460 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:44:21.0599 3460 msahci - ok
20:44:21.0649 3460 MSCamSvc (a592a054d78750b4d73abaa4c94decdf) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
20:44:21.0649 3460 MSCamSvc - ok
20:44:21.0679 3460 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:44:21.0679 3460 msdsm - ok
20:44:21.0699 3460 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:44:21.0699 3460 MSDTC - ok
20:44:21.0719 3460 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:44:21.0719 3460 Msfs - ok
20:44:21.0739 3460 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:44:21.0739 3460 mshidkmdf - ok
20:44:21.0799 3460 MSHUSBVideo (55218f924e55fd2786ed40edf4ed79c3) C:\Windows\system32\Drivers\nx6000.sys
20:44:21.0809 3460 MSHUSBVideo - ok
20:44:21.0829 3460 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:44:21.0829 3460 msisadrv - ok
20:44:21.0839 3460 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:44:21.0839 3460 MSiSCSI - ok
20:44:21.0849 3460 msiserver - ok
20:44:21.0859 3460 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:44:21.0859 3460 MSKSSRV - ok
20:44:21.0879 3460 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:44:21.0879 3460 MSPCLOCK - ok
20:44:21.0879 3460 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:44:21.0889 3460 MSPQM - ok
20:44:21.0919 3460 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:44:21.0929 3460 MsRPC - ok
20:44:21.0949 3460 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:44:21.0949 3460 mssmbios - ok
20:44:21.0949 3460 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:44:21.0949 3460 MSTEE - ok
20:44:21.0969 3460 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:44:21.0969 3460 MTConfig - ok
20:44:21.0989 3460 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
20:44:21.0989 3460 MTsensor - ok
20:44:22.0009 3460 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:44:22.0009 3460 Mup - ok
20:44:22.0059 3460 MySQL - ok
20:44:22.0109 3460 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:44:22.0109 3460 napagent - ok
20:44:22.0129 3460 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:44:22.0129 3460 NativeWifiP - ok
20:44:22.0179 3460 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:44:22.0179 3460 NDIS - ok
20:44:22.0189 3460 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:44:22.0189 3460 NdisCap - ok
20:44:22.0219 3460 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:44:22.0219 3460 NdisTapi - ok
20:44:22.0249 3460 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:44:22.0249 3460 Ndisuio - ok
20:44:22.0289 3460 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:44:22.0309 3460 NdisWan - ok
20:44:22.0339 3460 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:44:22.0339 3460 NDProxy - ok
20:44:22.0349 3460 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:44:22.0349 3460 NetBIOS - ok
20:44:22.0389 3460 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:44:22.0389 3460 NetBT - ok
20:44:22.0419 3460 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:44:22.0419 3460 Netlogon - ok
20:44:22.0469 3460 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:44:22.0469 3460 Netman - ok
20:44:22.0499 3460 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:44:22.0509 3460 netprofm - ok
20:44:22.0549 3460 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:44:22.0549 3460 NetTcpPortSharing - ok
20:44:22.0559 3460 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:44:22.0559 3460 nfrd960 - ok
20:44:22.0599 3460 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:44:22.0599 3460 NlaSvc - ok
20:44:22.0659 3460 nmwcd (985a3f046dfcd58e26d3a95283bb8f1d) C:\Windows\system32\drivers\ccdcmbx64.sys
20:44:22.0659 3460 nmwcd - ok
20:44:22.0699 3460 nmwcdc (5eb41a9656388dc21119ccc33f0ee22a) C:\Windows\system32\drivers\ccdcmbox64.sys
20:44:22.0699 3460 nmwcdc - ok
20:44:22.0739 3460 nmwcdnsucx64 (c1bdac035fa94c04664a73b24d8ad251) C:\Windows\system32\drivers\nmwcdnsucx64.sys
20:44:22.0739 3460 nmwcdnsucx64 - ok
20:44:22.0769 3460 nmwcdnsux64 (0001545a029ef57c2b0fd62776afb005) C:\Windows\system32\drivers\nmwcdnsux64.sys
20:44:22.0769 3460 nmwcdnsux64 - ok
20:44:22.0849 3460 nosGetPlusHelper (f44addbf29905cb19f52fc9fe6a0efa1) C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll
20:44:22.0849 3460 nosGetPlusHelper - ok
20:44:22.0859 3460 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:44:22.0859 3460 Npfs - ok
20:44:22.0869 3460 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:44:22.0869 3460 nsi - ok
20:44:22.0879 3460 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:44:22.0879 3460 nsiproxy - ok
20:44:22.0969 3460 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:44:22.0979 3460 Ntfs - ok
20:44:23.0029 3460 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:44:23.0029 3460 Null - ok
20:44:23.0079 3460 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:44:23.0079 3460 nvraid - ok
20:44:23.0119 3460 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:44:23.0119 3460 nvstor - ok
20:44:23.0149 3460 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:44:23.0149 3460 nv_agp - ok
20:44:23.0179 3460 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:44:23.0179 3460 ohci1394 - ok
20:44:23.0209 3460 optousb (8acdbf1aba7ea3280b3f8c9bf0454b1e) C:\Windows\system32\DRIVERS\optousb.sys
20:44:23.0209 3460 optousb - ok
20:44:23.0239 3460 optovcm (28ab5778eaa05b0df2921713a959b30c) C:\Windows\system32\DRIVERS\optovcm.sys
20:44:23.0239 3460 optovcm - ok
20:44:23.0289 3460 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:44:23.0289 3460 ose64 - ok
20:44:23.0489 3460 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:44:23.0569 3460 osppsvc - ok
20:44:23.0629 3460 ossrv (979736e1b96c02ac4bc6bea3f7db7f89) C:\Windows\system32\drivers\ctoss2k.sys
20:44:23.0629 3460 ossrv - ok
20:44:23.0669 3460 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:44:23.0669 3460 p2pimsvc - ok
