Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Virus, orphan svchost.exe generating unwanted web request plus high CPU usage.


  • This topic is locked This topic is locked
52 replies to this topic

#1 biz007

biz007

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 02 August 2012 - 01:58 AM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by Administrator at 1:34:45 on 2012-08-02
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2985.1477 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\DesktopCentral_Agent\bin\dcagentservice.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\rpcnet.exe
C:\Windows\Explorer.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\CCM\CcmExec.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\System32\svchost.exe" -k LocalServiceDns
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - c:\program files\microsoft lync\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HttpWatch Basic: {f1f69322-008f-4895-b2bf-ad194219825a} - c:\program files\httpwatch\httpwatchsc.dll
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dll
EB: HttpWatch Basic: {2b4c4770-27fd-4a09-b17d-33ca580965fb} - c:\program files\httpwatch\httpwatch.dll
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HttpWatch_RegIEPlugin] c:\program files\httpwatch\regieplugin.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: HttpWatch Basic - c:\program files\httpwatch\httpwatch.dll/1351
IE: {0AD401E5-2D78-45B1-B875-07B0F9ED3937}
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {D103E85B-5D67-42c1-8C83-F01079DBAB26} - {2B4C4770-27FD-4A09-B17D-33CA580965FB} - c:\program files\httpwatch\httpwatch.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://gatewaymtw2.removed.com/InternalSite/WhlCompMgr.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4D9291BE-DDF6-415D-ADB0-F0D7097FD836} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4D9291BE-DDF6-415D-ADB0-F0D7097FD836}\0757E6A61626 : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\ctdvfuka.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search The Web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\httpwatch\firefox\components\nphttpwatchff.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\users\administrator\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\ctdvfuka.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\users\administrator\appdata\roaming\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\users\administrator\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\administrator\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\drivers\ImmunetProtect.sys [2011-2-14 41424]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [2011-2-14 31184]
R1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\drivers\nm3.sys [2010-6-9 39736]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-17 176128]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 ManageEngine Desktop Central - Agent;ManageEngine Desktop Central 7 - Agent;c:\program files\desktopcentral_agent\bin\dcagentservice.exe [2010-2-22 588936]
R2 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2011-4-1 67400]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-6-3 2477304]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\microsoft forefront uag\endpoint components\3.1.0\uagqecsvc.exe [2010-9-8 149904]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2010-8-27 221912]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-31 106656]
R3 ITEIRDA;ITE Infrared Device Driver;c:\windows\system32\drivers\ITEirda.sys [2010-8-27 25088]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-8-27 6114816]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2010-8-27 52768]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2010-8-27 42400]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-11 116648]
S2 ImmunetProtect;Immunet Protect;c:\program files\immunet protect\2.0.17\agent.exe --> c:\program files\immunet protect\2.0.17\agent.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 {7056C71D-D851-41AB-94E8770E632C75E7};{7056C71D-D851-41AB-94E8770E632C75E7};c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\downlo~1\DMService.exe [2010-9-8 468368]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-11 116648]
S3 ManageEngine Desktop Central - Remote Control;ManageEngine Desktop Central 7 - Remote Control;c:\program files\desktopcentral_agent\bin\dcrdservice.exe [2010-2-22 588936]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-9 113120]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-1-19 996896]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-18 1343400]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
.
=============== Created Last 30 ================
.
2012-08-02 03:41:18 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-01 20:59:06 -------- d-----w- c:\program files\Microsoft Network Monitor 3
2012-07-31 22:48:25 -------- d-----w- c:\users\administrator\appdata\local\temp
2012-07-31 22:35:33 -------- d-----w- C:\ComboFix
2012-07-31 20:19:22 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-05 22:45:34 5030088 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2012-08-02 05:27:00 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-08-02 05:26:57 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-07-31 21:59:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-31 21:59:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-31 20:42:02 53312 ----a-w- c:\windows\system32\drivers\volmgr.sys
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD1600BEVT-22ZCT0 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83A4D000]<< >>UNKNOWN [0x8BF94000]<< >>UNKNOWN [0x8C000000]<< >>UNKNOWN [0x8B9BD000]<< >>UNKNOWN [0x83A16000]<< >>UNKNOWN [0x8BBC2000]<< >>UNKNOWN [0x8BA1F000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x83A89428] -> \Device\Harddisk0\DR0[0x86D26AC8]
\Driver\Disk[0x86D25C68] -> IRP_MJ_CREATE -> 0x8BF9839F
3 [0x8BF9859E] -> ntkrnlpa!IofCallDriver[0x83A89428] -> \Device\Ide\IdeDeviceP2T0L0-4[0x86C13908]
\Driver\atapi[0x86C0EDB8] -> IRP_MJ_CREATE -> 0x8B9D78C4
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
copy of MBR has been found in sector 312557568
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 1:37:04.81 ===============

Attached Files


Edited by gringo_pr, 27 August 2012 - 12:43 PM.


BC AdBot (Login to Remove)

 


#2 biz007

biz007
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 02 August 2012 - 09:37 AM

Hi, We attaching our last few days Symantec Risk Log. please find it from attachment.

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 04 August 2012 - 12:37 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 biz007

biz007
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 04 August 2012 - 04:04 PM

Hi Gringo,

Thanks for your quick turnaround on my issue and sorry for the delay in my response. After seeing your reply, we restarted my infected machine and went through following incident and completed all your steps mention in your post. As a result we got some logs, we referring those logs below for your next course of an action.

1. We started my machine and it went through booting and showed the “ctrl + alt + delete” message then logged in it. Unfortunately we didn't saw the desktop we waited long time to see the desktop. Finally we done force shutdown.

2. After the shutdown we started again, and then we didn't saw any booting window. Just blank screen then again we did the force shutdown.

3. Next time we got repair window {recommended). After that selection, automatic repair window got popped up and finally we got login window then normal startup desktop.

4. 4. As per your steps we gone through first step downloaded and ran the “Security Check.exe” and got “Checkup.txt”. For your reference we attaching it at down.

5. Next step we tried to disable all running anti-virus and firewall. In our machine Symantec Endpoint Protect is running. When we gone through System Try we didn’t saw any Disable option on icon right click. So left as it is and disabled the window firewall and started with next step.

6. In next step we downloaded and ran combofix.exe. In between us got message says that there is anti-virus application running on background. Then we gone to service window stopped Symantec Ant-virus service also stopped Rtvscan.exe from process window and clicked OK button on first combo fix warning window. Finally we got Combo fix report after the system reboot. But when I click on my Firefox icon its showed message that Firefox is deleted or UN-installed from my machine.

7. After the report generation we shut down the machine and in between it hanged. Then again we did the force restart. But no luck it showed the repair window and finally they told they unable to do the repair boot startup.

8. The next time we started in Safe mode and it went successfully. Now am logged in with “Safe mode with network” and I don't know my machine normal mode is ready for test.

9. In between step 7 and 8 we got one “Blue Window”.

The Happy news is, Under "safe mode with network" mode we are not seeing any high CPU usage or any abnormal process or network trafiic on background.

