Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search redirects


  • This topic is locked This topic is locked
33 replies to this topic

#1 maxdragon

maxdragon

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 03 August 2012 - 03:54 PM

MOVED to Virus,Trojan and Malware Removal Logs ~~boopme


so i am having my search redirected. i have a called white smoke that shows up.

the hijack this is as follows


xLogfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:23:15 PM, on 8/3/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\Brandon\AppData\Local\Akamai\netsession_win.exe
C:\Users\Brandon\AppData\Local\Akamai\netsession_win.exe
C:\Users\Brandon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2start.exe
C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brandon\Bob.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>???????????????????e;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
O4 - HKLM\..\Run: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
O4 - HKLM\..\Run: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Brandon\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Brandon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Emsisoft Anti-Malware 6.6 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9690 bytes

Edited by boopme, 03 August 2012 - 08:36 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 AM

Posted 08 August 2012 - 03:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/463744 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:18 AM

Posted 08 August 2012 - 09:49 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.




Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 maxdragon

maxdragon
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 09 August 2012 - 11:57 PM

so here it is

OTL logfile created on: 8/10/2012 12:45:32 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Brandon\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 64.50% Memory free
8.00 Gb Paging File | 6.17 Gb Available in Paging File | 77.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 57.88 Gb Free Space | 24.85% Space Free | Partition Type: NTFS
Drive D: | 60.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 931.51 Gb Total Space | 342.16 Gb Free Space | 36.73% Space Free | Partition Type: NTFS

Computer Name: BRANDON-PC | User Name: Brandon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Brandon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Brandon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\Brandon\AppData\Local\Google\Chrome\Application\21.0.1180.75\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Brandon\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Brandon\AppData\Local\Google\Chrome\Application\21.0.1180.75\pdf.dll ()
MOD - C:\Users\Brandon\AppData\Local\Google\Chrome\Application\21.0.1180.75\libglesv2.dll ()
MOD - C:\Users\Brandon\AppData\Local\Google\Chrome\Application\21.0.1180.75\libegl.dll ()
MOD - C:\Users\Brandon\AppData\Local\Google\Chrome\Application\21.0.1180.75\avutil-51.dll ()
MOD - C:\Users\Brandon\AppData\Local\Google\Chrome\Application\21.0.1180.75\avformat-54.dll ()
MOD - C:\Users\Brandon\AppData\Local\Google\Chrome\Application\21.0.1180.75\avcodec-54.dll ()