20:44:23.0699 3460 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:44:23.0699 3460 p2psvc - ok
20:44:23.0759 3460 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:44:23.0759 3460 Parport - ok
20:44:23.0789 3460 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:44:23.0789 3460 partmgr - ok
20:44:23.0809 3460 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:44:23.0809 3460 PcaSvc - ok
20:44:23.0849 3460 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
20:44:23.0849 3460 pccsmcfd - ok
20:44:23.0879 3460 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:44:23.0889 3460 pci - ok
20:44:23.0889 3460 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:44:23.0889 3460 pciide - ok
20:44:23.0919 3460 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:44:23.0919 3460 pcmcia - ok
20:44:23.0929 3460 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:44:23.0929 3460 pcw - ok
20:44:23.0969 3460 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:44:24.0019 3460 PEAUTH - ok
20:44:24.0109 3460 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:44:24.0119 3460 PeerDistSvc - ok
20:44:24.0189 3460 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:44:24.0189 3460 PerfHost - ok
20:44:24.0299 3460 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:44:24.0319 3460 pla - ok
20:44:24.0369 3460 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:44:24.0369 3460 PlugPlay - ok
20:44:24.0389 3460 PnkBstrA - ok
20:44:24.0399 3460 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:44:24.0399 3460 PNRPAutoReg - ok
20:44:24.0419 3460 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:44:24.0429 3460 PNRPsvc - ok
20:44:24.0479 3460 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:44:24.0479 3460 PolicyAgent - ok
20:44:24.0509 3460 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:44:24.0509 3460 Power - ok
20:44:24.0549 3460 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:44:24.0549 3460 PptpMiniport - ok
20:44:24.0559 3460 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:44:24.0559 3460 Processor - ok
20:44:24.0589 3460 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:44:24.0589 3460 ProfSvc - ok
20:44:24.0619 3460 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:44:24.0619 3460 ProtectedStorage - ok
20:44:24.0659 3460 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:44:24.0659 3460 Psched - ok
20:44:24.0699 3460 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
20:44:24.0699 3460 PSI - ok
20:44:24.0729 3460 pwdrvio (d8589a43b352e7f2317194c98447149f) C:\Windows\system32\pwdrvio.sys
20:44:24.0729 3460 pwdrvio - ok
20:44:24.0739 3460 pwdspio (4b8fda635f4d2e7d638b2b3817b5afc8) C:\Windows\system32\pwdspio.sys
20:44:24.0739 3460 pwdspio - ok
20:44:24.0819 3460 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:44:24.0839 3460 ql2300 - ok
20:44:24.0879 3460 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:44:24.0879 3460 ql40xx - ok
20:44:24.0899 3460 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:44:24.0909 3460 QWAVE - ok
20:44:24.0919 3460 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:44:24.0919 3460 QWAVEdrv - ok
20:44:24.0929 3460 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:44:24.0929 3460 RasAcd - ok
20:44:24.0939 3460 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:44:24.0939 3460 RasAgileVpn - ok
20:44:24.0959 3460 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:44:24.0959 3460 RasAuto - ok
20:44:24.0989 3460 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:44:24.0989 3460 Rasl2tp - ok
20:44:25.0039 3460 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:44:25.0039 3460 RasMan - ok
20:44:25.0049 3460 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:44:25.0049 3460 RasPppoe - ok
20:44:25.0059 3460 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:44:25.0069 3460 RasSstp - ok
20:44:25.0089 3460 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:44:25.0099 3460 rdbss - ok
20:44:25.0099 3460 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:44:25.0099 3460 rdpbus - ok
20:44:25.0109 3460 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:44:25.0109 3460 RDPCDD - ok
20:44:25.0149 3460 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:44:25.0149 3460 RDPDR - ok
20:44:25.0159 3460 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:44:25.0159 3460 RDPENCDD - ok
20:44:25.0159 3460 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:44:25.0159 3460 RDPREFMP - ok
20:44:25.0199 3460 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
20:44:25.0209 3460 RdpVideoMiniport - ok
20:44:25.0239 3460 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:44:25.0249 3460 RDPWD - ok
20:44:25.0269 3460 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:44:25.0269 3460 rdyboost - ok
20:44:25.0309 3460 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:44:25.0309 3460 RemoteAccess - ok
20:44:25.0339 3460 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:44:25.0339 3460 RemoteRegistry - ok
20:44:25.0359 3460 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:44:25.0369 3460 RFCOMM - ok
20:44:25.0389 3460 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:44:25.0389 3460 RpcEptMapper - ok
20:44:25.0409 3460 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:44:25.0409 3460 RpcLocator - ok
20:44:25.0449 3460 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:44:25.0459 3460 RpcSs - ok
20:44:25.0469 3460 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:44:25.0469 3460 rspndr - ok
20:44:25.0499 3460 RTL8187 (333224d4d25f9bcca488e08345083e1c) C:\Windows\system32\DRIVERS\rtl8187.sys
20:44:25.0509 3460 RTL8187 - ok
20:44:25.0549 3460 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:44:25.0549 3460 s3cap - ok
20:44:25.0589 3460 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:44:25.0589 3460 SamSs - ok
20:44:25.0679 3460 SANDRA (5efbbfcc6adac121c8e2fe76641ed329) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\WNt500x64\Sandra.sys
20:44:25.0689 3460 SANDRA - ok