Sorry for such lengthy write up and my bad English…






Checkup.txt
------------------


Results of screen317's Security Check version 0.99.43
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 24
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.268
Adobe Reader X (10.1.3)
Mozilla Firefox 13.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 24% Defragment your hard drive soon!
````````````````````End of Log``````````````````````










Combofix Log.txt
---------------------------------



ComboFix 12-08-04.02 - Administrator 08/04/2012 14:56:02.3.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2985.1581 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{19511fe1-fb6b-ced5-7061-240816a0d498}\@
c:\windows\Installer\{19511fe1-fb6b-ced5-7061-240816a0d498}\U\00000004.@
c:\windows\Installer\{19511fe1-fb6b-ced5-7061-240816a0d498}\U\00000008.@
c:\windows\Installer\{19511fe1-fb6b-ced5-7061-240816a0d498}\U\000000cb.@
c:\windows\Installer\{19511fe1-fb6b-ced5-7061-240816a0d498}\U\80000000.@
c:\windows\Installer\{19511fe1-fb6b-ced5-7061-240816a0d498}\U\80000032.@
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-04 19:07 . 2012-08-04 19:12 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-04 19:07 . 2012-08-04 19:07 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-08-04 19:07 . 2012-08-04 19:07 -------- d-----w- c:\users\VickLocak\AppData\Local\temp
2012-08-04 19:07 . 2012-08-04 19:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-04 19:07 . 2012-08-04 19:07 -------- d-----w- c:\users\removed\AppData\Local\temp
2012-08-04 19:07 . 2012-08-04 19:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 19:07 . 2012-08-04 19:07 -------- d-----w- c:\users\Default.bak\AppData\Local\temp
2012-08-04 19:07 . 2012-08-04 19:07 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2012-08-03 13:37 . 2012-08-03 13:37 -------- d-----w- c:\programdata\McAfee Security Scan
2012-08-03 13:37 . 2012-08-03 13:37 -------- d-----w- c:\program files\McAfee Security Scan
2012-08-03 13:37 . 2012-08-03 19:56 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-01 20:59 . 2012-08-01 20:59 -------- d-----w- c:\program files\Microsoft Network Monitor 3
2012-07-31 22:10 . 2012-07-31 22:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\McAfee
2012-07-31 20:19 . 2012-07-31 20:19 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SpeedyPC Software
2012-07-31 20:19 . 2012-07-31 20:19 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\DriverCure
2012-07-31 20:19 . 2012-07-31 20:27 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-15 21:58 . 2012-07-15 21:58 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 19:11 . 2010-08-27 23:23 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-08-04 19:11 . 2010-08-30 12:38 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-08-04 18:10 . 2010-08-27 23:24 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2012-08-03 19:56 . 2012-04-17 02:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-31 20:42 . 2009-07-13 23:11 53312 ----a-w- c:\windows\system32\drivers\volmgr.sys
2012-07-03 17:46 . 2011-02-14 02:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 14:14 . 2012-05-09 14:48 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2012-05-30 4331392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-06-03 115560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2010-10-22 11937552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HttpWatch_RegIEPlugin"="c:\program files\HttpWatch\regieplugin.exe" [2012-06-25 2281696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2010-9-8 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 ImmunetProtect;Immunet Protect;c:\program files\Immunet Protect\2.0.17\agent.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 {7056C71D-D851-41AB-94E8770E632C75E7};{7056C71D-D851-41AB-94E8770E632C75E7};c:\windows\System32\svchost.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 ManageEngine Desktop Central - Remote Control;ManageEngine Desktop Central 7 - Remote Control;c:\program files\DesktopCentral_Agent\bin\dcrdservice.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
S1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\DRIVERS\ImmunetProtect.sys [x]
S1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\DRIVERS\ImmunetSelfProtect.sys [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
S2 ManageEngine Desktop Central - Agent;ManageEngine Desktop Central 7 - Agent;c:\program files\DesktopCentral_Agent\bin\dcagentservice.exe [x]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 ITEIRDA;ITE Infrared Device Driver;c:\windows\system32\DRIVERS\ITEirda.sys [x]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [x]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-04 c:\windows\Tasks\DCAgentUpdater.job
- c:\program files\DesktopCentral_Agent\bin\dcagentupdater.exe [2010-02-22 10:49]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd6030dd677888.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 21:03]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2149163141-4198970425-1493155601-500Core1cd65d978d698fa.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-22 17:50]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2149163141-4198970425-1493155601-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-22 17:50]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-746137067-1801674531-25845Core.job
- c:\users\removed\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-22 20:52]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-746137067-1801674531-25845UA.job
- c:\users\removed\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-22 20:52]
.
2011-02-14 c:\windows\Tasks\User_Feed_Synchronization-{D28FF06A-17B6-4D4D-8DB2-D6D54B9FF135}.job
- c:\windows\system32\msfeedssync.exe [2011-02-10 05:26]
.
2011-02-15 c:\windows\Tasks\{0825D314-A05E-449F-A9EB-BBD72476C146}.job
- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]
.
2011-05-12 c:\windows\Tasks\{0F58FF22-B7A1-45BC-9ED5-D78160EF9A19}.job
- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]
.
2011-08-30 c:\windows\Tasks\{2A7B4CCE-FDD9-4017-914C-11261C36E744}.job
- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]
.
2011-10-03 c:\windows\Tasks\{624CA8CD-D51D-428A-91D2-D3BD2685F28F}.job
- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]
.
2011-10-14 c:\windows\Tasks\{AF873B12-A60A-4CDA-A0D0-ED9E95B29DC0}.job
- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]
.
2011-07-02 c:\windows\Tasks\{C5542218-DB2B-45C9-87ED-51938BDA1A41}.job
- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]
.
2011-06-04 c:\windows\Tasks\{DAB022EF-13F3-4D82-B7A3-4847EBF08D23}.job
- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: HttpWatch Basic - c:\program files\HttpWatch\httpwatch.dll/1351
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ctdvfuka.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search The Web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{7056C71D-D851-41AB-94E8770E632C75E7}]
"ServiceDll"="c:\users\ADMINI~1\AppData\Local\Temp\D972.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,ce,a5,e6,c7,3b,40,44,bd,9a,3c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,ce,a5,e6,c7,3b,40,44,bd,9a,3c,\
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3b,10,78,32,81,37,a2,43,8e,5e,67,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3b,10,78,32,81,37,a2,43,8e,5e,67,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,61,bd,e8,8f,68,f2,4a,b4,4c,94,\
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.a52\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.a52"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aac"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ac3"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.adt"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.adts"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aif"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aifc"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aiff"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.amr"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.amv"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aob"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ape"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aspx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad++.exe"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.asx"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.au"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.b4s\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.b4s"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bin\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.bin"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.cda"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.config\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\iexplore.exe"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cue\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.cue"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DAT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.dts"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.dv"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.flac"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Opera.exe"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gxf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.gxf"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hol\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.hol"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ibc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ibc"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ics\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ics"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.it\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.it"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jsp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\MSOXMLED.EXE"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lst\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad++.exe"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m3u"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m3u8"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m4a"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m4p"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mid"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mka"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mlp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mlp"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mod"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp1"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp2"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp3"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpa"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpc"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg1"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg2"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg4"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.msg"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mxf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mxf"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*Ñ9©g]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*Ñ9©g\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nsv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.nsv"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nuv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.nuv"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oga\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.oga"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ogg"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ogx"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.oma"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.pls"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Png"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.psd"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rec\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.rec"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.resx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\MSOXMLED.EXE"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.rmi"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.s3m"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.sdp"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.snd"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.spx"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Opera.exe"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.tod"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.tta"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.tts"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcf"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcs\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcs"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vlc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vlc"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.voc"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vqf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vqf"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vro\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vro"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w64\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.w64"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.wav"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdseml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.wma"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.wv"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xa"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xm"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\iexplore.exe"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xps\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\iexplore.exe"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xspf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xspf"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4872)
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\windows\system32\atieclxx.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\system32\locator.exe
c:\windows\system32\rpcnet.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\wbem\WmiApSrv.exe
.
**************************************************************************
.
Completion time: 2012-08-04 15:17:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-04 19:17
ComboFix2.txt 2012-08-02 03:42
ComboFix3.txt 2011-01-23 17:13
.
Pre-Run: 38,242,934,784 bytes free
Post-Run: 38,378,807,296 bytes free
.
- - End Of File - - 3910A00CBE5E756AD4034E72B01B5A7A

Edited by gringo_pr, 27 August 2012 - 12:50 PM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 04 August 2012 - 04:20 PM

Greetings

Don't worry your English was very good!!

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 biz007

biz007
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 05 August 2012 - 02:42 PM

Hi Gringo,
As per your direction we did all the steps and got below result. We also see various discrepancies on System Shutdown, Boot Start up, Log in Start up. All above activities are always getting hanged in between at normal start up. Under safe mode all process running smoothly. Please let me know how to proceed on those issues.


.....

TDSSKiller.2.7.48.0_05.08.2012_09.49.05_log.txt
-----------------------------------------------


09:49:05.0321 5316 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
09:49:05.0796 5316 ============================================================
09:49:05.0796 5316 Current date / time: 2012/08/05 09:49:05.0796
09:49:05.0796 5316 SystemInfo:
09:49:05.0796 5316
09:49:05.0796 5316 OS Version: 6.1.7600 ServicePack: 0.0
09:49:05.0796 5316 Product type: Workstation
09:49:05.0796 5316 ComputerName: [Intentionally Deleted By Me]
09:49:05.0796 5316 UserName: Administrator