MOD - C:\Users\Brandon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (PSUAService) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.)
SRV - (NanoServiceMain) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (PSINProt) -- C:\Windows\SysNative\drivers\PSINProt.sys (Panda Security, S.L.)
DRV:64bit: - (PSINKNC) -- C:\Windows\SysNative\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV:64bit: - (PSINProc) -- C:\Windows\SysNative\drivers\PSINProc.sys (Panda Security, S.L.)
DRV:64bit: - (PSINAflt) -- C:\Windows\SysNative\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV:64bit: - (PSINFile) -- C:\Windows\SysNative\drivers\PSINFile.sys (Panda Security, S.L.)
DRV:64bit: - (NNSSTRM) -- C:\Windows\SysNative\drivers\NNSStrm.sys (Panda Security, S.L.)
DRV:64bit: - (NNSTLSC) -- C:\Windows\SysNative\drivers\NNStlsc.sys (Panda Security, S.L.)
DRV:64bit: - (NNSSMTP) -- C:\Windows\SysNative\drivers\NNSSmtp.sys (Panda Security, S.L.)
DRV:64bit: - (NNSPRV) -- C:\Windows\SysNative\drivers\NNSPrv.sys (Panda Security, S.L.)
DRV:64bit: - (NNSPROT) -- C:\Windows\SysNative\drivers\NNSProt.sys (Panda Security, S.L.)
DRV:64bit: - (NNSPOP3) -- C:\Windows\SysNative\drivers\NNSPop3.sys (Panda Security, S.L.)
DRV:64bit: - (NNSPIHSW) -- C:\Windows\SysNative\drivers\NNSPihsw.sys (Panda Security, S.L.)
DRV:64bit: - (NNSPICC) -- C:\Windows\SysNative\drivers\NNSpicc.sys (Panda Security, S.L.)
DRV:64bit: - (NNSNAHSL) -- C:\Windows\SysNative\drivers\NNSNAHSL.sys (Panda Security, S.L.)
DRV:64bit: - (NNSIDS) -- C:\Windows\SysNative\drivers\NNSIds.sys (Panda Security, S.L.)
DRV:64bit: - (NNSHTTP) -- C:\Windows\SysNative\drivers\NNSHttp.sys (Panda Security, S.L.)
DRV:64bit: - (NNSALPC) -- C:\Windows\SysNative\drivers\NNSAlpc.sys (Panda Security, S.L.)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PSKMAD) -- C:\Windows\SysNative\drivers\PSKMAD.sys (Panda Security)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (a2acc) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys (Emsisoft GmbH)
DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH)
DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH)
DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3466096303-1108741516-2037161739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3466096303-1108741516-2037161739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3466096303-1108741516-2037161739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3466096303-1108741516-2037161739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 31 A1 C0 5C 64 CC 01 [binary data]
IE - HKU\S-1-5-21-3466096303-1108741516-2037161739-1000\..\SearchScopes,DefaultScope = {3D3A0BBA-F070-4E5F-A6BE-0173B0DB89EE}
IE - HKU\S-1-5-21-3466096303-1108741516-2037161739-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3466096303-1108741516-2037161739-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo.com/search?fr=chr-panda&q={searchTerms}&ei=UTF-8&type=PCAFSI1190
IE - HKU\S-1-5-21-3466096303-1108741516-2037161739-1000\..\SearchScopes\{3D3A0BBA-F070-4E5F-A6BE-0173B0DB89EE}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-3466096303-1108741516-2037161739-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3466096303-1108741516-2037161739-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = [String data over 1000 bytes]