20:44:25.0699 3460 SandraAgentSrv (d307353c423c75d4a7ef5b25b43684da) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe
20:44:25.0699 3460 SandraAgentSrv - ok
20:44:25.0779 3460 SbieDrv (152ee68830ffb13f0b1fec6c9b99644f) C:\Program Files\Sandboxie\SbieDrv.sys
20:44:25.0779 3460 SbieDrv - ok
20:44:25.0819 3460 SbieSvc (fd0287131d91352f225ebb5cd3527952) C:\Program Files\Sandboxie\SbieSvc.exe
20:44:25.0819 3460 SbieSvc - ok
20:44:25.0849 3460 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:44:25.0849 3460 sbp2port - ok
20:44:25.0859 3460 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:44:25.0869 3460 SCardSvr - ok
20:44:25.0899 3460 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:44:25.0929 3460 scfilter - ok
20:44:25.0999 3460 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:44:26.0009 3460 Schedule - ok
20:44:26.0029 3460 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:44:26.0029 3460 SCPolicySvc - ok
20:44:26.0079 3460 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:44:26.0079 3460 SDRSVC - ok
20:44:26.0129 3460 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:44:26.0129 3460 secdrv - ok
20:44:26.0159 3460 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:44:26.0159 3460 seclogon - ok
20:44:26.0269 3460 Secunia PSI Agent (9044795e9d1a912d5f1b8df6211850fd) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
20:44:26.0279 3460 Secunia PSI Agent - ok
20:44:26.0329 3460 Secunia Update Agent (8b1a72e4fb63a9c068b08e1f9b70482a) C:\Program Files (x86)\Secunia\PSI\sua.exe
20:44:26.0329 3460 Secunia Update Agent - ok
20:44:26.0399 3460 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:44:26.0399 3460 SENS - ok
20:44:26.0419 3460 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:44:26.0419 3460 SensrSvc - ok
20:44:26.0419 3460 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:44:26.0419 3460 Serenum - ok
20:44:26.0429 3460 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:44:26.0429 3460 Serial - ok
20:44:26.0469 3460 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:44:26.0469 3460 sermouse - ok
20:44:26.0529 3460 ServiceLayer (7d3903af48e6c1dc2704eafcb608d031) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
20:44:26.0539 3460 ServiceLayer - ok
20:44:26.0569 3460 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:44:26.0579 3460 SessionEnv - ok
20:44:26.0599 3460 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:44:26.0599 3460 sffdisk - ok
20:44:26.0609 3460 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:44:26.0609 3460 sffp_mmc - ok
20:44:26.0609 3460 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:44:26.0609 3460 sffp_sd - ok
20:44:26.0619 3460 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:44:26.0619 3460 sfloppy - ok
20:44:26.0669 3460 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:44:26.0679 3460 SharedAccess - ok
20:44:26.0719 3460 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:44:26.0729 3460 ShellHWDetection - ok
20:44:26.0739 3460 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:44:26.0739 3460 SiSRaid2 - ok
20:44:26.0759 3460 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:44:26.0759 3460 SiSRaid4 - ok
20:44:26.0769 3460 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:44:26.0769 3460 Smb - ok
20:44:26.0789 3460 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:44:26.0789 3460 SNMPTRAP - ok
20:44:26.0849 3460 Soluto (f9369327409492097b0bb7ce86bd29de) C:\Windows\system32\Drivers\Soluto.sys
20:44:26.0849 3460 Soluto - ok
20:44:26.0939 3460 SolutoService (a642a3a95c421a1ffded2e906f2a9856) C:\Program Files\Soluto\SolutoService.exe
20:44:26.0949 3460 SolutoService - ok
20:44:26.0959 3460 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:44:26.0959 3460 spldr - ok
20:44:26.0989 3460 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:44:26.0989 3460 Spooler - ok
20:44:27.0129 3460 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:44:27.0179 3460 sppsvc - ok
20:44:27.0209 3460 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:44:27.0219 3460 sppuinotify - ok
20:44:27.0269 3460 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:44:27.0279 3460 srv - ok
20:44:27.0319 3460 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:44:27.0329 3460 srv2 - ok
20:44:27.0339 3460 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:44:27.0339 3460 srvnet - ok
20:44:27.0359 3460 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:44:27.0369 3460 SSDPSRV - ok
20:44:27.0379 3460 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:44:27.0389 3460 SstpSvc - ok
20:44:27.0389 3460 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:44:27.0389 3460 stexstor - ok
20:44:27.0459 3460 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:44:27.0469 3460 stisvc - ok
20:44:27.0499 3460 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:44:27.0499 3460 storflt - ok
20:44:27.0519 3460 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:44:27.0519 3460 storvsc - ok
20:44:27.0559 3460 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:44:27.0559 3460 swenum - ok
20:44:27.0669 3460 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:44:27.0669 3460 SwitchBoard - ok
20:44:27.0709 3460 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:44:27.0709 3460 swprv - ok
20:44:27.0729 3460 Synth3dVsc - ok
20:44:27.0819 3460 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:44:27.0829 3460 SysMain - ok
20:44:27.0879 3460 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:44:27.0879 3460 TabletInputService - ok
20:44:27.0929 3460 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:44:27.0939 3460 TapiSrv - ok
20:44:27.0949 3460 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:44:27.0949 3460 TBS - ok
20:44:28.0049 3460 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:44:28.0059 3460 Tcpip - ok
20:44:28.0149 3460 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:44:28.0159 3460 TCPIP6 - ok