09:49:05.0796 5316 Windows directory: C:\Windows
09:49:05.0796 5316 System windows directory: C:\Windows
09:49:05.0796 5316 Processor architecture: Intel x86
09:49:05.0796 5316 Number of processors: 2
09:49:05.0796 5316 Page size: 0x1000
09:49:05.0796 5316 Boot type: Normal boot
09:49:05.0796 5316 ============================================================
09:49:08.0104 5316 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:49:08.0109 5316 ============================================================
09:49:08.0109 5316 \Device\Harddisk0\DR0:
09:49:08.0109 5316 MBR partitions:
09:49:08.0109 5316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x950C000
09:49:08.0109 5316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x950C800, BlocksNum 0x9471800
09:49:08.0109 5316 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1297E000, BlocksNum 0x96000
09:49:08.0109 5316 ============================================================
09:49:08.0169 5316 C: <-> \Device\Harddisk0\DR0\Partition0
09:49:08.0250 5316 D: <-> \Device\Harddisk0\DR0\Partition1
09:49:08.0250 5316 ============================================================
09:49:08.0250 5316 Initialize success
09:49:08.0250 5316 ============================================================
09:49:29.0770 3512 ============================================================
09:49:29.0770 3512 Scan started
09:49:29.0770 3512 Mode: Manual;
09:49:29.0770 3512 ============================================================
09:49:33.0038 3512 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
09:49:33.0038 3512 1394ohci - ok
09:49:33.0215 3512 ACDaemon - ok
09:49:33.0256 3512 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
09:49:33.0261 3512 ACPI - ok
09:49:33.0281 3512 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
09:49:33.0281 3512 AcpiPmi - ok
09:49:33.0387 3512 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:49:33.0387 3512 AdobeARMservice - ok
09:49:33.0752 3512 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
09:49:33.0807 3512 adp94xx - ok
09:49:33.0969 3512 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
09:49:33.0995 3512 adpahci - ok
09:49:34.0035 3512 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
09:49:34.0055 3512 adpu320 - ok
09:49:34.0101 3512 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
09:49:34.0131 3512 AeLookupSvc - ok
09:49:34.0217 3512 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
09:49:34.0227 3512 AFD - ok
09:49:34.0440 3512 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
09:49:34.0490 3512 AgereSoftModem - ok
09:49:34.0521 3512 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
09:49:34.0526 3512 agp440 - ok
09:49:34.0571 3512 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
09:49:34.0576 3512 aic78xx - ok
09:49:34.0617 3512 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
09:49:34.0622 3512 ALG - ok
09:49:34.0662 3512 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
09:49:34.0662 3512 aliide - ok
09:49:34.0738 3512 AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe
09:49:34.0743 3512 AMD External Events Utility - ok
09:49:34.0769 3512 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
09:49:34.0774 3512 amdagp - ok
09:49:34.0834 3512 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
09:49:34.0840 3512 amdide - ok
09:49:34.0860 3512 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
09:49:34.0860 3512 AmdK8 - ok
09:49:34.0880 3512 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:49:34.0885 3512 AmdPPM - ok
09:49:34.0910 3512 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
09:49:34.0910 3512 amdsata - ok
09:49:34.0936 3512 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
09:49:34.0966 3512 amdsbs - ok
09:49:35.0006 3512 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
09:49:35.0006 3512 amdxata - ok
09:49:35.0113 3512 AppHostSvc (ba494509ccd115197450f3ce5b76d7cc) C:\Windows\system32\inetsrv\apphostsvc.dll
09:49:35.0113 3512 AppHostSvc - ok
09:49:35.0143 3512 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
09:49:35.0143 3512 AppID - ok
09:49:35.0163 3512 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
09:49:35.0168 3512 AppIDSvc - ok
09:49:35.0184 3512 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
09:49:35.0184 3512 Appinfo - ok
09:49:35.0204 3512 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
09:49:35.0219 3512 AppMgmt - ok
09:49:35.0249 3512 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
09:49:35.0249 3512 arc - ok
09:49:35.0259 3512 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
09:49:35.0265 3512 arcsas - ok
09:49:35.0335 3512 aspnet_state (39cdcb109bf200cc8a05b9c7e6272d11) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:49:35.0371 3512 aspnet_state - ok
09:49:35.0401 3512 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:49:35.0401 3512 AsyncMac - ok
09:49:35.0421 3512 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
09:49:35.0421 3512 atapi - ok
09:49:35.0771 3512 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
09:49:35.0836 3512 atikmdag - ok
09:49:36.0054 3512 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
09:49:36.0084 3512 AudioEndpointBuilder - ok
09:49:36.0099 3512 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
09:49:36.0104 3512 Audiosrv - ok
09:49:36.0185 3512 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
09:49:36.0246 3512 AxInstSV - ok
09:49:36.0403 3512 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
09:49:36.0449 3512 b06bdrv - ok
09:49:36.0540 3512 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:49:36.0550 3512 b57nd60x - ok
09:49:36.0565 3512 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
09:49:36.0570 3512 BDESVC - ok
09:49:36.0605 3512 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:49:36.0605 3512 Beep - ok
09:49:36.0681 3512 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
09:49:36.0691 3512 BFE - ok
09:49:36.0742 3512 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
09:49:36.0742 3512 blbdrive - ok
09:49:36.0782 3512 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
09:49:36.0782 3512 bowser - ok
09:49:36.0808 3512 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:49:36.0808 3512 BrFiltLo - ok
09:49:36.0818 3512 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:49:36.0818 3512 BrFiltUp - ok
09:49:36.0838 3512 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
09:49:36.0838 3512 BridgeMP - ok
09:49:36.0889 3512 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
09:49:36.0889 3512 Browser - ok
09:49:36.0924 3512 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:49:36.0934 3512 Brserid - ok
09:49:36.0960 3512 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:49:36.0965 3512 BrSerWdm - ok
09:49:36.0970 3512 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:49:36.0970 3512 BrUsbMdm - ok
09:49:36.0985 3512 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:49:36.0985 3512 BrUsbSer - ok
09:49:37.0010 3512 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
09:49:37.0015 3512 BthEnum - ok
09:49:37.0035 3512 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
09:49:37.0035 3512 BTHMODEM - ok
09:49:37.0046 3512 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
09:49:37.0046 3512 BthPan - ok
09:49:37.0081 3512 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
09:49:37.0096 3512 BTHPORT - ok
09:49:37.0121 3512 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
09:49:37.0121 3512 bthserv - ok
09:49:37.0172 3512 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
09:49:37.0177 3512 BTHUSB - ok
09:49:37.0213 3512 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
09:49:37.0218 3512 btusbflt - ok
09:49:37.0309 3512 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
09:49:37.0309 3512 BVRPMPR5 - ok
09:49:37.0749 3512 catchme - ok
09:49:37.0926 3512 ccEvtMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
09:49:37.0926 3512 ccEvtMgr - ok
09:49:38.0068 3512 CcmExec (92e1c6aa2baa06e255a52b64dd057b31) C:\Windows\system32\CCM\CcmExec.exe
09:49:38.0073 3512 CcmExec - ok
09:49:38.0078 3512 ccSetMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
09:49:38.0083 3512 ccSetMgr - ok
09:49:38.0144 3512 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:49:38.0144 3512 cdfs - ok
09:49:38.0179 3512 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
09:49:38.0179 3512 cdrom - ok
09:49:38.0204 3512 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
09:49:38.0209 3512 CertPropSvc - ok
09:49:38.0235 3512 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
09:49:38.0321 3512 circlass - ok
09:49:38.0386 3512 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:49:38.0392 3512 CLFS - ok
09:49:38.0503 3512 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:49:38.0558 3512 clr_optimization_v2.0.50727_32 - ok
09:49:38.0670 3512 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:49:38.0670 3512 clr_optimization_v4.0.30319_32 - ok
09:49:38.0710 3512 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:49:38.0715 3512 CmBatt - ok
09:49:38.0741 3512 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
09:49:38.0741 3512 cmdide - ok
09:49:38.0817 3512 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
09:49:38.0822 3512 CNG - ok
09:49:38.0852 3512 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:49:38.0852 3512 Compbatt - ok
09:49:38.0867 3512 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:49:38.0867 3512 CompositeBus - ok
09:49:38.0872 3512 COMSysApp - ok
09:49:38.0908 3512 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
09:49:38.0908 3512 crcdisk - ok
09:49:38.0963 3512 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
09:49:39.0009 3512 CryptSvc - ok
09:49:39.0090 3512 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
09:49:39.0115 3512 CSC - ok
09:49:39.0226 3512 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
09:49:39.0236 3512 CscService - ok
09:49:39.0282 3512 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
09:49:39.0287 3512 CVirtA - ok
09:49:39.0606 3512 CVPND (8b8b082010775093081debe9621bedf0) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
09:49:39.0621 3512 CVPND - ok
09:49:39.0864 3512 CVPNDRVA (720482888c3778f26eeb83d286a6cdc3) C:\Windows\system32\Drivers\CVPNDRVA.sys
09:49:39.0869 3512 CVPNDRVA - ok
09:49:39.0940 3512 dc3d (91c1736e77cff029302728b431d0eedb) C:\Windows\system32\DRIVERS\dc3d.sys
09:49:39.0940 3512 dc3d - ok
09:49:40.0188 3512 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
09:49:40.0193 3512 DcomLaunch - ok
09:49:40.0254 3512 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
09:49:40.0269 3512 defragsvc - ok
09:49:40.0314 3512 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
09:49:40.0329 3512 DfsC - ok
09:49:40.0410 3512 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
09:49:40.0415 3512 Dhcp - ok
09:49:40.0451 3512 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:49:40.0456 3512 discache - ok
09:49:40.0496 3512 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
09:49:40.0496 3512 Disk - ok
09:49:40.0542 3512 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
09:49:40.0542 3512 DKbFltr - ok
09:49:40.0679 3512 DMService (5aa7259db2bdc4878531621c7e91cdb4) C:\Windows\DOWNLO~1\DMService.exe
09:49:40.0694 3512 DMService - ok
09:49:40.0744 3512 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\Windows\system32\DRIVERS\dne2000.sys
09:49:40.0749 3512 DNE - ok
09:49:40.0795 3512 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
09:49:40.0805 3512 Dnscache - ok
09:49:40.0861 3512 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
09:49:40.0876 3512 dot3svc - ok
09:49:40.0906 3512 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
09:49:40.0916 3512 DPS - ok
09:49:40.0932 3512 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:49:40.0932 3512 drmkaud - ok
09:49:41.0073 3512 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
09:49:41.0083 3512 DXGKrnl - ok
09:49:41.0154 3512 e1yexpress (44a91d98d6719b49bcd649a863225b5c) C:\Windows\system32\DRIVERS\e1y6232.sys
09:49:41.0159 3512 e1yexpress - ok
09:49:41.0205 3512 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
09:49:41.0215 3512 EapHost - ok
09:49:41.0615 3512 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
09:49:41.0660 3512 ebdrv - ok
09:49:41.0883 3512 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:49:41.0888 3512 eeCtrl - ok
09:49:42.0055 3512 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
09:49:42.0060 3512 EFS - ok
09:49:42.0181 3512 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
09:49:42.0196 3512 ehRecvr - ok
09:49:42.0227 3512 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
09:49:42.0242 3512 ehSched - ok
09:49:42.0353 3512 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
09:49:42.0369 3512 elxstor - ok
09:49:42.0616 3512 EraserUtilDrv11210 (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys
09:49:42.0621 3512 EraserUtilDrv11210 - ok
09:49:42.0637 3512 EraserUtilRebootDrv - ok
09:49:42.0662 3512 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
09:49:42.0662 3512 ErrDev - ok
09:49:42.0753 3512 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
09:49:42.0773 3512 EventSystem - ok
09:49:42.0799 3512 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:49:42.0814 3512 exfat - ok
09:49:42.0849 3512 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:49:42.0864 3512 fastfat - ok
09:49:42.0920 3512 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
09:49:42.0935 3512 Fax - ok
09:49:42.0966 3512 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
09:49:42.0966 3512 fdc - ok
09:49:42.0991 3512 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
09:49:42.0991 3512 fdPHost - ok
09:49:43.0006 3512 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
09:49:43.0006 3512 FDResPub - ok
09:49:43.0052 3512 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:49:43.0052 3512 FileInfo - ok
09:49:43.0072 3512 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:49:43.0072 3512 Filetrace - ok
09:49:43.0092 3512 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
09:49:43.0092 3512 flpydisk - ok
09:49:43.0127 3512 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:49:43.0127 3512 FltMgr - ok
09:49:43.0224 3512 FontCache (151258fc2ec8c48bdf8a53350ae0a676) C:\Windows\system32\FntCache.dll
09:49:43.0239 3512 FontCache - ok
09:49:43.0305 3512 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:49:43.0305 3512 FontCache3.0.0.0 - ok
09:49:43.0330 3512 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:49:43.0330 3512 FsDepends - ok
09:49:43.0360 3512 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
09:49:43.0360 3512 Fs_Rec - ok
09:49:43.0406 3512 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
09:49:43.0411 3512 fvevol - ok
09:49:43.0426 3512 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:49:43.0426 3512 gagp30kx - ok
09:49:43.0522 3512 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
09:49:43.0537 3512 gpsvc - ok
09:49:43.0735 3512 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
09:49:43.0735 3512 gupdate - ok
09:49:43.0750 3512 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
09:49:43.0750 3512 gupdatem - ok
09:49:43.0785 3512 HBtnKey (7dad592a4d28092d584cfb4deef1373d) C:\Windows\system32\DRIVERS\cpqbttn.sys
09:49:43.0785 3512 HBtnKey - ok
09:49:43.0811 3512 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:49:43.0811 3512 hcw85cir - ok
09:49:43.0881 3512 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
09:49:43.0897 3512 HdAudAddService - ok
09:49:43.0932 3512 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:49:43.0932 3512 HDAudBus - ok
09:49:43.0988 3512 HECI (30d57ee84e1e169d41a6e873b549a096) C:\Windows\system32\DRIVERS\HECI.sys
09:49:43.0993 3512 HECI - ok
09:49:44.0013 3512 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
09:49:44.0013 3512 HidBatt - ok
09:49:44.0028 3512 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
09:49:44.0028 3512 HidBth - ok
09:49:44.0048 3512 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
09:49:44.0048 3512 HidIr - ok