========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Brandon\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Brandon\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/29 00:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/29 00:00:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/02 20:19:42 | 000,000,000 | ---D | M]

[2010/10/18 10:03:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Extensions
[2012/07/24 20:34:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\ll0qk0i4.default\extensions
[2012/06/13 00:15:47 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\ll0qk0i4.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2011/11/23 22:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\ll0qk0i4.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions
[2011/11/23 22:25:46 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\ll0qk0i4.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2012/06/13 00:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[1832/11/29 00:44:26 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\BRANDON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LL0QK0I4.DEFAULT\EXTENSIONS\EVNWKLCQKV@EVNWKLCQKV.ORG.XPI
[2012/06/01 11:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/29 00:01:34 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/06/01 11:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/01 11:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.facebook.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.facebook.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Brandon\AppData\Local\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Brandon\AppData\Local\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Brandon\AppData\Local\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Disabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Brandon\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
CHR - Extension: persona 4 = C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bamdjkahdkhlfifajhfdlaipclmneach\1_0\
CHR - Extension: APNG = C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp\0.7.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3466096303-1108741516-2037161739-1000..\Run: [Akamai NetSession Interface] C:\Users\Brandon\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-3466096303-1108741516-2037161739-1000..\Run: [Spotify Web Helper] C:\Users\Brandon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-3466096303-1108741516-2037161739-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3466096303-1108741516-2037161739-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6062E40F-D58D-4A52-84EE-DB65E7A21917}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/14 22:56:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/01 10:14:36 | 000,358,880 | R--- | M] (NETGEAR Inc.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/05/29 12:27:40 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2c251d45-2755-11e0-90ac-00044b037bd3}\Shell - "" = AutoRun
O33 - MountPoints2\{2c251d45-2755-11e0-90ac-00044b037bd3}\Shell\AutoRun\command - "" = F:\install.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/10 00:44:00 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
[2012/08/09 21:46:05 | 000,057,928 | ---- | C] (Panda Security) -- C:\Windows\SysNative\drivers\PSKMAD.sys
[2012/08/03 16:21:54 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Brandon\Bob.exe
[2012/08/02 20:19:42 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/08/01 00:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012/08/01 00:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012/08/01 00:31:57 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Documents\Anti-Malware
[2012/07/31 17:42:41 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/28 02:43:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/07/25 00:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
[2012/07/22 15:41:23 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Macromedia