20:44:28.0219 3460 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:44:28.0219 3460 tcpipreg - ok
20:44:28.0259 3460 TcUsb (ccf4225a78d2ca2983c38d60cffbadc8) C:\Windows\system32\Drivers\tcusb.sys
20:44:28.0259 3460 TcUsb - ok
20:44:28.0269 3460 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:44:28.0269 3460 TDPIPE - ok
20:44:28.0299 3460 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:44:28.0299 3460 TDTCP - ok
20:44:28.0339 3460 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:44:28.0339 3460 tdx - ok
20:44:28.0369 3460 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:44:28.0369 3460 TermDD - ok
20:44:28.0419 3460 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:44:28.0429 3460 TermService - ok
20:44:28.0449 3460 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:44:28.0449 3460 Themes - ok
20:44:28.0469 3460 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:44:28.0469 3460 THREADORDER - ok
20:44:28.0489 3460 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:44:28.0489 3460 TrkWks - ok
20:44:28.0519 3460 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:44:28.0519 3460 TrustedInstaller - ok
20:44:28.0549 3460 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:44:28.0549 3460 tssecsrv - ok
20:44:28.0569 3460 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:44:28.0569 3460 TsUsbFlt - ok
20:44:28.0569 3460 tsusbhub - ok
20:44:28.0619 3460 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:44:28.0619 3460 tunnel - ok
20:44:28.0639 3460 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:44:28.0639 3460 uagp35 - ok
20:44:28.0679 3460 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:44:28.0679 3460 udfs - ok
20:44:28.0699 3460 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:44:28.0699 3460 UI0Detect - ok
20:44:28.0719 3460 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:44:28.0719 3460 uliagpkx - ok
20:44:28.0759 3460 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:44:28.0759 3460 umbus - ok
20:44:28.0769 3460 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:44:28.0769 3460 UmPass - ok
20:44:28.0789 3460 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:44:28.0789 3460 UmRdpService - ok
20:44:28.0819 3460 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:44:28.0819 3460 upnphost - ok
20:44:28.0849 3460 upperdev (afa3a0937b7044a8322d8bc91722c53b) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
20:44:28.0849 3460 upperdev - ok
20:44:28.0909 3460 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:44:28.0909 3460 usbaudio - ok
20:44:28.0929 3460 usbbus (1f9863697df570d371c49ddaf4bc0ad8) C:\Windows\system32\DRIVERS\lgx64bus.sys
20:44:28.0929 3460 usbbus - ok
20:44:28.0959 3460 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:44:28.0959 3460 usbccgp - ok
20:44:28.0989 3460 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:44:28.0989 3460 usbcir - ok
20:44:29.0019 3460 UsbDiag (e82f1b8dfc1def412b749c685041d8d5) C:\Windows\system32\DRIVERS\lgx64diag.sys
20:44:29.0019 3460 UsbDiag - ok
20:44:29.0049 3460 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:44:29.0049 3460 usbehci - ok
20:44:29.0079 3460 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:44:29.0099 3460 usbhub - ok
20:44:29.0139 3460 USBModem (1ffad96d8f6519728f0c4708aa9637df) C:\Windows\system32\DRIVERS\lgx64modem.sys
20:44:29.0139 3460 USBModem - ok
20:44:29.0149 3460 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
20:44:29.0149 3460 usbohci - ok
20:44:29.0159 3460 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:44:29.0159 3460 usbprint - ok
20:44:29.0209 3460 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:44:29.0209 3460 usbscan - ok
20:44:29.0269 3460 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
20:44:29.0269 3460 usbser - ok
20:44:29.0299 3460 UsbserFilt (b826f3ff5a1975cc9096b4caadde77b6) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
20:44:29.0299 3460 UsbserFilt - ok
20:44:29.0329 3460 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:44:29.0329 3460 USBSTOR - ok
20:44:29.0359 3460 usbUDisc (6d14d8ec1dd33a072653e75e3b28b062) C:\Windows\system32\DRIVERS\USBDrv_AMD64.sys
20:44:29.0359 3460 usbUDisc - ok
20:44:29.0379 3460 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
20:44:29.0379 3460 usbuhci - ok
20:44:29.0419 3460 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
20:44:29.0419 3460 usbvideo - ok
20:44:29.0469 3460 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
20:44:29.0479 3460 usb_rndisx - ok
20:44:29.0479 3460 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:44:29.0489 3460 UxSms - ok
20:44:29.0529 3460 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:44:29.0529 3460 VaultSvc - ok
20:44:29.0549 3460 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
20:44:29.0549 3460 VClone - ok
20:44:29.0569 3460 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:44:29.0569 3460 vdrvroot - ok
20:44:29.0619 3460 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:44:29.0629 3460 vds - ok
20:44:29.0649 3460 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:44:29.0649 3460 vga - ok
20:44:29.0659 3460 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:44:29.0659 3460 VgaSave - ok
20:44:29.0679 3460 VGPU - ok
20:44:29.0709 3460 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:44:29.0739 3460 vhdmp - ok
20:44:29.0759 3460 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:44:29.0769 3460 viaide - ok
20:44:29.0799 3460 viamrx64 (d0f2587aca932d5c1bc0f949cb76ebb1) C:\Windows\system32\DRIVERS\viamrx64.sys
20:44:29.0799 3460 viamrx64 - ok
20:44:29.0829 3460 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:44:29.0829 3460 vmbus - ok
20:44:29.0869 3460 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:44:29.0879 3460 VMBusHID - ok
20:44:29.0889 3460 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:44:29.0899 3460 volmgr - ok
20:44:29.0939 3460 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:44:29.0939 3460 volmgrx - ok