09:49:44.0094 3512 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
09:49:44.0094 3512 hidserv - ok
09:49:44.0104 3512 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
09:49:44.0104 3512 HidUsb - ok
09:49:44.0129 3512 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
09:49:44.0144 3512 hkmsvc - ok
09:49:44.0190 3512 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
09:49:44.0210 3512 HomeGroupListener - ok
09:49:44.0256 3512 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
09:49:44.0271 3512 HomeGroupProvider - ok
09:49:44.0301 3512 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
09:49:44.0301 3512 HpSAMD - ok
09:49:44.0448 3512 HsfXAudioService (210388fd8225b02bd83d77628aae64a9) C:\Windows\system32\XAudio32.dll
09:49:44.0494 3512 HsfXAudioService - ok
09:49:44.0681 3512 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:49:44.0701 3512 HSF_DPV - ok
09:49:44.0736 3512 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
09:49:44.0752 3512 HSXHWAZL - ok
09:49:44.0833 3512 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
09:49:44.0843 3512 HTTP - ok
09:49:44.0858 3512 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
09:49:44.0858 3512 hwpolicy - ok
09:49:44.0929 3512 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
09:49:44.0939 3512 i8042prt - ok
09:49:44.0989 3512 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
09:49:45.0005 3512 iaStorV - ok
09:49:45.0167 3512 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:49:45.0187 3512 IDriverT - ok
09:49:45.0359 3512 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:49:45.0394 3512 idsvc - ok
09:49:46.0624 3512 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:49:46.0811 3512 igfx - ok
09:49:47.0024 3512 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
09:49:47.0024 3512 iirsp - ok
09:49:47.0089 3512 IISADMIN (fc9735b66850cf8aebbc1e207ecb2ad8) C:\Windows\system32\inetsrv\inetinfo.exe
09:49:47.0094 3512 IISADMIN - ok
09:49:47.0196 3512 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
09:49:47.0211 3512 IKEEXT - ok
09:49:47.0277 3512 ImmunetProtect - ok
09:49:47.0322 3512 ImmunetProtectDriver (0452cbd785659bb9e86b6c849bc292f9) C:\Windows\system32\DRIVERS\ImmunetProtect.sys
09:49:47.0327 3512 ImmunetProtectDriver - ok
09:49:47.0352 3512 ImmunetSelfProtectDriver (426737322b000e3d9d7fb5b13f443b27) C:\Windows\system32\DRIVERS\ImmunetSelfProtect.sys
09:49:47.0352 3512 ImmunetSelfProtectDriver - ok
09:49:47.0722 3512 IntcAzAudAddService (d3d2f68cf450bfcf780b0ba94e41e68b) C:\Windows\system32\drivers\RTKVHDA.sys
09:49:47.0772 3512 IntcAzAudAddService - ok
09:49:47.0965 3512 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
09:49:47.0970 3512 intelide - ok
09:49:48.0005 3512 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
09:49:48.0010 3512 intelppm - ok
09:49:48.0046 3512 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
09:49:48.0051 3512 IPBusEnum - ok
09:49:48.0076 3512 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:49:48.0076 3512 IpFilterDriver - ok
09:49:48.0172 3512 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
09:49:48.0182 3512 iphlpsvc - ok
09:49:48.0202 3512 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:49:48.0208 3512 IPMIDRV - ok
09:49:48.0243 3512 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:49:48.0253 3512 IPNAT - ok
09:49:48.0283 3512 irda (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
09:49:48.0299 3512 irda - ok
09:49:48.0319 3512 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:49:48.0319 3512 IRENUM - ok
09:49:48.0410 3512 Irmon (4220d2f03d5c4226d0a1aa4b84025e45) C:\Windows\System32\irmon.dll
09:49:48.0410 3512 Irmon - ok
09:49:48.0430 3512 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
09:49:48.0430 3512 isapnp - ok
09:49:48.0466 3512 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
09:49:48.0481 3512 iScsiPrt - ok
09:49:48.0547 3512 ITEIRDA (2f467f26e843ef5e14757d4efd1e3204) C:\Windows\system32\DRIVERS\ITEirda.sys
09:49:48.0547 3512 ITEIRDA - ok
09:49:48.0582 3512 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:49:48.0582 3512 kbdclass - ok
09:49:48.0607 3512 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
09:49:48.0607 3512 kbdhid - ok
09:49:48.0638 3512 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
09:49:48.0638 3512 KeyIso - ok
09:49:48.0653 3512 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
09:49:48.0658 3512 KSecDD - ok
09:49:48.0703 3512 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
09:49:48.0708 3512 KSecPkg - ok
09:49:48.0739 3512 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
09:49:48.0749 3512 KtmRm - ok
09:49:48.0800 3512 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
09:49:48.0815 3512 LanmanServer - ok
09:49:48.0840 3512 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
09:49:48.0845 3512 LanmanWorkstation - ok
09:49:49.0366 3512 LiveUpdate (010fd2b41e75a98e3a4d23f44405f5c9) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
09:49:49.0417 3512 LiveUpdate - ok
09:49:49.0609 3512 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:49:49.0609 3512 lltdio - ok
09:49:49.0660 3512 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
09:49:49.0685 3512 lltdsvc - ok
09:49:49.0710 3512 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
09:49:49.0710 3512 lmhosts - ok
09:49:49.0751 3512 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:49:49.0766 3512 LSI_FC - ok
09:49:49.0786 3512 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:49:49.0786 3512 LSI_SAS - ok
09:49:49.0822 3512 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:49:49.0822 3512 LSI_SAS2 - ok
09:49:49.0857 3512 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:49:49.0872 3512 LSI_SCSI - ok
09:49:49.0928 3512 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:49:49.0938 3512 luafv - ok
09:49:50.0171 3512 ManageEngine Desktop Central - Agent (fc69e12d638f508c46b297a1f631abf0) C:\Program Files\DesktopCentral_Agent\bin\dcagentservice.exe
09:49:50.0181 3512 ManageEngine Desktop Central - Agent - ok
09:49:50.0287 3512 ManageEngine Desktop Central - Remote Control (fd3c435dfaaa303aeb8cb0c6fc408587) C:\Program Files\DesktopCentral_Agent\bin\dcrdservice.exe
09:49:50.0302 3512 ManageEngine Desktop Central - Remote Control - ok
09:49:50.0449 3512 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
09:49:50.0489 3512 McComponentHostService - ok
09:49:50.0682 3512 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
09:49:50.0702 3512 Mcx2Svc - ok
09:49:50.0783 3512 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:49:50.0783 3512 mdmxsdk - ok
09:49:50.0808 3512 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
09:49:50.0813 3512 megasas - ok
09:49:50.0849 3512 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
09:49:50.0859 3512 MegaSR - ok
09:49:50.0884 3512 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:49:50.0889 3512 MMCSS - ok
09:49:50.0909 3512 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:49:50.0915 3512 Modem - ok
09:49:50.0950 3512 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:49:50.0950 3512 monitor - ok
09:49:50.0975 3512 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
09:49:50.0975 3512 mouclass - ok
09:49:50.0995 3512 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:49:51.0001 3512 mouhid - ok
09:49:51.0026 3512 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
09:49:51.0031 3512 mountmgr - ok
09:49:51.0066 3512 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
09:49:51.0076 3512 mpio - ok
09:49:51.0142 3512 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:49:51.0142 3512 mpsdrv - ok
09:49:51.0279 3512 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
09:49:51.0299 3512 MpsSvc - ok
09:49:51.0340 3512 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
09:49:51.0350 3512 MRxDAV - ok
09:49:51.0405 3512 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:49:51.0415 3512 mrxsmb - ok
09:49:51.0451 3512 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:49:51.0466 3512 mrxsmb10 - ok
09:49:51.0491 3512 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:49:51.0501 3512 mrxsmb20 - ok
09:49:51.0542 3512 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
09:49:51.0547 3512 msahci - ok
09:49:51.0593 3512 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
09:49:51.0608 3512 msdsm - ok
09:49:51.0673 3512 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
09:49:51.0684 3512 MSDTC - ok
09:49:51.0719 3512 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:49:51.0719 3512 Msfs - ok
09:49:51.0729 3512 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:49:51.0734 3512 mshidkmdf - ok
09:49:51.0765 3512 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
09:49:51.0765 3512 msisadrv - ok
09:49:51.0800 3512 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
09:49:51.0825 3512 MSiSCSI - ok
09:49:51.0830 3512 msiserver - ok
09:49:51.0851 3512 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:49:51.0856 3512 MSKSSRV - ok
09:49:51.0866 3512 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:49:51.0871 3512 MSPCLOCK - ok
09:49:51.0881 3512 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:49:51.0881 3512 MSPQM - ok
09:49:51.0916 3512 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:49:51.0916 3512 MsRPC - ok
09:49:51.0932 3512 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
09:49:51.0932 3512 mssmbios - ok
09:49:51.0947 3512 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:49:51.0947 3512 MSTEE - ok
09:49:51.0962 3512 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
09:49:51.0967 3512 MTConfig - ok
09:49:51.0987 3512 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:49:51.0987 3512 Mup - ok
09:49:52.0053 3512 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
09:49:52.0073 3512 napagent - ok
09:49:52.0114 3512 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:49:52.0134 3512 NativeWifiP - ok
09:49:52.0301 3512 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120803.035\NAVENG.SYS
09:49:52.0301 3512 NAVENG - ok
09:49:52.0508 3512 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120803.035\NAVEX15.SYS
09:49:52.0529 3512 NAVEX15 - ok
09:49:52.0832 3512 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
09:49:52.0847 3512 NDIS - ok
09:49:52.0873 3512 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:49:52.0873 3512 NdisCap - ok
09:49:52.0893 3512 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:49:52.0893 3512 NdisTapi - ok
09:49:52.0908 3512 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
09:49:52.0908 3512 Ndisuio - ok
09:49:52.0943 3512 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
09:49:52.0964 3512 NdisWan - ok
09:49:53.0004 3512 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
09:49:53.0004 3512 NDProxy - ok
09:49:53.0024 3512 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:49:53.0024 3512 NetBIOS - ok
09:49:53.0080 3512 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
09:49:53.0080 3512 NetBT - ok
09:49:53.0116 3512 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
09:49:53.0121 3512 Netlogon - ok
09:49:53.0181 3512 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
09:49:53.0207 3512 Netman - ok
09:49:53.0277 3512 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
09:49:53.0298 3512 netprofm - ok
09:49:53.0419 3512 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:49:53.0449 3512 NetTcpPortSharing - ok
09:49:54.0062 3512 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
09:49:54.0219 3512 NETw5s32 - ok
09:49:54.0750 3512 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
09:49:54.0871 3512 netw5v32 - ok
09:49:55.0084 3512 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
09:49:55.0089 3512 nfrd960 - ok
09:49:55.0139 3512 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
09:49:55.0155 3512 NlaSvc - ok
09:49:55.0225 3512 nm3 (d8f75dc28a480e1ba288f217cc7144d2) C:\Windows\system32\DRIVERS\nm3.sys
09:49:55.0225 3512 nm3 - ok
09:49:55.0246 3512 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:49:55.0251 3512 Npfs - ok
09:49:55.0261 3512 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
09:49:55.0266 3512 nsi - ok
09:49:55.0276 3512 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:49:55.0276 3512 nsiproxy - ok
09:49:55.0438 3512 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
09:49:55.0463 3512 Ntfs - ok
09:49:55.0650 3512 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:49:55.0656 3512 Null - ok
09:49:55.0691 3512 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
09:49:55.0706 3512 nvraid - ok
09:49:55.0747 3512 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
09:49:55.0757 3512 nvstor - ok
09:49:55.0792 3512 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
09:49:55.0802 3512 nv_agp - ok
09:49:55.0838 3512 O2FLASH (d955d5de998db2476bf0892be3a96c26) C:\Windows\system32\DRIVERS\o2flash.exe
09:49:55.0838 3512 O2FLASH - ok
09:49:55.0878 3512 O2MDRDR (9ba48e9522bbbe594fb03ec5850d3127) C:\Windows\system32\DRIVERS\o2media.sys
09:49:55.0878 3512 O2MDRDR - ok
09:49:55.0914 3512 O2SCBUS (e2170923854c749650bb7c1f91fe1302) C:\Windows\system32\DRIVERS\ozscr.sys
09:49:55.0919 3512 O2SCBUS - ok
09:49:55.0964 3512 O2SDRDR (13b43e968345cfa1c3baef007cd984b6) C:\Windows\system32\DRIVERS\o2sd.sys
09:49:55.0969 3512 O2SDRDR - ok
09:49:56.0146 3512 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:49:56.0162 3512 odserv - ok
09:49:56.0197 3512 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
09:49:56.0202 3512 ohci1394 - ok
09:49:56.0237 3512 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:49:56.0248 3512 ose - ok
09:49:56.0298 3512 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:49:56.0308 3512 p2pimsvc - ok
09:49:56.0369 3512 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
09:49:56.0389 3512 p2psvc - ok
09:49:56.0425 3512 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
09:49:56.0440 3512 Parport - ok
09:49:56.0460 3512 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
09:49:56.0465 3512 partmgr - ok
09:49:56.0490 3512 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
09:49:56.0490 3512 Parvdm - ok
09:49:56.0531 3512 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
09:49:56.0536 3512 PcaSvc - ok
09:49:56.0587 3512 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
09:49:56.0587 3512 pci - ok
09:49:56.0622 3512 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
09:49:56.0627 3512 pciide - ok
09:49:56.0673 3512 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
09:49:56.0673 3512 pcmcia - ok
09:49:56.0698 3512 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:49:56.0698 3512 pcw - ok
09:49:56.0789 3512 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:49:56.0809 3512 PEAUTH - ok
09:49:57.0012 3512 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
09:49:57.0037 3512 PeerDistSvc - ok
09:49:57.0249 3512 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
09:49:57.0290 3512 pla - ok
09:49:57.0492 3512 PlugPlay (2cc2008f1296968fba162ed9f9afe328) C:\Windows\system32\umpnpmgr.dll
09:49:57.0507 3512 PlugPlay - ok
09:49:57.0523 3512 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
09:49:57.0528 3512 PNRPAutoReg - ok
09:49:57.0573 3512 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:49:57.0578 3512 PNRPsvc - ok
09:49:57.0664 3512 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows\system32\DRIVERS\point32.sys
09:49:57.0664 3512 Point32 - ok
09:49:57.0725 3512 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
09:49:57.0745 3512 PolicyAgent - ok
09:49:57.0781 3512 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
09:49:57.0786 3512 Power - ok
09:49:57.0821 3512 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:49:57.0836 3512 PptpMiniport - ok
09:49:57.0922 3512 prepdrvr (3909be53ad8e2bfcac9d9148e4b2b270) C:\Windows\system32\CCM\prepdrv.sys
09:49:57.0927 3512 prepdrvr - ok
09:49:57.0943 3512 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
09:49:57.0943 3512 Processor - ok
09:49:57.0993 3512 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
09:49:58.0003 3512 ProfSvc - ok