[2012/07/17 23:30:25 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Trine2
[2012/07/13 07:02:53 | 000,130,088 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\PSINProt.sys
[2012/07/13 07:02:10 | 000,205,352 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\PSINKNC.sys
[2012/07/13 07:02:10 | 000,123,944 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\PSINProc.sys
[2012/07/13 07:02:09 | 000,167,464 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\PSINAflt.sys
[2012/07/13 07:02:09 | 000,119,336 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\PSINFile.sys
[2012/07/12 11:18:56 | 000,219,688 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\NNSStrm.sys
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/10 00:52:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3466096303-1108741516-2037161739-1000UA.job
[2012/08/10 00:46:19 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/10 00:46:19 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/10 00:43:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
[2012/08/10 00:38:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/10 00:38:33 | 3220,074,496 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/09 23:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/09 23:36:39 | 000,747,430 | ---- | M] () -- C:\Windows\TempCloudAV0810014603_1128.csv
[2012/08/09 21:55:09 | 000,002,465 | ---- | M] () -- C:\Users\Brandon\Desktop\Google Chrome.lnk
[2012/08/08 17:52:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3466096303-1108741516-2037161739-1000Core.job
[2012/08/08 14:49:44 | 000,649,436 | ---- | M] () -- C:\Windows\TempCloudAV0808182456_1352.csv
[2012/08/08 00:47:55 | 000,478,652 | ---- | M] () -- C:\Users\Brandon\game name.png
[2012/08/08 00:47:02 | 000,557,346 | ---- | M] () -- C:\Windows\TempCloudAV0807202109_2108.csv
[2012/08/03 16:21:56 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Brandon\Bob.exe
[2012/08/03 00:56:27 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/03 00:56:27 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/01 16:40:21 | 000,109,552 | ---- | M] () -- C:\Windows\TempCloudAV0801190948_1528.csv
[2012/08/01 06:27:14 | 179,397,812 | ---- | M] () -- C:\Windows\TempCloudAV0801005855_1172.csv
[2012/08/01 00:32:20 | 000,001,119 | ---- | M] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/08/01 00:32:20 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/07/31 20:57:22 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/31 20:57:20 | 084,214,160 | ---- | M] () -- C:\Windows\TempCloudAV0731204016_1760.csv
[2012/07/31 17:04:42 | 000,122,297 | ---- | M] () -- C:\Users\Brandon\Documents\bookmarks_7_31_12.html
[2012/07/30 23:43:02 | 000,000,000 | ---- | M] () -- C:\ProgramData\0x0304A000.sfl
[2012/07/29 02:16:33 | 000,000,220 | ---- | M] () -- C:\Users\Brandon\Desktop\Borderlands.url
[2012/07/28 05:28:06 | 273,062,021 | ---- | M] () -- C:\Windows\TempCloudAV0728015037_1296.csv
[2012/07/27 15:27:26 | 001,484,782 | ---- | M] () -- C:\Windows\TempCloudAV0727182939_2192.csv
[2012/07/27 01:24:15 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/27 01:24:15 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/27 01:24:15 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/27 01:23:19 | 005,090,855 | ---- | M] () -- C:\Windows\TempCloudAV0727033334_1176.csv
[2012/07/26 22:56:41 | 000,001,759 | ---- | M] () -- C:\Windows\TempCloudAV0726203058_1780.csv
[2012/07/25 21:04:45 | 000,076,158 | ---- | M] () -- C:\Windows\TempCloudAV0725213341_1764.csv
[2012/07/25 17:32:18 | 001,303,976 | ---- | M] () -- C:\Windows\TempCloudAV0725191852_2528.csv
[2012/07/25 01:21:10 | 000,404,998 | ---- | M] () -- C:\Windows\TempCloudAV0725050840_2108.csv
[2012/07/25 00:49:55 | 000,338,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/24 01:56:13 | 000,262,090 | ---- | M] () -- C:\Windows\TempCloudAV0724032306_1116.csv
[2012/07/23 19:50:44 | 003,186,336 | ---- | M] () -- C:\Windows\TempCloudAV0723232609_2348.csv