20:44:29.0999 3460 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:44:29.0999 3460 volsnap - ok
20:44:30.0049 3460 VRAID Log Service (4775579d1ae9c881a6f2f7739858e7cd) C:\Program Files (x86)\VIA\RAID\vialogsv.exe
20:44:30.0049 3460 VRAID Log Service - ok
20:44:30.0069 3460 vserial - ok
20:44:30.0089 3460 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:44:30.0089 3460 vsmraid - ok
20:44:30.0179 3460 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:44:30.0189 3460 VSS - ok
20:44:30.0249 3460 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:44:30.0249 3460 vwifibus - ok
20:44:30.0269 3460 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:44:30.0269 3460 vwififlt - ok
20:44:30.0279 3460 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:44:30.0279 3460 vwifimp - ok
20:44:30.0309 3460 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:44:30.0309 3460 W32Time - ok
20:44:30.0319 3460 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:44:30.0319 3460 WacomPen - ok
20:44:30.0339 3460 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:44:30.0339 3460 WANARP - ok
20:44:30.0349 3460 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:44:30.0349 3460 Wanarpv6 - ok
20:44:30.0449 3460 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:44:30.0479 3460 wbengine - ok
20:44:30.0539 3460 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:44:30.0539 3460 WbioSrvc - ok
20:44:30.0579 3460 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:44:30.0589 3460 wcncsvc - ok
20:44:30.0599 3460 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:44:30.0599 3460 WcsPlugInService - ok
20:44:30.0619 3460 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:44:30.0619 3460 Wd - ok
20:44:30.0649 3460 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:44:30.0659 3460 Wdf01000 - ok
20:44:30.0679 3460 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:44:30.0679 3460 WdiServiceHost - ok
20:44:30.0679 3460 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:44:30.0679 3460 WdiSystemHost - ok
20:44:30.0709 3460 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:44:30.0719 3460 WebClient - ok
20:44:30.0739 3460 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:44:30.0739 3460 Wecsvc - ok
20:44:30.0759 3460 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:44:30.0759 3460 wercplsupport - ok
20:44:30.0789 3460 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:44:30.0789 3460 WerSvc - ok
20:44:30.0799 3460 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:44:30.0799 3460 WfpLwf - ok
20:44:30.0809 3460 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:44:30.0809 3460 WIMMount - ok
20:44:30.0819 3460 WinDefend - ok
20:44:30.0829 3460 WinHttpAutoProxySvc - ok
20:44:30.0869 3460 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:44:30.0879 3460 Winmgmt - ok
20:44:30.0979 3460 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:44:30.0999 3460 WinRM - ok
20:44:31.0089 3460 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:44:31.0089 3460 WinUsb - ok
20:44:31.0129 3460 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:44:31.0139 3460 Wlansvc - ok
20:44:31.0299 3460 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:44:31.0349 3460 wlidsvc - ok
20:44:31.0379 3460 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:44:31.0379 3460 WmiAcpi - ok
20:44:31.0399 3460 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:44:31.0399 3460 wmiApSrv - ok
20:44:31.0409 3460 WMPNetworkSvc - ok
20:44:31.0419 3460 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:44:31.0419 3460 WPCSvc - ok
20:44:31.0429 3460 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:44:31.0429 3460 WPDBusEnum - ok
20:44:31.0439 3460 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:44:31.0439 3460 ws2ifsl - ok
20:44:31.0459 3460 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:44:31.0459 3460 wscsvc - ok
20:44:31.0469 3460 WSearch - ok
20:44:31.0589 3460 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:44:31.0629 3460 wuauserv - ok
20:44:31.0689 3460 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:44:31.0689 3460 WudfPf - ok
20:44:31.0729 3460 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:44:31.0729 3460 WUDFRd - ok
20:44:31.0759 3460 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:44:31.0759 3460 wudfsvc - ok
20:44:31.0779 3460 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:44:31.0789 3460 WwanSvc - ok
20:44:31.0839 3460 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
20:44:31.0849 3460 yukonw7 - ok
20:44:31.0909 3460 zghsdiag (741d9bbfe2a392031157a39d921ce052) C:\Windows\system32\DRIVERS\zghsdiag.sys
20:44:31.0909 3460 zghsdiag - ok
20:44:31.0949 3460 zghsmdm (741d9bbfe2a392031157a39d921ce052) C:\Windows\system32\DRIVERS\zghsmdm.sys
20:44:31.0949 3460 zghsmdm - ok
20:44:31.0959 3460 zghsnmea (741d9bbfe2a392031157a39d921ce052) C:\Windows\system32\DRIVERS\zghsnmea.sys
20:44:31.0959 3460 zghsnmea - ok
20:44:32.0019 3460 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:44:32.0119 3460 \Device\Harddisk0\DR0 - ok
20:44:32.0119 3460 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
20:44:32.0199 3460 \Device\Harddisk1\DR1 - ok
20:44:32.0199 3460 Boot (0x1200) (88ad7e3ca3b6d270dc8b18c05b302ed2) \Device\Harddisk0\DR0\Partition0
20:44:32.0199 3460 \Device\Harddisk0\DR0\Partition0 - ok
20:44:32.0209 3460 Boot (0x1200) (59e2615b0ca34909e4a9579bcda0ed7b) \Device\Harddisk0\DR0\Partition1
20:44:32.0209 3460 \Device\Harddisk0\DR0\Partition1 - ok
20:44:32.0209 3460 Boot (0x1200) (1790f33f2e77c157b8756c2c9908cc3c) \Device\Harddisk1\DR1\Partition0
20:44:32.0209 3460 \Device\Harddisk1\DR1\Partition0 - ok
20:44:32.0209 3460 ============================================================
20:44:32.0209 3460 Scan finished
20:44:32.0209 3460 ============================================================
20:44:32.0219 3560 Detected object count: 0
20:44:32.0219 3560 Actual detected object count: 0
20:45:49.0184 4004 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 PM