09:49:58.0034 3512 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
09:49:58.0034 3512 ProtectedStorage - ok
09:49:58.0094 3512 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:49:58.0094 3512 Psched - ok
09:49:58.0297 3512 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
09:49:58.0337 3512 ql2300 - ok
09:49:58.0540 3512 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
09:49:58.0550 3512 ql40xx - ok
09:49:58.0616 3512 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
09:49:58.0641 3512 QWAVE - ok
09:49:58.0661 3512 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:49:58.0666 3512 QWAVEdrv - ok
09:49:58.0702 3512 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:49:58.0702 3512 RasAcd - ok
09:49:58.0737 3512 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:49:58.0742 3512 RasAgileVpn - ok
09:49:58.0762 3512 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
09:49:58.0777 3512 RasAuto - ok
09:49:58.0808 3512 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:49:58.0823 3512 Rasl2tp - ok
09:49:58.0874 3512 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
09:49:58.0889 3512 RasMan - ok
09:49:58.0914 3512 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:49:58.0924 3512 RasPppoe - ok
09:49:58.0944 3512 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:49:58.0949 3512 RasSstp - ok
09:49:59.0015 3512 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
09:49:59.0025 3512 rdbss - ok
09:49:59.0066 3512 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
09:49:59.0066 3512 rdpbus - ok
09:49:59.0086 3512 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:49:59.0086 3512 RDPCDD - ok
09:49:59.0122 3512 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
09:49:59.0132 3512 RDPDR - ok
09:49:59.0142 3512 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:49:59.0142 3512 RDPENCDD - ok
09:49:59.0162 3512 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:49:59.0167 3512 RDPREFMP - ok
09:49:59.0197 3512 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
09:49:59.0218 3512 RDPWD - ok
09:49:59.0248 3512 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
09:49:59.0253 3512 rdyboost - ok
09:49:59.0294 3512 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
09:49:59.0309 3512 RemoteAccess - ok
09:49:59.0354 3512 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
09:49:59.0364 3512 RemoteRegistry - ok
09:49:59.0400 3512 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
09:49:59.0410 3512 RFCOMM - ok
09:49:59.0455 3512 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
09:49:59.0461 3512 RpcEptMapper - ok
09:49:59.0491 3512 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
09:49:59.0491 3512 RpcLocator - ok
09:49:59.0552 3512 rpcnet (3297445bb9fd3e8363e7559010ed2ae7) C:\Windows\system32\rpcnet.exe
09:49:59.0557 3512 rpcnet - ok
09:49:59.0597 3512 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
09:49:59.0602 3512 RpcSs - ok
09:49:59.0663 3512 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:49:59.0668 3512 rspndr - ok
09:49:59.0724 3512 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
09:49:59.0724 3512 RTL8167 - ok
09:49:59.0815 3512 rtl8192se (7ac9f43613cd0ee40bebbf150ff3a189) C:\Windows\system32\DRIVERS\rtl8192se.sys
09:49:59.0835 3512 rtl8192se - ok
09:49:59.0860 3512 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
09:49:59.0860 3512 s3cap - ok
09:49:59.0891 3512 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
09:49:59.0891 3512 SamSs - ok
09:49:59.0911 3512 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
09:49:59.0916 3512 sbp2port - ok
09:49:59.0961 3512 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
09:49:59.0982 3512 SCardSvr - ok
09:50:00.0002 3512 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
09:50:00.0002 3512 scfilter - ok
09:50:00.0123 3512 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
09:50:00.0139 3512 Schedule - ok
09:50:00.0184 3512 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
09:50:00.0189 3512 SCPolicySvc - ok
09:50:00.0214 3512 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
09:50:00.0230 3512 SDRSVC - ok
09:50:00.0260 3512 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:50:00.0265 3512 secdrv - ok
09:50:00.0280 3512 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
09:50:00.0285 3512 seclogon - ok
09:50:00.0300 3512 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
09:50:00.0305 3512 SENS - ok
09:50:00.0321 3512 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
09:50:00.0326 3512 SensrSvc - ok
09:50:00.0371 3512 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
09:50:00.0371 3512 Serenum - ok
09:50:00.0381 3512 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
09:50:00.0386 3512 Serial - ok
09:50:00.0407 3512 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
09:50:00.0407 3512 sermouse - ok
09:50:00.0447 3512 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
09:50:00.0457 3512 SessionEnv - ok
09:50:00.0472 3512 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
09:50:00.0472 3512 sffdisk - ok
09:50:00.0483 3512 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
09:50:00.0483 3512 sffp_mmc - ok
09:50:00.0498 3512 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:50:00.0498 3512 sffp_sd - ok
09:50:00.0513 3512 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
09:50:00.0518 3512 sfloppy - ok
09:50:00.0624 3512 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
09:50:00.0634 3512 SharedAccess - ok
09:50:00.0720 3512 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
09:50:00.0746 3512 ShellHWDetection - ok
09:50:00.0761 3512 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
09:50:00.0766 3512 sisagp - ok
09:50:00.0786 3512 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:50:00.0791 3512 SiSRaid2 - ok
09:50:00.0817 3512 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
09:50:00.0832 3512 SiSRaid4 - ok
09:50:00.0973 3512 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
09:50:00.0978 3512 SkypeUpdate - ok
09:50:01.0004 3512 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:50:01.0009 3512 Smb - ok
09:50:01.0287 3512 SmcService (a58c1a086d9c09c6572c948f22cc0e94) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
09:50:01.0307 3512 SmcService - ok
09:50:01.0489 3512 smstsmgr - ok
09:50:01.0672 3512 SNAC (d2c222441255131e29de351475f98f6d) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
09:50:01.0687 3512 SNAC - ok
09:50:01.0722 3512 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
09:50:01.0727 3512 SNMPTRAP - ok
09:50:01.0879 3512 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
09:50:01.0879 3512 SPBBCDrv - ok
09:50:01.0960 3512 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:50:01.0965 3512 spldr - ok
09:50:02.0051 3512 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
09:50:02.0056 3512 Spooler - ok
09:50:02.0461 3512 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
09:50:02.0491 3512 sppsvc - ok
09:50:02.0694 3512 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
09:50:02.0714 3512 sppuinotify - ok
09:50:02.0815 3512 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\Windows\system32\Drivers\SRTSP.SYS
09:50:02.0815 3512 SRTSP - ok
09:50:02.0891 3512 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\Windows\system32\Drivers\SRTSPL.SYS
09:50:02.0937 3512 SRTSPL - ok
09:50:02.0977 3512 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\Windows\system32\Drivers\SRTSPX.SYS
09:50:02.0982 3512 SRTSPX - ok
09:50:03.0073 3512 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
09:50:03.0083 3512 srv - ok
09:50:03.0144 3512 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
09:50:03.0159 3512 srv2 - ok
09:50:03.0220 3512 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
09:50:03.0225 3512 srvnet - ok
09:50:03.0276 3512 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
09:50:03.0296 3512 SSDPSRV - ok
09:50:03.0326 3512 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
09:50:03.0341 3512 SstpSvc - ok
09:50:03.0367 3512 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
09:50:03.0367 3512 stexstor - ok
09:50:03.0453 3512 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
09:50:03.0468 3512 StiSvc - ok
09:50:03.0493 3512 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
09:50:03.0493 3512 storflt - ok
09:50:03.0508 3512 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
09:50:03.0513 3512 StorSvc - ok
09:50:03.0549 3512 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
09:50:03.0554 3512 storvsc - ok
09:50:03.0574 3512 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
09:50:03.0574 3512 swenum - ok
09:50:03.0625 3512 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
09:50:03.0635 3512 swprv - ok
09:50:04.0055 3512 Symantec AntiVirus (ba2fb8f8ab24d0279caa98a4c118150e) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
09:50:04.0075 3512 Symantec AntiVirus - ok
09:50:04.0293 3512 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
09:50:04.0293 3512 SymEvent - ok
09:50:04.0353 3512 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
09:50:04.0353 3512 SYMREDRV - ok
09:50:04.0389 3512 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
09:50:04.0389 3512 SYMTDI - ok
09:50:04.0470 3512 SynTP (85aa36b9c4c07cabc1b4e57e11e60e24) C:\Windows\system32\DRIVERS\SynTP.sys
09:50:04.0480 3512 SynTP - ok
09:50:04.0677 3512 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
09:50:04.0723 3512 SysMain - ok
09:50:04.0778 3512 SysPlant (1295b1da3e2a2c24c7d176f6e97afbd1) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
09:50:04.0794 3512 SysPlant - ok
09:50:04.0834 3512 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
09:50:04.0854 3512 TabletInputService - ok
09:50:04.0900 3512 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
09:50:04.0925 3512 TapiSrv - ok
09:50:04.0945 3512 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
09:50:04.0950 3512 TBS - ok
09:50:05.0082 3512 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
09:50:05.0102 3512 Tcpip - ok
09:50:05.0300 3512 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
09:50:05.0310 3512 TCPIP6 - ok
09:50:05.0411 3512 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
09:50:05.0411 3512 tcpipreg - ok
09:50:05.0436 3512 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
09:50:05.0436 3512 TDPIPE - ok
09:50:05.0466 3512 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
09:50:05.0466 3512 TDTCP - ok
09:50:05.0522 3512 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
09:50:05.0522 3512 tdx - ok
09:50:05.0578 3512 Teefer2 (1de2e1357552a79f39bff003a11c533e) C:\Windows\system32\DRIVERS\teefer2.sys
09:50:05.0578 3512 Teefer2 - ok
09:50:05.0598 3512 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
09:50:05.0603 3512 TermDD - ok
09:50:05.0694 3512 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
09:50:05.0719 3512 TermService - ok
09:50:05.0745 3512 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
09:50:05.0765 3512 Themes - ok
09:50:05.0805 3512 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:50:05.0811 3512 THREADORDER - ok
09:50:05.0841 3512 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
09:50:05.0846 3512 TPM - ok
09:50:05.0892 3512 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
09:50:05.0907 3512 TrkWks - ok
09:50:05.0983 3512 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
09:50:05.0988 3512 TrustedInstaller - ok
09:50:06.0023 3512 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:50:06.0023 3512 tssecsrv - ok
09:50:06.0058 3512 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
09:50:06.0069 3512 tunnel - ok
09:50:06.0104 3512 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
09:50:06.0104 3512 TVALZ - ok
09:50:06.0134 3512 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
09:50:06.0134 3512 uagp35 - ok
09:50:06.0276 3512 uagqecsvc (9474ece6561990f7eb443e80cdfd2951) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
09:50:06.0276 3512 uagqecsvc - ok
09:50:06.0306 3512 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
09:50:06.0311 3512 udfs - ok
09:50:06.0357 3512 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
09:50:06.0362 3512 UI0Detect - ok
09:50:06.0382 3512 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
09:50:06.0387 3512 uliagpkx - ok
09:50:06.0408 3512 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
09:50:06.0408 3512 umbus - ok
09:50:06.0418 3512 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
09:50:06.0418 3512 UmPass - ok
09:50:06.0473 3512 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
09:50:06.0489 3512 UmRdpService - ok
09:50:06.0544 3512 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
09:50:06.0564 3512 upnphost - ok
09:50:06.0590 3512 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
09:50:06.0605 3512 usbccgp - ok
09:50:06.0635 3512 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
09:50:06.0650 3512 usbcir - ok
09:50:06.0681 3512 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
09:50:06.0686 3512 usbehci - ok
09:50:06.0731 3512 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
09:50:06.0757 3512 usbhub - ok
09:50:06.0782 3512 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
09:50:06.0787 3512 usbohci - ok
09:50:06.0792 3512 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:50:06.0797 3512 usbprint - ok
09:50:06.0828 3512 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:50:06.0843 3512 USBSTOR - ok
09:50:06.0863 3512 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
09:50:06.0868 3512 usbuhci - ok
09:50:06.0919 3512 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
09:50:06.0929 3512 usbvideo - ok
09:50:06.0964 3512 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
09:50:06.0969 3512 UxSms - ok
09:50:07.0010 3512 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
09:50:07.0015 3512 VaultSvc - ok
09:50:07.0065 3512 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
09:50:07.0065 3512 vdrvroot - ok
09:50:07.0126 3512 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
09:50:07.0146 3512 vds - ok
09:50:07.0167 3512 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:50:07.0167 3512 vga - ok
09:50:07.0192 3512 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:50:07.0192 3512 VgaSave - ok
09:50:07.0227 3512 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
09:50:07.0248 3512 vhdmp - ok
09:50:07.0268 3512 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
09:50:07.0273 3512 viaagp - ok
09:50:07.0283 3512 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
09:50:07.0283 3512 ViaC7 - ok
09:50:07.0303 3512 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
09:50:07.0303 3512 viaide - ok
09:50:07.0328 3512 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
09:50:07.0334 3512 vmbus - ok
09:50:07.0354 3512 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
09:50:07.0354 3512 VMBusHID - ok
09:50:07.0384 3512 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
09:50:07.0384 3512 volmgr - ok
09:50:07.0450 3512 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:50:07.0455 3512 volmgrx - ok
09:50:07.0495 3512 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
09:50:07.0501 3512 volsnap - ok
09:50:07.0516 3512 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
09:50:07.0521 3512 vsmraid - ok
09:50:07.0668 3512 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
09:50:07.0683 3512 VSS - ok
09:50:07.0703 3512 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
09:50:07.0703 3512 vwifibus - ok
09:50:07.0738 3512 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
09:50:07.0738 3512 vwififlt - ok
09:50:07.0784 3512 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
09:50:07.0784 3512 vwifimp - ok
09:50:07.0840 3512 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
09:50:07.0855 3512 W32Time - ok
09:50:07.0976 3512 W3SVC (a5ea12d6020709b1e7db7d5f00c46a86) C:\Windows\system32\inetsrv\iisw3adm.dll
09:50:07.0991 3512 W3SVC - ok
09:50:08.0027 3512 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
09:50:08.0032 3512 WacomPen - ok