[2012/07/22 23:39:22 | 000,294,505 | ---- | M] () -- C:\Windows\TempCloudAV0722213307_1744.csv
[2012/07/22 03:40:59 | 000,298,573 | ---- | M] () -- C:\Windows\TempCloudAV0722070003_2280.csv
[2012/07/21 21:47:20 | 003,083,547 | ---- | M] () -- C:\Windows\TempCloudAV0721213554_1624.csv
[2012/07/20 01:00:12 | 011,300,090 | ---- | M] () -- C:\Windows\TempCloudAV0720022424_1844.csv
[2012/07/19 18:51:27 | 000,360,283 | ---- | M] () -- C:\Windows\TempCloudAV0719201948_1972.csv
[2012/07/19 00:59:21 | 000,477,767 | ---- | M] () -- C:\Windows\TempCloudAV0719005245_1936.csv
[2012/07/18 16:35:38 | 000,404,578 | ---- | M] () -- C:\Windows\TempCloudAV0718195805_2332.csv
[2012/07/18 00:19:34 | 012,050,312 | ---- | M] () -- C:\Windows\TempCloudAV0717221953_1700.csv
[2012/07/17 23:30:47 | 000,000,221 | ---- | M] () -- C:\Users\Brandon\Desktop\Trine.url
[2012/07/17 01:00:27 | 000,341,784 | ---- | M] () -- C:\Windows\TempCloudAV0717030553_1128.csv
[2012/07/16 00:41:44 | 000,324,969 | ---- | M] () -- C:\Windows\TempCloudAV0716011146_1896.csv
[2012/07/15 23:16:56 | 000,000,221 | ---- | M] () -- C:\Users\Brandon\Desktop\Trine 2.url
[2012/07/15 02:44:56 | 000,236,656 | ---- | M] () -- C:\Windows\TempCloudAV0715033638_1980.csv
[2012/07/14 21:11:34 | 000,247,371 | ---- | M] () -- C:\Windows\TempCloudAV0714235414_1668.csv
[2012/07/14 03:48:53 | 008,011,747 | ---- | M] () -- C:\Windows\TempCloudAV0713203416_1796.csv
[2012/07/13 07:02:53 | 000,130,088 | ---- | M] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\PSINProt.sys
[2012/07/13 07:02:10 | 000,205,352 | ---- | M] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\PSINKNC.sys
[2012/07/13 07:02:10 | 000,123,944 | ---- | M] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\PSINProc.sys
[2012/07/13 07:02:09 | 000,167,464 | ---- | M] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\PSINAflt.sys
[2012/07/13 07:02:09 | 000,119,336 | ---- | M] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\PSINFile.sys
[2012/07/12 11:18:56 | 000,219,688 | ---- | M] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\NNSStrm.sys
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/09 21:52:36 | 000,747,430 | ---- | C] () -- C:\Windows\TempCloudAV0810014603_1128.csv
[2012/08/08 14:25:14 | 000,649,436 | ---- | C] () -- C:\Windows\TempCloudAV0808182456_1352.csv
[2012/08/08 00:47:55 | 000,478,652 | ---- | C] () -- C:\Users\Brandon\game name.png
[2012/08/07 16:21:25 | 000,557,346 | ---- | C] () -- C:\Windows\TempCloudAV0807202109_2108.csv
[2012/08/01 15:10:10 | 000,109,552 | ---- | C] () -- C:\Windows\TempCloudAV0801190948_1528.csv
[2012/08/01 00:32:20 | 000,001,119 | ---- | C] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/08/01 00:32:20 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/07/31 20:59:04 | 179,397,812 | ---- | C] () -- C:\Windows\TempCloudAV0801005855_1172.csv
[2012/07/31 17:42:50 | 000,002,465 | ---- | C] () -- C:\Users\Brandon\Desktop\Google Chrome.lnk
[2012/07/31 17:42:00 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3466096303-1108741516-2037161739-1000UA.job
[2012/07/31 17:41:59 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3466096303-1108741516-2037161739-1000Core.job
[2012/07/31 17:04:41 | 000,122,297 | ---- | C] () -- C:\Users\Brandon\Documents\bookmarks_7_31_12.html
[2012/07/31 16:40:31 | 084,214,160 | ---- | C] () -- C:\Windows\TempCloudAV0731204016_1760.csv
[2012/07/30 23:43:02 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2012/07/29 02:16:33 | 000,000,220 | ---- | C] () -- C:\Users\Brandon\Desktop\Borderlands.url
[2012/07/27 21:50:51 | 273,062,021 | ---- | C] () -- C:\Windows\TempCloudAV0728015037_1296.csv
[2012/07/27 14:34:34 | 001,484,782 | ---- | C] () -- C:\Windows\TempCloudAV0727182939_2192.csv
[2012/07/26 23:33:47 | 005,090,855 | ---- | C] () -- C:\Windows\TempCloudAV0727033334_1176.csv
[2012/07/26 22:56:15 | 000,001,759 | ---- | C] () -- C:\Windows\TempCloudAV0726203058_1780.csv