Posted 01 August 2012 - 06:00 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Ask.com

DDS::
uStart Page = hxxp://uk.ask.com?o=15007&l=dis

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 peter_uk

peter_uk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 01 August 2012 - 07:07 AM

Had no problems running combofix, I have also restarted the pc and at the moment don't see any problems.

Peter


ComboFix 12-07-31.02 - Peter 01/08/2012 12:48:50.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.6143.4237 [GMT 1:00]
Running from: c:\users\Peter\Desktop\ComboFix.exe
Command switches used :: c:\users\Peter\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cb_23e5.ico
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_1978.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
.
.
2012-08-01 11:55 . 2012-08-01 11:55 -------- d-----w- c:\users\test\AppData\Local\temp
2012-08-01 11:55 . 2012-08-01 11:55 -------- d-----w- c:\users\Laura\AppData\Local\temp
2012-08-01 11:55 . 2012-08-01 11:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 19:35 . 2012-07-29 19:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-29 19:34 . 2012-07-29 19:34 -------- d-----w- c:\program files (x86)\Oracle
2012-07-29 19:33 . 2012-07-05 21:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-29 17:20 . 2012-07-29 17:20 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-27 10:24 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF2CF6E0-6CD5-4ACE-9849-42ADF7415EE1}\mpengine.dll
2012-07-25 11:13 . 2012-07-25 11:13 -------- d-----w- c:\program files\Recuva
2012-07-22 09:41 . 2012-07-22 09:41 -------- d-----w- c:\programdata\Canneverbe Limited
2012-07-22 09:41 . 2012-07-22 09:41 -------- d-----w- c:\users\Peter\AppData\Roaming\Canneverbe Limited
2012-07-22 09:41 . 2012-07-22 09:41 -------- d-----w- c:\program files (x86)\CDBurnerXP
2012-07-21 18:41 . 2012-07-21 18:41 -------- d-----w- c:\program files\WinRAR
2012-07-17 21:27 . 2012-07-17 21:27 -------- d-----w- c:\program files (x86)\MiniTool Partition Wizard Home Edition 7.5
2012-07-14 15:33 . 2012-07-14 15:33 -------- d-----w- c:\program files (x86)\GUM2B7A.tmp
2012-07-12 14:23 . 2012-07-12 14:23 -------- d-----w- c:\program files (x86)\GUM9DAB.tmp
2012-07-11 23:32 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 08:59 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 08:58 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 08:58 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-03 10:46 . 2012-07-03 10:46 -------- d-----w- c:\windows\KMSAct
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 16:40 . 2012-03-29 19:59 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 16:40 . 2011-05-15 09:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 16:40 . 2012-04-19 20:40 9821896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-11 23:25 . 2009-10-14 12:51 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-05 21:06 . 2010-06-03 19:41 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 12:46 . 2010-08-16 19:02 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 11:09 . 2011-12-08 12:21 151552 ----a-w- c:\windows\KMSEmulator.exe
2012-06-18 12:34 . 2010-10-12 02:50 19032 ------w- c:\windows\system32\pwdrvio.sys
2012-06-18 12:34 . 2010-10-12 02:50 2966720 ----a-w- c:\windows\system32\pwNative.exe
2012-06-18 12:34 . 2010-10-12 02:50 12384 ------w- c:\windows\system32\pwdspio.sys
2012-06-12 11:40 . 2012-06-12 11:10 1110248 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2010-11-26 02:58 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2010-05-05 02:18 1090560 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2010-05-05 01:56 6914560 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2010-11-26 02:30 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2010-11-26 02:22 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2010-05-05 01:22 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2010-08-26 01:19 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-04 00:17 . 2012-06-04 00:17 17280 ----a-w- c:\windows\system32\drivers\USBDrv_AMD64.sys
2012-06-02 22:19 . 2012-06-21 09:07 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 09:07 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 09:08 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 09:08 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 09:07 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 09:07 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 09:07 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-21 09:07 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-21 09:07 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 11:25 . 2009-10-14 12:52 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-30 06:17 . 2012-05-30 06:17 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-05-30 06:17 . 2012-05-30 06:17 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2012-05-04 11:06 . 2012-06-13 09:04 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-13 10:48 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-13 09:04 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 09:04 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-13 10:48 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-30_10.56.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-11 06:15 . 2012-08-01 10:43 80870 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2010-03-11 14:47 . 2012-07-30 21:44 12554 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2009-07-14 05:10 . 2012-08-01 10:43 58044 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-03 22:50 . 2012-08-01 10:43 25816 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1536288215-1771163988-3955357307-1001_UserData.bin
- 2010-02-03 22:49 . 2012-07-30 10:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-03 22:49 . 2012-08-01 10:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-03 22:42 . 2012-07-30 10:54 6586 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2010-02-03 22:42 . 2012-07-31 23:01 6586 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-07-30 10:55 . 2012-07-30 10:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-01 10:40 . 2012-08-01 10:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-30 10:55 . 2012-07-30 10:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-01 10:40 . 2012-08-01 10:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-26 20:29 . 2012-07-31 15:02 598354 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-27 19:47 631318 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-31 20:19 631318 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-27 19:47 111442 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-31 20:19 111442 c:\windows\system32\perfc009.dat