09:50:08.0062 3512 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
09:50:08.0067 3512 WANARP - ok
09:50:08.0072 3512 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
09:50:08.0072 3512 Wanarpv6 - ok
09:50:08.0108 3512 WAS (a5ea12d6020709b1e7db7d5f00c46a86) C:\Windows\system32\inetsrv\iisw3adm.dll
09:50:08.0113 3512 WAS - ok
09:50:08.0330 3512 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
09:50:08.0366 3512 WatAdminSvc - ok
09:50:08.0690 3512 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
09:50:08.0740 3512 wbengine - ok
09:50:08.0776 3512 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
09:50:08.0791 3512 WbioSrvc - ok
09:50:08.0862 3512 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
09:50:08.0882 3512 wcncsvc - ok
09:50:08.0912 3512 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
09:50:08.0917 3512 WcsPlugInService - ok
09:50:08.0973 3512 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
09:50:08.0978 3512 Wd - ok
09:50:09.0039 3512 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:50:09.0049 3512 Wdf01000 - ok
09:50:09.0069 3512 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:50:09.0084 3512 WdiServiceHost - ok
09:50:09.0089 3512 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:50:09.0099 3512 WdiSystemHost - ok
09:50:09.0170 3512 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
09:50:09.0185 3512 WebClient - ok
09:50:09.0226 3512 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
09:50:09.0246 3512 Wecsvc - ok
09:50:09.0266 3512 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
09:50:09.0282 3512 wercplsupport - ok
09:50:09.0312 3512 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
09:50:09.0327 3512 WerSvc - ok
09:50:09.0363 3512 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:50:09.0363 3512 WfpLwf - ok
09:50:09.0378 3512 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:50:09.0383 3512 WIMMount - ok
09:50:09.0514 3512 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:50:09.0530 3512 winachsf - ok
09:50:09.0742 3512 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
09:50:09.0752 3512 WinDefend - ok
09:50:09.0762 3512 WinHttpAutoProxySvc - ok
09:50:10.0005 3512 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
09:50:10.0020 3512 Winmgmt - ok
09:50:10.0202 3512 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
09:50:10.0233 3512 WinRM - ok
09:50:10.0324 3512 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
09:50:10.0324 3512 WinUsb - ok
09:50:10.0466 3512 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
09:50:10.0496 3512 Wlansvc - ok
09:50:10.0521 3512 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:50:10.0521 3512 WmiAcpi - ok
09:50:10.0587 3512 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
09:50:10.0587 3512 wmiApSrv - ok
09:50:10.0764 3512 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:50:10.0784 3512 WMPNetworkSvc - ok
09:50:10.0936 3512 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
09:50:10.0946 3512 WPCSvc - ok
09:50:10.0966 3512 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
09:50:10.0987 3512 WPDBusEnum - ok
09:50:11.0073 3512 WPS (c1620ebb375d3b02e31fd311c44fedeb) C:\Windows\system32\drivers\wpsdrvnt.sys
09:50:11.0073 3512 WPS - ok
09:50:11.0128 3512 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
09:50:11.0133 3512 WpsHelper - ok
09:50:11.0174 3512 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:50:11.0174 3512 ws2ifsl - ok
09:50:11.0245 3512 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
09:50:11.0285 3512 wscsvc - ok
09:50:11.0311 3512 WSearch - ok
09:50:11.0650 3512 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
09:50:11.0675 3512 wuauserv - ok
09:50:11.0897 3512 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
09:50:11.0913 3512 WudfPf - ok
09:50:11.0989 3512 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:50:11.0994 3512 WUDFRd - ok
09:50:12.0039 3512 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
09:50:12.0054 3512 wudfsvc - ok
09:50:12.0095 3512 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
09:50:12.0110 3512 WwanSvc - ok
09:50:12.0161 3512 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
09:50:12.0161 3512 XAudio - ok
09:50:12.0231 3512 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
09:50:12.0242 3512 yukonw7 - ok
09:50:12.0434 3512 {7056C71D-D851-41AB-94E8770E632C75E7} - ok
09:50:12.0459 3512 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:50:12.0859 3512 \Device\Harddisk0\DR0 - ok
09:50:12.0879 3512 Boot (0x1200) (fbaa80cf7c922f8b080c7c2d208eb219) \Device\Harddisk0\DR0\Partition0
09:50:12.0884 3512 \Device\Harddisk0\DR0\Partition0 - ok
09:50:12.0909 3512 Boot (0x1200) (55313872291ad4354a9ab4a00474acb4) \Device\Harddisk0\DR0\Partition1
09:50:12.0909 3512 \Device\Harddisk0\DR0\Partition1 - ok
09:50:12.0915 3512 Boot (0x1200) (053c3ded87118fdf98e9d9852463cbfb) \Device\Harddisk0\DR0\Partition2
09:50:12.0920 3512 \Device\Harddisk0\DR0\Partition2 - ok
09:50:12.0920 3512 ============================================================
09:50:12.0920 3512 Scan finished
09:50:12.0920 3512 ============================================================
09:50:12.0935 5640 Detected object count: 0
09:50:12.0935 5640 Actual detected object count: 0
09:56:07.0246 5308 Deinitialize success






aswMBR.txt
------------------------


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-05 09:57:36
-----------------------------
09:57:36.713 OS Version: Windows 6.1.7600
09:57:36.713 Number of processors: 2 586 0x170A
09:57:36.718 ComputerName: [Intentionally Deleted By Me] UserName:
09:57:37.620 Initialize success
09:58:50.124 AVAST engine defs: 12080500
09:59:18.458 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
09:59:18.463 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 11
09:59:18.513 Disk 0 MBR read successfully
09:59:18.518 Disk 0 MBR scan
09:59:18.528 Disk 0 Windows 7 default MBR code
09:59:18.558 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 76312 MB offset 2048
09:59:18.618 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76003 MB offset 156289024
09:59:18.663 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 311943168
09:59:18.683 Disk 0 scanning sectors +312557568
09:59:18.753 Disk 0 malicious Win32:MBRoot code @ sector 312557571 !
09:59:18.808 Disk 0 scanning C:\Windows\system32\drivers
09:59:32.364 Service scanning
09:59:57.888 Service SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
09:59:58.825 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
10:00:03.482 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
10:00:03.542 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
10:00:04.704 Modules scanning
10:00:12.040 Disk 0 trace - called modules:
10:00:12.060 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
10:00:12.070 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86cf3778]
10:00:12.075 3 CLASSPNP.SYS[8be0459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x86c0f908]
10:00:12.926 AVAST engine scan C:\Windows
10:00:19.523 AVAST engine scan C:\Windows\system32
10:04:26.216 AVAST engine scan C:\Windows\system32\drivers
10:04:43.581 AVAST engine scan C:\Users\Administrator
10:08:19.669 AVAST engine scan C:\ProgramData
10:09:43.851 Scan finished successfully
10:12:38.922 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
10:12:38.929 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 05 August 2012 - 03:24 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 biz007

biz007
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 06 August 2012 - 12:49 AM

OTL.txt
----------------------------------


OTL logfile created on: 8/6/2012 1:34:58 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Administrator\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.91 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 65.53% Memory free
5.83 Gb Paging File | 4.83 Gb Available in Paging File | 82.81% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 36.19 Gb Free Space | 48.56% Space Free | Partition Type: NTFS
Drive D: | 74.22 Gb Total Space | 35.20 Gb Free Space | 47.42% Space Free | Partition Type: NTFS

Computer Name: removed| User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\DesktopCentral_Agent\bin\dcagentservice.exe ()
PRC - C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft ® Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\System32\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Windows\System32\drivers\o2flash.exe (O2Micro International)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (ImmunetProtect) -- C:\Program Files\Immunet Protect\2.0.17\agent.exe File not found
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - ({7056C71D-D851-41AB-94E8770E632C75E7}) -- C:\Users\ADMINI~1\AppData\Local\Temp\D972.tmp File not found
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (rpcnet) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (DMService) -- C:\Windows\Downloaded Program Files\DMService.exe (Microsoft ® Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (ManageEngine Desktop Central - Remote Control) -- C:\Program Files\DesktopCentral_Agent\bin\dcrdservice.exe ()
SRV - (ManageEngine Desktop Central - Agent) -- C:\Program Files\DesktopCentral_Agent\bin\dcagentservice.exe ()
SRV - (uagqecsvc) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft ® Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (IISADMIN) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (CcmExec) -- C:\Windows\System32\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\Windows\System32\CCM\TSManager.exe (Microsoft Corporation)
SRV - (O2FLASH) -- C:\Windows\System32\drivers\o2flash.exe (O2Micro International)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys File not found
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120804.009\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120804.009\NAVENG.SYS (Symantec Corporation)
DRV - (WpsHelper) -- C:\Windows\System32\drivers\wpshelper.sys (Symantec Corporation)
DRV - (ImmunetProtectDriver) -- C:\Windows\System32\drivers\ImmunetProtect.sys (Windows ® Codename Longhorn DDK provider)
DRV - (ImmunetSelfProtectDriver) -- C:\Windows\System32\drivers\ImmunetSelfProtect.sys (Windows ® Codename Longhorn DDK provider)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (nm3) -- C:\Windows\System32\drivers\nm3.sys (Microsoft Corporation)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (WPS) -- C:\Windows\System32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SysPlant) -- C:\Windows\System32\drivers\SysPlant.sys (Symantec Corporation)
DRV - (Teefer2) -- C:\Windows\System32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (e1yexpress) -- C:\Windows\System32\drivers\e1y6232.sys (Intel Corporation)
DRV - (O2SCBUS) -- C:\Windows\System32\drivers\ozscr.sys (O2Micro)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (ITEIRDA) -- C:\Windows\System32\drivers\ITEirda.sys (ITE Tech. Inc.)
DRV - (prepdrvr) -- C:\Windows\System32\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2149163141-4198970425-1493155601-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
IE - HKU\S-1-5-21-2149163141-4198970425-1493155601-500\..\SearchScopes,DefaultScope = {062A6091-259F-4AF6-A9F7-CA239919CA6C}
IE - HKU\S-1-5-21-2149163141-4198970425-1493155601-500\..\SearchScopes\{062A6091-259F-4AF6-A9F7-CA239919CA6C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=
IE - HKU\S-1-5-21-2149163141-4198970425-1493155601-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2149163141-4198970425-1493155601-500\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.searchcompletion.com/?si=16615&chrome=true&q={searchTerms}
IE - HKU\S-1-5-21-2149163141-4198970425-1493155601-500\..\SearchScopes\{48A5A5C5-F144-4D96-AD4F-97332E703D90}: "URL" = http://mp3tubetoolbarsearch.com/?tmp=nemo_results_removelink2&keywords={searchTerms}
IE - HKU\S-1-5-21-2149163141-4198970425-1493155601-500\..\SearchScopes\{BDF41EDD-AA32-4CB5-8A36-B73303615100}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=244506&p={searchTerms}
IE - HKU\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=980060093e8a4d928ab3ef27021cf02c&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search.defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=244506"
FF - prefs.js..browser.search.selectedEngine: "Search The Web"
FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?prt=pinballtbfour01ff&clid=980060093e8a4d928ab3ef27021cf02c&subid=&Keywords={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {1E2593B2-E106-4697-BCE7-A9D30DE05D73}:7.2.2
FF - prefs.js..extensions.enabledItems: {29EC17DE-9690-4F16-AABF-E135525DEAC1}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.11.0.9874
FF - prefs.js..keyword.URL: "http://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q="

FF - user.js..keyword.URL: "http://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q="
FF - user.js..keyword.enabled: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@httpwatch.com/hw_addon: C:\Program Files\HttpWatch\Firefox\components [2012/06/27 12:51:35 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E2593B2-E106-4697-BCE7-A9D30DE05D73}: C:\Program Files\HttpWatch\Firefox\ [2012/06/27 12:51:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{29EC17DE-9690-4F16-AABF-E135525DEAC1}: C:\Users\Administrator\AppData\Local\{29EC17DE-9690-4F16-AABF-E135525DEAC1}\ [2011/02/20 00:56:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/02 19:32:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/02 19:32:57 | 000,000,000 | ---D | M]

[2011/01/27 01:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2011/01/27 01:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/08/04 14:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ctdvfuka.default\extensions
[2012/06/19 12:59:04 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ctdvfuka.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/01/26 15:33:29 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ctdvfuka.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/05/12 22:46:25 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ctdvfuka.default\extensions\firefox@tvunetworks.com
[2011/02/12 20:40:49 | 000,000,863 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ctdvfuka.default\searchplugins\conduit.xml
[2011/07/08 14:48:19 | 000,001,211 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ctdvfuka.default\searchplugins\Mp3Tube.xml
[2012/08/02 19:07:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/27 12:51:35 | 000,000,000 | ---D | M] (HttpWatch Basic Edition) -- C:\PROGRAM FILES\HTTPWATCH\FIREFOX
[2012/07/18 17:14:00 | 000,057,702 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CTDVFUKA.DEFAULT\EXTENSIONS\{FE0258AB-4F74-43A1-8781-BCDF340F9EE9}.XPI
[2012/07/27 14:30:08 | 000,200,692 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CTDVFUKA.DEFAULT\EXTENSIONS\YSLOW@YAHOO-INC.COM.XPI
[2012/06/25 10:14:08 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/11 15:03:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/22 03:24:26 | 000,032,040 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2012/06/25 10:14:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/07/20 19:39:52 | 000,002,073 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\completebartb.xml
[2012/06/25 10:14:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/04 15:11:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HttpWatch Basic) - {F1F69322-008F-4895-B2BF-AD194219825A} - C:\Program Files\HttpWatch\httpwatchsc.dll (Simtec Limited)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HttpWatch_RegIEPlugin] C:\Program Files\HttpWatch\regieplugin.exe (Simtec Limited)
O4 - HKU\S-1-5-21-2149163141-4198970425-1493155601-500..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-2149163141-4198970425-1493155601-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2149163141-4198970425-1493155601-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-2149163141-4198970425-1493155601-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: HttpWatch Basic - C:\Program Files\HttpWatch\httpwatch.dll (Simtec Limited)