[2012/07/25 17:33:54 | 000,076,158 | ---- | C] () -- C:\Windows\TempCloudAV0725213341_1764.csv
[2012/07/25 15:19:16 | 001,303,976 | ---- | C] () -- C:\Windows\TempCloudAV0725191852_2528.csv
[2012/07/25 01:14:46 | 000,404,998 | ---- | C] () -- C:\Windows\TempCloudAV0725050840_2108.csv
[2012/07/23 23:23:18 | 000,262,090 | ---- | C] () -- C:\Windows\TempCloudAV0724032306_1116.csv
[2012/07/23 19:26:23 | 003,186,336 | ---- | C] () -- C:\Windows\TempCloudAV0723232609_2348.csv
[2012/07/22 17:33:13 | 000,294,505 | ---- | C] () -- C:\Windows\TempCloudAV0722213307_1744.csv
[2012/07/22 03:00:17 | 000,298,573 | ---- | C] () -- C:\Windows\TempCloudAV0722070003_2280.csv
[2012/07/21 17:36:08 | 003,083,547 | ---- | C] () -- C:\Windows\TempCloudAV0721213554_1624.csv
[2012/07/19 22:24:40 | 011,300,090 | ---- | C] () -- C:\Windows\TempCloudAV0720022424_1844.csv
[2012/07/19 16:20:03 | 000,360,283 | ---- | C] () -- C:\Windows\TempCloudAV0719201948_1972.csv
[2012/07/18 20:53:00 | 000,477,767 | ---- | C] () -- C:\Windows\TempCloudAV0719005245_1936.csv
[2012/07/18 15:58:22 | 000,404,578 | ---- | C] () -- C:\Windows\TempCloudAV0718195805_2332.csv
[2012/07/17 23:30:47 | 000,000,221 | ---- | C] () -- C:\Users\Brandon\Desktop\Trine.url
[2012/07/17 18:20:12 | 012,050,312 | ---- | C] () -- C:\Windows\TempCloudAV0717221953_1700.csv
[2012/07/16 23:06:07 | 000,341,784 | ---- | C] () -- C:\Windows\TempCloudAV0717030553_1128.csv
[2012/07/15 23:16:56 | 000,000,221 | ---- | C] () -- C:\Users\Brandon\Desktop\Trine 2.url
[2012/07/15 21:12:00 | 000,324,969 | ---- | C] () -- C:\Windows\TempCloudAV0716011146_1896.csv
[2012/07/14 23:36:52 | 000,236,656 | ---- | C] () -- C:\Windows\TempCloudAV0715033638_1980.csv
[2012/07/14 19:54:31 | 000,247,371 | ---- | C] () -- C:\Windows\TempCloudAV0714235414_1668.csv
[2012/07/13 16:34:31 | 008,011,747 | ---- | C] () -- C:\Windows\TempCloudAV0713203416_1796.csv
[2012/07/08 14:29:27 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/08 14:29:24 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/08 14:29:23 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/04/05 11:36:51 | 000,657,416 | ---- | C] () -- C:\Users\Brandon\1a53ee94597d007c568875a57271fa69.png
[2012/04/01 19:38:10 | 000,230,256 | ---- | C] () -- C:\Users\Brandon\9DRVb.jpg
[2012/01/24 13:39:54 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2012/01/24 13:39:54 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2011/12/29 16:41:53 | 000,003,654 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\43oi0c56oh8
[2011/12/29 16:41:53 | 000,003,654 | -HS- | C] () -- C:\ProgramData\43oi0c56oh8
[2011/12/29 14:26:34 | 000,003,088 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\mlt066na4kvn54nx2a323q4npebpq2mr0xkfl
[2011/12/29 14:26:34 | 000,003,088 | -HS- | C] () -- C:\ProgramData\mlt066na4kvn54nx2a323q4npebpq2mr0xkfl
[2011/12/26 15:39:54 | 000,003,320 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\50nc5456n24wpwv40apjm20h41r31h6e
[2011/12/26 15:39:54 | 000,003,320 | -HS- | C] () -- C:\ProgramData\50nc5456n24wpwv40apjm20h41r31h6e
[2011/11/28 11:04:55 | 000,012,754 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\3f48tv1q66o284
[2011/11/28 11:04:55 | 000,012,754 | -HS- | C] () -- C:\ProgramData\3f48tv1q66o284
[2011/06/15 16:45:50 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/05/24 21:18:38 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/04/20 23:16:08 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/20 23:16:08 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/03/27 12:09:05 | 000,026,736 | ---- | C] () -- C:\Users\Brandon\New Rich Text Document.rtf
[2011/01/26 23:44:51 | 000,013,824 | ---- | C] () -- C:\Users\Brandon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/21 14:37:04 | 000,001,754 | ---- | C] () -- C:\Users\Brandon\Game list2.0.rtf
[2011/01/05 16:09:21 | 000,000,017 | ---- | C] () -- C:\Users\Brandon\AppData\Local\resmon.resmoncfg
[2010/10/21 00:27:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== Custom Scans ==========