+ 2012-05-12 02:32 . 2012-07-31 23:01 981064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-05-12 02:32 . 2012-07-30 10:54 981064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-07-30 10:54 468724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-31 23:01 468724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-09-27 00:29 . 2012-07-31 23:01 9120188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1536288215-1771163988-3955357307-1001-12288.dat
- 2010-09-27 00:29 . 2012-07-30 10:54 9120188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1536288215-1771163988-3955357307-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-03-24 597736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"AsioThk32Reg"="CTASIO.DLL" [2009-06-23 47104]
"CTHelper"="CTHELPER.EXE" [2009-06-23 19456]
"VirtualCloneDrive"="c:\program files (x86)\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
c:\users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OpenDNSCrypt.lnk - c:\windows\Installer\{E811D3DC-A647-4744-9CA6-BD4707D2808B}\_41100329364C94A5913B21.exe [2012-6-29 4710]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R0 Soluto;Soluto;c:\windows\system32\Drivers\Soluto.sys [2012-01-25 54728]
R2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [2009-03-20 357182]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2010-07-05 11776]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 136176]
R2 VRAID Log Service;VRAID Log Service;c:\program files (x86)\VIA\RAID\vialogsv.exe [2008-09-24 52888]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 257224]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-10-18 38424]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2009-06-23 158744]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-02-04 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-04 79360]
R3 CsrBtPort;Csr Bluetooth Device Driver;c:\windows\system32\DRIVERS\CsrBtPort.sys [2011-01-13 2053632]
R3 csrusb;CSR USB driver for Bluetooth dongle;c:\windows\system32\Drivers\csrusb.sys [2011-01-13 44032]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2009-06-23 706584]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2009-06-23 141848]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2009-06-23 141848]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2009-06-23 680984]
R3 ghsdiagMDM;Handset Diagnostic Port;c:\windows\system32\DRIVERS\ghsdiagMDM.sys [2011-11-28 122496]
R3 GPU-Z;GPU-Z;c:\users\Peter\AppData\Local\Temp\GPU-Z.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2010-07-26 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2010-07-26 171008]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\DRIVERS\optousb.sys [2010-03-24 27264]
R3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\DRIVERS\optovcm.sys [2010-03-24 34304]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-06-18 19032]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-06-18 12384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe [2009-08-10 93848]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-07-25 1326176]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 usbUDisc;usbUDisc;c:\windows\system32\DRIVERS\USBDrv_AMD64.sys [2012-06-04 17280]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys [2011-01-13 122624]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [2011-01-13 122624]
R3 zghsnmea;ZTE General Handset NMEA Port;c:\windows\system32\DRIVERS\zghsnmea.sys [2011-01-13 122624]
R4 AutoKMS;AutoKMS;c:\windows\AutoKMS\AutoKMS.exe [2011-12-08 732160]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R4 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-01-25 547872]
S0 viamrx64;viamrx64;c:\windows\system32\DRIVERS\viamrx64.sys [2008-07-09 136192]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 DNSCrypt;OpenDNSCrypt;c:\program files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe [2012-05-17 14336]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2010-07-06 106888]
S2 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 136584]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 123200]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-07-25 681056]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [2009-12-21 52224]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2009-06-23 158744]
S3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [2009-12-21 78848]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2009-06-23 706584]
S3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [2009-06-23 26264]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2009-06-23 680984]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [2009-09-29 16384]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [2009-09-29 14848]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [2009-09-29 17408]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 448512]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 17:32]
.
2012-07-03 c:\windows\Tasks\AutoKMSCustom.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-12-08 12:14]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 10:32]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-24 10:32]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1536288215-1771163988-3955357307-1001Core.job
- c:\users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-27 22:45]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1536288215-1771163988-3955357307-1001UA.job
- c:\users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-27 22:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2011-04-07 23:02 5928264 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2011-04-07 23:02 5928264 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsioReg"="CTASIO.DLL" [BU]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2716216]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2011-04-07 85320]
"userlogon32"="c:\users\Peter\AppData\Roaming\userlogon32\userlogon32.exe" [BU]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 200.192.248.11:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: shopandscan.com\www
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1D92BCE9-907B-4F92-BB40-9F4D7A1BF7A7}: NameServer = 127.0.0.1
TCP: Interfaces\{841BD38A-6E0F-46A7-936A-8758DEE7E09E}: NameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{8BE020F7-5495-4807-A97A-49730D6F1523}: NameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{942B82F8-5864-4CE1-8C8F-06EEB90B37D1}: NameServer = 127.0.0.1
DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\uz41i18u.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:newtab
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-01 12:57:42
ComboFix-quarantined-files.txt 2012-08-01 11:57
ComboFix2.txt 2012-07-30 11:02
.
Pre-Run: 216,638,013,440 bytes free
Post-Run: 216,326,303,744 bytes free
.
- - End Of File - - 952003DA6F5F0D0293703123681A2768