O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: HttpWatch Basic - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - C:\Program Files\HttpWatch\httpwatch.dll (Simtec Limited)
O9 - Extra 'Tools' menuitem : HttpWatch Basic - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - Reg Error: Value error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://gatewaymtw2.removed.com/InternalSite/WhlCompMgr.cab (Forefront UAG endpoint components)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = removed.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D9291BE-DDF6-415D-ADB0-F0D7097FD836}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/06 01:32:10 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/08/05 09:56:18 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/08/05 09:48:54 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/08/05 09:48:54 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/08/05 09:48:14 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2012/08/04 15:18:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/04 15:17:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/04 15:07:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2012/08/04 14:34:51 | 004,724,408 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2012/08/03 15:38:38 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/03 09:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/08/03 09:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/08/03 09:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/08/03 09:37:44 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/02 19:24:44 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/08/02 01:45:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\gmer
[2012/08/02 00:40:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\dds.scr
[2012/08/01 16:59:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Network Monitor 3
[2012/08/01 16:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
[2012/08/01 16:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Network Monitor 3
[2012/07/31 16:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/06 01:37:13 | 000,021,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 01:37:13 | 000,021,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 01:32:12 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/08/06 01:31:46 | 000,000,494 | ---- | M] () -- C:\Windows\SMSCFG.INI
[2012/08/06 01:29:34 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2012/08/06 01:29:31 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2012/08/06 01:28:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/06 01:28:43 | 2347,315,200 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/05 15:15:17 | 000,017,920 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2012/08/05 15:02:24 | 315,430,411 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/05 14:57:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-746137067-1801674531-25845UA.job
[2012/08/05 14:55:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2149163141-4198970425-1493155601-500UA.job
[2012/08/05 10:12:38 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/08/05 10:00:00 | 000,001,506 | ---- | M] () -- C:\Windows\tasks\DCAgentUpdater.job
[2012/08/05 09:56:47 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/08/05 09:48:14 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2012/08/04 15:15:36 | 000,696,630 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/04 15:15:36 | 000,131,390 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/04 15:11:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/04 14:34:56 | 004,724,408 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2012/08/04 14:15:16 | 000,881,494 | ---- | M] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe
[2012/08/03 17:52:43 | 000,000,600 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd
[2012/08/03 16:57:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-746137067-1801674531-25845Core.job
[2012/08/03 15:56:40 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/03 15:56:40 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/03 09:37:47 | 000,002,114 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/08/03 09:37:46 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/08/02 10:31:00 | 000,241,547 | ---- | M] () -- C:\Users\Administrator\Desktop\report.csv
[2012/08/02 10:25:30 | 000,234,892 | ---- | M] () -- C:\Users\Administrator\Desktop\virus report.csv
[2012/08/02 01:44:05 | 000,294,216 | ---- | M] () -- C:\Users\Administrator\Desktop\gmer.zip
[2012/08/02 01:41:10 | 000,019,005 | ---- | M] () -- C:\Users\Administrator\Desktop\Attach.rar
[2012/08/02 00:40:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\dds.scr
[2012/07/31 14:45:39 | 000,000,600 | ---- | M] () -- C:\Users\Administrator\AppData\Local\PUTTY.RND
[2012/07/28 21:16:43 | 001,064,960 | ---- | M] () -- C:\Users\Administrator\Documents\Assets.accdb
[2012/07/19 14:08:17 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2149163141-4198970425-1493155601-500Core1cd65d978d698fa.job
[2012/07/16 09:05:15 | 000,004,096 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\keyfile3.drm
[2012/07/12 09:18:45 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cd6030dd677888.job
[2012/07/07 12:26:27 | 000,297,236 | ---- | M] () -- C:\Users\Administrator\Desktop\fgfg.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/05 10:12:38 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/08/04 14:15:26 | 000,881,494 | ---- | C] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe
[2012/08/03 09:37:47 | 000,002,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/08/03 09:37:46 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/08/02 22:09:03 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{19511fe1-fb6b-ced5-7061-240816a0d498} - Copy\@
[2012/08/02 22:09:03 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{19511fe1-fb6b-ced5-7061-240816a0d498} - Copy\L\00000004.@
[2012/08/02 10:31:00 | 000,241,547 | ---- | C] () -- C:\Users\Administrator\Desktop\report.csv
[2012/08/02 10:21:23 | 000,234,892 | ---- | C] () -- C:\Users\Administrator\Desktop\virus report.csv
[2012/08/02 01:44:11 | 000,294,216 | ---- | C] () -- C:\Users\Administrator\Desktop\gmer.zip
[2012/08/02 01:41:10 | 000,019,005 | ---- | C] () -- C:\Users\Administrator\Desktop\Attach.rar
[2012/08/01 23:56:13 | 315,430,411 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/28 21:15:22 | 001,064,960 | ---- | C] () -- C:\Users\Administrator\Documents\Assets.accdb
[2012/07/19 14:08:17 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2149163141-4198970425-1493155601-500Core1cd65d978d698fa.job
[2012/07/16 09:05:15 | 000,004,096 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\keyfile3.drm
[2012/07/12 09:18:45 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cd6030dd677888.job
[2012/07/07 12:26:27 | 000,297,236 | ---- | C] () -- C:\Users\Administrator\Desktop\fgfg.pdf
[2012/02/28 15:23:03 | 000,002,456 | ---- | C] () -- C:\Users\Administrator\_viminfo
[2011/07/20 19:40:55 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/07/20 19:21:38 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/05/02 15:32:54 | 000,000,252 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/03/29 22:33:28 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\45553.ini
[2011/03/25 13:40:10 | 000,026,772 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\8l14vbxv27s3
[2011/03/25 13:40:10 | 000,026,772 | -HS- | C] () -- C:\ProgramData\8l14vbxv27s3
[2011/03/17 13:07:04 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Local\PUTTY.RND
[2011/02/22 09:10:36 | 000,027,982 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\a+.0(+(XSV(JX()N+,
[2011/02/22 09:10:36 | 000,027,982 | -HS- | C] () -- C:\ProgramData\a+.0(+(XSV(JX()N+,
[2011/02/20 00:56:09 | 000,000,120 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Czucakadevi.dat
[2011/02/20 00:56:09 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Klekezaxeqeta.bin
[2011/02/15 15:28:59 | 000,007,616 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2011/02/14 00:32:03 | 000,070,536 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.sys
[2011/01/23 20:33:39 | 000,000,036 | ---- | C] () -- C:\Users\Administrator\AppData\Local\housecall.guid.cache
[2011/01/23 12:47:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/23 12:47:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/23 12:47:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/23 12:47:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/23 12:47:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/23 11:02:07 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/01/19 18:24:03 | 000,001,252 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
[2010/12/19 23:48:11 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX.INI
[2010/12/19 23:11:59 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Action Clauses
[2010/12/19 23:11:58 | 000,000,268 | RH-- | C] () -- C:\Users\Administrator\AppData\Roaming\vhosts
[2010/12/19 23:11:58 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/12/19 23:08:52 | 000,000,268 | RH-- | C] () -- C:\Users\Administrator\AppData\Roaming\manual
[2010/12/19 23:08:52 | 000,000,268 | RH-- | C] () -- C:\ProgramData\AccountTypes
[2010/12/19 23:08:52 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/12/06 00:58:23 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/11/22 16:44:27 | 000,000,030 | ---- | C] () -- C:\Users\Administrator\.launchpad.prefs
[2010/11/17 12:11:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/31 13:31:22 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/30 11:58:41 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\winscp.rnd
[2010/08/27 19:50:32 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010/08/27 19:24:33 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2010/08/27 19:23:02 | 000,017,920 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2010/08/27 07:31:52 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010/08/27 07:31:52 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/08/27 07:31:52 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010/08/27 07:31:52 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2010/08/27 07:29:42 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/02/05 06:05:17 | 000,001,024 | RHS- | C] () -- C:\ProgramData\ntuser.pol

< End of report >

Edited by gringo_pr, 27 August 2012 - 12:48 PM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 06 August 2012 - 06:32 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O9 - Extra 'Tools' menuitem : HttpWatch Basic - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - Reg Error: Value error. File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    IE - HKU\S-1-5-21-2149163141-4198970425-1493155601-500\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.searchcompletion.com/?si=16615&chrome=true&q={searchTerms}
    IE - HKU\S-1-5-21-2149163141-4198970425-1493155601-500\..\SearchScopes\{48A5A5C5-F144-4D96-AD4F-97332E703D90}: "URL" = http://mp3tubetoolbarsearch.com/?tmp=nemo_results_removelink2&keywords={searchTerms}
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "Search The Web"
    FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?prt=pinballtbfour01ff&clid=980060093e8a4d928ab3ef27021cf02c&subid=&Keywords={searchTerms}"
    FF - prefs.js..extensions.enabledItems: {29EC17DE-9690-4F16-AABF-E135525DEAC1}:1.9.1
    [2011/02/12 20:40:49 | 000,000,863 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ctdvfuka.default\searchplugins\conduit.xml
    [2011/07/08 14:48:19 | 000,001,211 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ctdvfuka.default\searchplugins\Mp3Tube.xml
    [2012/07/31 16:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
    [2011/03/25 13:40:10 | 000,026,772 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\8l14vbxv27s3
    [2011/03/25 13:40:10 | 000,026,772 | -HS- | C] () -- C:\ProgramData\8l14vbxv27s3
    [2011/02/22 09:10:36 | 000,027,982 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\a+.0(+(XSV(JX()N+,
    [2011/02/22 09:10:36 | 000,027,982 | -HS- | C] () -- C:\ProgramData\a+.0(+(XSV(JX()N+,
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 biz007

biz007
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 06 August 2012 - 10:13 AM

Hi Gringo,
As per your direction we done steps and got below logs. But didnít got any rebooting request from machine. So we rebooted the system manually.


08062012_110417.log
---------------------------------


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D103E85B-5D67-42c1-8C83-F01079DBAB26}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D103E85B-5D67-42c1-8C83-F01079DBAB26}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry key HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Internet Explorer\SearchScopes\{48A5A5C5-F144-4D96-AD4F-97332E703D90}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48A5A5C5-F144-4D96-AD4F-97332E703D90}\ not found.
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search The Web" removed from browser.search.selectedEngine
Prefs.js: "http://mp3tubetoolbarsearch.com/?prt=pinballtbfour01ff&clid=980060093e8a4d928ab3ef27021cf02c&subid=&Keywords={searchTerms}" removed from browser.search.selectedEngineURL
Prefs.js: {29EC17DE-9690-4F16-AABF-E135525DEAC1}:1.9.1 removed from extensions.enabledItems
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ctdvfuka.default\searchplugins\conduit.xml moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ctdvfuka.default\searchplugins\Mp3Tube.xml moved successfully.
C:\ProgramData\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\ProgramData\SpeedyPC Software folder moved successfully.
C:\Users\Administrator\AppData\Local\8l14vbxv27s3 moved successfully.
C:\ProgramData\8l14vbxv27s3 moved successfully.
C:\Users\Administrator\AppData\Local\a+.0(+(XSV(JX()N+, moved successfully.
C:\ProgramData\a+.0(+(XSV(JX()N+, moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Administrator\Desktop\cmd.bat deleted successfully.
C:\Users\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator
->Java cache emptied: 1711235 bytes

User: All Users

User: Classic .NET AppPool
->Java cache emptied: 0 bytes

User: Default
->Java cache emptied: 0 bytes

User: Default User
->Java cache emptied: 0 bytes

User: Default.bak

User: <Deleted By Me>
->Java cache emptied: 7883 bytes

User: Public

User: VickLocak
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 2.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 43027 bytes

User: All Users

User: Classic .NET AppPool
->Flash cache emptied: 321 bytes

User: Default
->Flash cache emptied: 321 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Default.bak

User: <Deleted By Me>
->Flash cache emptied: 7196 bytes

User: Public

User: VickLocak
->Flash cache emptied: 321 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08062012_110417

#11 biz007

biz007
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 06 August 2012 - 10:27 AM

Hi Gringo,
Today morning we re-stared the machine successfully on normal startup booting mode. All process like Boot start-up, Log-in startup, and Machine shut down are worked properly on all iteration. Thanks once again for all your support and help :) :)

Thanks & Regards, Biz 007

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 06 August 2012 - 01:17 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 biz007

biz007
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 06 August 2012 - 10:07 PM

log.txt
----------------------------------


ComboFix 12-08-04.02 - Administrator 08/06/2012 16:24:18.4.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2985.991 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 20:35 . 2012-08-06 20:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-08-03 13:37 . 2012-08-03 13:37 -------- d-----w- c:\programdata\McAfee Security Scan
2012-08-03 13:37 . 2012-08-03 13:37 -------- d-----w- c:\program files\McAfee Security Scan