< %TEMP%\smtmp\*.* /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:18 AM

Posted 11 August 2012 - 10:19 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:18 AM

Posted 14 August 2012 - 12:22 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 maxdragon

maxdragon
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 14 August 2012 - 06:45 PM

sorry i have been busy because of work

#8 maxdragon

maxdragon
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 14 August 2012 - 07:20 PM

ComboFix 12-08-14.05 - Brandon 08/14/2012 19:54:49.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2960 [GMT -4:00]
Running from: c:\users\Brandon\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\users\Brandon\AppData\Local\.#
c:\users\Brandon\Bob.exe
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 00:07 . 2011-03-10 22:05 57928 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2012-08-15 00:05 . 2012-08-15 00:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-15 00:05 . 2012-08-15 00:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-03 00:19 . 2012-07-06 02:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-01 04:31 . 2012-08-15 00:06 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-07-28 06:43 . 2012-07-28 06:43 -------- d-----w- c:\windows\SysWow64\Adobe
2012-07-22 19:41 . 2012-07-22 19:41 -------- d-----w- c:\users\Brandon\AppData\Local\Macromedia
2012-07-18 03:30 . 2012-07-18 03:30 -------- d-----w- c:\users\Brandon\AppData\Roaming\Trine2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 04:56 . 2012-03-31 02:10 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 04:56 . 2011-12-03 20:19 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 11:02 . 2012-07-13 11:02 130088 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2012-07-13 11:02 . 2012-07-13 11:02 205352 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2012-07-13 11:02 . 2012-07-13 11:02 123944 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2012-07-13 11:02 . 2012-07-13 11:02 167464 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2012-07-13 11:02 . 2012-07-13 11:02 119336 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2012-07-12 15:18 . 2012-07-12 15:18 219688 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
2012-07-08 19:38 . 2012-07-08 18:29 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-08 19:38 . 2012-07-08 19:38 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-08 19:38 . 2012-07-08 18:29 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-08 18:29 . 2012-07-08 18:29 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-07 04:13 . 2012-07-08 18:29 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-07-06 02:06 . 2011-01-15 04:09 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 17:46 . 2011-11-29 03:06 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 04:01 . 2010-10-20 18:26 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-06-29 04:01 . 2010-10-20 18:26 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-06-27 19:51 . 2012-06-27 19:51 105000 ----a-w- c:\windows\system32\drivers\NNStlsc.sys
2012-06-27 19:51 . 2012-06-27 19:51 112680 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys
2012-06-27 19:51 . 2012-06-27 19:51 109096 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
2012-06-27 19:51 . 2012-06-27 19:51 68648 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys
2012-06-27 19:51 . 2012-06-27 19:51 304680 ----a-w- c:\windows\system32\drivers\NNSProt.sys
2012-06-27 19:51 . 2012-06-27 19:51 116776 ----a-w- c:\windows\system32\drivers\NNSPop3.sys
2012-06-27 19:51 . 2012-06-27 19:51 93224 ----a-w- c:\windows\system32\drivers\NNSpicc.sys
2012-06-27 19:51 . 2012-06-27 19:51 33320 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys
2012-06-27 19:51 . 2012-06-27 19:51 113192 ----a-w- c:\windows\system32\drivers\NNSIds.sys
2012-06-27 19:51 . 2012-06-27 19:51 89128 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys
2012-06-27 19:51 . 2012-06-27 19:51 116776 ----a-w- c:\windows\system32\drivers\NNSHttp.sys
2012-06-20 15:28 . 2012-07-07 09:15 4145600 ----a-w- c:\windows\SysWow64\GameMon.des
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2012-03-15 21:02 86696 ----a-w- c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-03-15 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Brandon\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Spotify Web Helper"="c:\users\Brandon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-31 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-15 217256]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-29 296096]
"PSUAMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152]
"emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe" [2012-07-30 3408288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X]
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2012-06-27 33320]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2012-01-13 1675840]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-17 1255736]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2012-06-27 68648]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-04-30 44688]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2012-06-27 89128]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2012-06-27 116776]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2012-06-27 113192]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2012-06-27 93224]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2012-06-27 116776]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2012-06-27 304680]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2012-06-27 109096]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2012-06-27 112680]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2012-07-12 219688]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2012-06-27 105000]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2012-07-13 205352]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-07-30 3075920]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-07-13 140064]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-07-13 167464]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2012-07-13 119336]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2012-07-13 123944]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2012-07-13 130088]
S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-07-13 36640]
S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - PSKMAD
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 04:56]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3466096303-1108741516-2037161739-1000Core.job
- c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-31 21:41]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3466096303-1108741516-2037161739-1000UA.job
- c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-31 21:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>???????????????????e;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\ll0qk0i4.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-08-14 20:15:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-15 00:15
.
Pre-Run: 63,371,726,848 bytes free
Post-Run: 65,042,096,128 bytes free
.
- - End Of File - - 41E622C7C7B1C9EB0DFE5C2A11E068C2

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:18 AM

Posted 14 August 2012 - 07:42 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 maxdragon

maxdragon
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 14 August 2012 - 10:25 PM