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 PM

Posted 02 August 2012 - 08:36 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 peter_uk

peter_uk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 02 August 2012 - 09:19 PM

Active@ Partition Manager
Adobe AIR
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe Creative Suite 5.5 Master Collection
Adobe Download Manager
Adobe Dreamweaver CS5
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
AdobeColorCommonSetRGB
Application Profiles
Ask Toolbar
µTorrent
AudioExpert 4.5
Battlefield 3™ Open Beta
Battlefield: Bad Company™ 2
Battlelog Web Plugins
Bejeweled 2 Deluxe
BitPim 1.0.7
BulletStorm
CanoScan Toolbox Ver4.9
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
CDBurnerXP
CMS
Cogs
Command & Conquer™ 4 Tiberian Twilight
CompanionLink
Crayon Physics Deluxe version 55
CRC32 Calculator - CheckCRC
Creative ALchemy
Creative Audio Console
Creative Software AutoUpdate
dBpoweramp [Arrange Audio] Codec
dBpoweramp [Audio Info] Codec
dBpoweramp [Calculate Audio CRC] Codec
dBpoweramp [Channel Split] Codec
dBpoweramp [ID Tag Update] Codec
dBpoweramp [Length Split] Codec
dBpoweramp [Multi Encoder] Codec
dBpoweramp [ReplayGain] Codec
dBpoweramp [Tag From Filename] Codec
dBpoweramp Batch Ripper
dBpoweramp CD Writer
dBpoweramp Dalet Codec
dBpoweramp DSP Effects
dBpoweramp FLAC Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp Mp2 and BwfMp2 codec
dBpoweramp mp3 (Fraunhofer IIS) Codec
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
dBpoweramp Real Audio (Helix) Encoder
dBPoweramp tooLame MP2 codec
dBpoweramp Wave64 Codec
dBpoweramp WavPack Codec
Diablo III
DiskPlayer
DNSCrypt
Dokan Library 0.5.3
dotNet FFMPEG GUI
Dragon Age II
Dragon Age: Origins
Drakensang
DrawerCut
Dropbox
eReg
ESET Virtual Update Server (MiNODServer)
ESN Sonar
Exact Audio Copy 1.0beta3
Fallout New Vegas
FileZilla Client 3.5.0
Foxit Creator
Foxit Reader 5.1
Fraps (remove only)
FTPRush 2.1.4
GetDiz 4.5
GO Contact Sync Mod
Google Calendar Sync
Google Chrome
Google Earth
Google Update Helper
GPL Ghostscript Lite 8.70
Heroes of Newerth
Htpasswd Generator 4.0
HydraVision
ImgBurn
JAF Setup
Java Auto Updater
Java™ 7 Update 5
JavaFX 2.1.1
LG Bluetooth Drivers
LG MC USB U330 driver
LG United Mobile Drivers
Mafia 2
Malwarebytes Anti-Malware version 1.62.0.1300
Mass Effect 2
Maxthon 3
McAfee Security Scan Plus
Media Jukebox 12
MediaCoder Audio Edition x64 0.7.5.4700
MediaMonkey 4.0
MediaMonkey AAC Plug-in 1.0
MediaPortal
MediaPortal 2
MediaPortal TV Server / Client
Microsoft Corporation
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MiniTool Partition Wizard Home Edition 5.2
MiniTool Partition Wizard Home Edition 7.5
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetSurveillance
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Notes
NVIDIA PhysX
OpenAL
Origin
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
PDF Settings CS5
Pidgin
Platform
PunkBuster Services
QuickPar 0.9
Rage
Rainmeter
SABnzbd (remove only)
Salter MiBody
Sansa Updater
Secunia PSI (3.0.0.3001)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Shuangs Audio Joiner 2.1
Snackr
Sony PC Companion
SopCast 3.2.9
SophieSew version 1.13 build 42
Spotify
SpywareBlaster 4.6
StreamTv
System Requirements Lab
TapiRex 1.8.0
TapiRex Addon: YAC Listener 1.8.0
The Walking Dead © 3 version 1
The Witcher 2
Ulisess Seguridad 10.0.2
UnderCoverXP 1.23
Uninstall LG PC Suite III
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Upgrade
UPS Widget 2
Veetle TV 0.9.18
VIA Platform Device Manager
VirtualCloneDrive
VLC media player 2.0.2
WBFS Manager 3.0
Windows 7 USB/DVD Download Tool
Windows Media Player Firefox Plugin

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 PM

Posted 02 August 2012 - 10:25 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Ask Toolbar
µTorrent
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 peter_uk

peter_uk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 03 August 2012 - 08:14 AM

Every things seems to be ok except windows update. It runs connects and checks for updates but when I select install it errors.
Code 80246008 I have already tried fixit http://support.microsoft.com/mats/windows_update/ but does not seem to have fixed it.

Edit. windows update now working.


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Peter :: PETER-PC [administrator]

03/08/2012 13:48:27
mbam-log-2012-08-03 (13-48-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243211
Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\3FWHZQA3LT (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


-----------------------



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:57:13, on 03/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSInterface.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peter\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox4\firefox.exe
C:\Program Files (x86)\Mozilla Firefox4\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Program Files (x86)\Mozilla Firefox4\plugin-container.exe
C:\Users\Peter\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.192.248.11:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Sopcast Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: OpenDNSCrypt.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.shopandscan.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} (TNSClickerc.Clicker) - http://www.shopandscan.com/TNSClickrc.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D92BCE9-907B-4F92-BB40-9F4D7A1BF7A7}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{841BD38A-6E0F-46A7-936A-8758DEE7E09E}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BE020F7-5495-4807-A97A-49730D6F1523}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{942B82F8-5864-4CE1-8C8F-06EEB90B37D1}: NameServer = 127.0.0.1
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\Windows\reset.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: OpenDNSCrypt (DNSCrypt) - Unknown owner - C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe
O23 - Service: DokanMounter - Unknown owner - C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files (x86)\VIA\RAID\vialogsv.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11503 bytes

Edited by peter_uk, 03 August 2012 - 08:42 AM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 PM

Posted 03 August 2012 - 12:29 PM

Greetings Peter

Edit. windows update now working. - can you tell me what you did to get it working.



:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
      O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 peter_uk

peter_uk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 03 August 2012 - 06:44 PM

Hi,

The online eset scan did not report anything.


Greetings Peter

Edit. windows update now working. - can you tell me what you did to get it working.


I had tried using fixit http://support.microsoft.com/mats/windows_update/ Tried windows update again and got same error 80246008.
Then I merged this into the registry and windows update is now working again.

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS]
"DisplayName"="@%SystemRoot%\\system32\\qmgr.dll,-1000"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Description"="@%SystemRoot%\\system32\\qmgr.dll,-1001"
"ObjectName"="LocalSystem"
"ErrorControl"=dword:00000001
"Start"=dword:00000003
"DelayedAutoStart"=dword:00000001
"Type"=dword:00000020
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,45,00,76,00,65,00,\
6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,\
00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,\
72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,\
63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
71,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]
"Library"="bitsperf.dll"
"Open"="PerfMon_Open"
"Collect"="PerfMon_Collect"
"Close"="PerfMon_Close"
"InstallType"=dword:00000001
"PerfIniFile"="bitsctrs.ini"
"First Counter"=dword:0000086c
"Last Counter"=dword:0000087c
"First Help"=dword:0000086d
"Last Help"=dword:0000087d
"Object List"="2156"
"PerfMMFileName"="Global\\MMF_BITS_s"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,\
00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
00,00,20,02,00,00,02,00,5c,00,04,00,00,00,00,02,14,00,ff,01,0f,00,01,01,00,\
00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,\
00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,02,\
00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,00,00,\
00,20,02,00,00

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 PM

Posted 03 August 2012 - 06:57 PM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:47 PM

Posted 05 August 2012 - 11:19 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users