2012-08-03 13:37 . 2012-08-03 19:56 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-01 20:59 . 2012-08-01 20:59 -------- d-----w- c:\program files\Microsoft Network Monitor 3
2012-07-31 22:10 . 2012-07-31 22:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\McAfee
2012-07-31 20:19 . 2012-07-31 20:19 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\SpeedyPC Software
2012-07-31 20:19 . 2012-07-31 20:19 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\DriverCure
2012-07-15 21:58 . 2012-07-15 21:58 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-06 15:17 . 2010-08-27 23:23 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-08-06 15:17 . 2010-08-30 12:38 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-08-05 19:15 . 2010-08-27 23:24 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2012-08-03 19:56 . 2012-04-17 02:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-31 20:42 . 2009-07-13 23:11 53312 ----a-w- c:\windows\system32\drivers\volmgr.sys
2012-07-03 17:46 . 2011-02-14 02:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-07-03 18:36 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-07-03 18:36 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:12 . 2012-07-03 18:36 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-07-03 18:24 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-07-03 18:24 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-25 14:14 . 2012-05-09 14:48 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2012-05-30 4331392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-06-03 115560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2010-10-22 11937552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HttpWatch_RegIEPlugin"="c:\program files\HttpWatch\regieplugin.exe" [2012-06-25 2281696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2010-9-8 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 ImmunetProtect;Immunet Protect;c:\program files\Immunet Protect\2.0.17\agent.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 {7056C71D-D851-41AB-94E8770E632C75E7};{7056C71D-D851-41AB-94E8770E632C75E7};c:\windows\System32\svchost.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 ManageEngine Desktop Central - Remote Control;ManageEngine Desktop Central 7 - Remote Control;c:\program files\DesktopCentral_Agent\bin\dcrdservice.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
S1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\DRIVERS\ImmunetProtect.sys [x]
S1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\DRIVERS\ImmunetSelfProtect.sys [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
S2 ManageEngine Desktop Central - Agent;ManageEngine Desktop Central 7 - Agent;c:\program files\DesktopCentral_Agent\bin\dcagentservice.exe [x]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 ITEIRDA;ITE Infrared Device Driver;c:\windows\system32\DRIVERS\ITEirda.sys [x]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [x]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-06 c:\windows\Tasks\DCAgentUpdater.job
- c:\program files\DesktopCentral_Agent\bin\dcagentupdater.exe [2010-02-22 10:49]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd6030dd677888.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 21:03]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2149163141-4198970425-1493155601-500Core1cd65d978d698fa.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-22 17:50]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2149163141-4198970425-1493155601-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-22 17:50]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-746137067-1801674531-25845Core.job
- c:\users\<Delete By Me>\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-22 20:52]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-746137067-1801674531-25845UA.job
- c:\users\<Delete By Me>\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-22 20:52]
.
2011-02-14 c:\windows\Tasks\User_Feed_Synchronization-{D28FF06A-17B6-4D4D-8DB2-D6D54B9FF135}.job
- c:\windows\system32\msfeedssync.exe [2011-02-10 05:26]
.
2011-02-15 c:\windows\Tasks\{0825D314-A05E-449F-A9EB-BBD72476C146}.job
- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]
.
2011-05-12 c:\windows\Tasks\{0F58FF22-B7A1-45BC-9ED5-D78160EF9A19}.job
- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]
.
2011-08-30 c:\windows\Tasks\{2A7B4CCE-FDD9-4017-914C-11261C36E744}.job
- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]
.
2011-10-03 c:\windows\Tasks\{624CA8CD-D51D-428A-91D2-D3BD2685F28F}.job
- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]
.
2011-10-14 c:\windows\Tasks\{AF873B12-A60A-4CDA-A0D0-ED9E95B29DC0}.job
- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]
.
2011-07-02 c:\windows\Tasks\{C5542218-DB2B-45C9-87ED-51938BDA1A41}.job
- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]
.
2011-06-04 c:\windows\Tasks\{DAB022EF-13F3-4D82-B7A3-4847EBF08D23}.job
- c:\program files\Skype\Phone\Skype.exe [2012-02-29 12:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: HttpWatch Basic - c:\program files\HttpWatch\httpwatch.dll/1351
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{09E37096-4207-49CE-9295-E44176773D30}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ctdvfuka.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{7056C71D-D851-41AB-94E8770E632C75E7}]
"ServiceDll"="c:\users\ADMINI~1\AppData\Local\Temp\D972.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,ce,a5,e6,c7,3b,40,44,bd,9a,3c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,ce,a5,e6,c7,3b,40,44,bd,9a,3c,\
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3b,10,78,32,81,37,a2,43,8e,5e,67,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3b,10,78,32,81,37,a2,43,8e,5e,67,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,61,bd,e8,8f,68,f2,4a,b4,4c,94,\
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.a52\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.a52"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aac"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ac3"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.adt"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.adts"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aif"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aifc"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aiff"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.amr"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.amv"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aob"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ape"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aspx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad++.exe"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.asx"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.au"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.b4s\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.b4s"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bin\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.bin"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.cda"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.config\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\iexplore.exe"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cue\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.cue"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DAT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.dts"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.dv"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.flac"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Opera.exe"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gxf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.gxf"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hol\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.hol"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ibc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ibc"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ics\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ics"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.it\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.it"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jsp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\MSOXMLED.EXE"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lst\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad++.exe"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m3u"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m3u8"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m4a"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m4p"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mid"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mka"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mlp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mlp"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mod"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp1"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp2"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mp3"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpa"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpc"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg1"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg2"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg4"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.msg"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mxf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mxf"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*—9©g]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*—9©g\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nsv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.nsv"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nuv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.nuv"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oga\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.oga"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ogg"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ogx"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.oma"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.pls"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Png"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.psd"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rec\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.rec"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.resx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\MSOXMLED.EXE"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.rmi"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.s3m"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.sdp"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.snd"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.spx"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Opera.exe"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.tod"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.tta"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.tts"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcf"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcs\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcs"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vlc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vlc"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.voc"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vqf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vqf"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vro\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vro"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w64\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.w64"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.wav"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdseml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.wma"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.wv"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xa"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xm"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\iexplore.exe"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xps\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\iexplore.exe"
.
[HKEY_USERS\S-1-5-21-2149163141-4198970425-1493155601-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xspf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xspf"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-06 16:37:07
ComboFix-quarantined-files.txt 2012-08-06 20:37
ComboFix2.txt 2012-08-04 19:18
ComboFix3.txt 2012-08-02 03:42
ComboFix4.txt 2011-01-23 17:13
.
Pre-Run: 38,212,337,664 bytes free
Post-Run: 38,802,935,808 bytes free
.
- - End Of File - - 015EBA8A496AC0F4F9033DD9B38BAE26

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:36 PM

Posted 06 August 2012 - 10:18 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

BitTorrent
Java™ 6 Update 24
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 biz007

biz007
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 07 August 2012 - 02:14 PM

Hi Gringo,

Look like all the system functionalities are working fine on machine and didnít find any more malicious activity at background. Thanks for your continuous and deep level support. :) Regarding P2P application. I didn't find any more P2P application [BitTorrent] on system UN-installation window or Revo Uninstaller landing window. Kindly checkout what wrong in that concern.



mbam-log-2012-08-07 (14-23-05).txt
---------------------------------------------

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.07.06

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Administrator :: <XXXXXXX> [administrator]

8/7/2012 2:23:05 PM
mbam-log-2012-08-07 (14-23-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 275705
Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





hijackthis.log
-------------------------------


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:34:21 PM, on 8/7/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Lync\communicator.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft Lync\UcMapi.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Administrator\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HttpWatch Basic - {F1F69322-008F-4895-B2BF-AD194219825A} - C:\Program Files\HttpWatch\httpwatchsc.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HttpWatch_RegIEPlugin] C:\Program Files\HttpWatch\regieplugin.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: HttpWatch Basic - res://C:\Program Files\HttpWatch\httpwatch.dll/1351
O9 - Extra button: (no name) - {0AD401E5-2D78-45B1-B875-07B0F9ED3937} - C:\Program Files\nStuff\Web Development Helper\WebDevHelper.dll
O9 - Extra button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Forefront UAG endpoint components) - https://gatewaymtw2.<company Name>.com/InternalSite/WhlCompMgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = <company Name>.com
O17 - HKLM\Software\..\Telephony: DomainName = <company Name>.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = <company Name>.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = <company Name>.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = <company Name>.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Immunet Protect (ImmunetProtect) - Unknown owner - C:\Program Files\Immunet Protect\2.0.17\agent.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ManageEngine Desktop Central 7 - Agent (ManageEngine Desktop Central - Agent) - Unknown owner - C:\Program Files\DesktopCentral_Agent\bin\dcagentservice.exe
O23 - Service: ManageEngine Desktop Central 7 - Remote Control (ManageEngine Desktop Central - Remote Control) - Unknown owner - C:\Program Files\DesktopCentral_Agent\bin\dcrdservice.exe
O23 - Service: O2FLASH - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 7025 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users