23:15:49.0247 4212 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
23:15:49.0564 4212 ============================================================
23:15:49.0564 4212 Current date / time: 2012/08/14 23:15:49.0564
23:15:49.0564 4212 SystemInfo:
23:15:49.0564 4212
23:15:49.0564 4212 OS Version: 6.1.7601 ServicePack: 1.0
23:15:49.0564 4212 Product type: Workstation
23:15:49.0564 4212 ComputerName: BRANDON-PC
23:15:49.0564 4212 UserName: Brandon
23:15:49.0564 4212 Windows directory: C:\Windows
23:15:49.0564 4212 System windows directory: C:\Windows
23:15:49.0564 4212 Running under WOW64
23:15:49.0564 4212 Processor architecture: Intel x64
23:15:49.0564 4212 Number of processors: 2
23:15:49.0564 4212 Page size: 0x1000
23:15:49.0564 4212 Boot type: Normal boot
23:15:49.0564 4212 ============================================================
23:15:51.0187 4212 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:15:51.0207 4212 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:15:51.0211 4212 ============================================================
23:15:51.0211 4212 \Device\Harddisk0\DR0:
23:15:51.0212 4212 MBR partitions:
23:15:51.0212 4212 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
23:15:51.0212 4212 \Device\Harddisk1\DR1:
23:15:51.0212 4212 MBR partitions:
23:15:51.0212 4212 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
23:15:51.0212 4212 ============================================================
23:15:51.0223 4212 C: <-> \Device\Harddisk1\DR1\Partition1
23:15:53.0870 4212 E: <-> \Device\Harddisk0\DR0\Partition1
23:15:53.0870 4212 ============================================================
23:15:53.0870 4212 Initialize success
23:15:53.0870 4212 ============================================================
23:16:03.0694 4956 ============================================================
23:16:03.0694 4956 Scan started
23:16:03.0694 4956 Mode: Manual;
23:16:03.0694 4956 ============================================================
23:16:06.0568 4956 ================ Scan services =============================
23:16:06.0807 4956 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:16:06.0810 4956 1394ohci - ok
23:16:06.0915 4956 [ 2d6434e957f7cfa0035c20890f77bbc6 ] a2acc C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
23:16:06.0916 4956 a2acc - ok
23:16:07.0003 4956 [ 0d050186cf421131b43d00024bd9b8bb ] a2AntiMalware C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
23:16:07.0019 4956 a2AntiMalware - ok
23:16:07.0060 4956 [ 3044d0f3feb9ffe8bc953d8f34b5b504 ] A2DDA C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
23:16:07.0061 4956 A2DDA - ok
23:16:07.0080 4956 [ 3d55ce53128c81e06cd6b024c3b9fac3 ] a2injectiondriver C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys
23:16:07.0081 4956 a2injectiondriver - ok
23:16:07.0087 4956 [ e41d79682a209f72f4f578cfd4a53952 ] a2util C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys
23:16:07.0088 4956 a2util - ok
23:16:07.0133 4956 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:16:07.0138 4956 ACPI - ok
23:16:07.0172 4956 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:16:07.0174 4956 AcpiPmi - ok
23:16:07.0269 4956 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:16:07.0271 4956 AdobeFlashPlayerUpdateSvc - ok
23:16:07.0324 4956 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:16:07.0331 4956 adp94xx - ok
23:16:07.0355 4956 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:16:07.0361 4956 adpahci - ok
23:16:07.0386 4956 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:16:07.0390 4956 adpu320 - ok
23:16:07.0412 4956 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:16:07.0413 4956 AeLookupSvc - ok
23:16:07.0460 4956 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:16:07.0476 4956 AFD - ok
23:16:07.0510 4956 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:16:07.0512 4956 agp440 - ok
23:16:07.0715 4956 [ 29584f02a43e427c4227e3b1d9ff1b22 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
23:16:07.0715 4956 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
23:16:07.0726 4956 Akamai ( HiddenFile.Multi.Generic ) - warning
23:16:07.0726 4956 Akamai - detected HiddenFile.Multi.Generic (1)
23:16:07.0753 4956 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
23:16:07.0755 4956 ALG - ok
23:16:07.0793 4956 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:16:07.0794 4956 aliide - ok
23:16:07.0799 4956 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
23:16:07.0801 4956 amdide - ok
23:16:07.0827 4956 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:16:07.0829 4956 AmdK8 - ok
23:16:07.0843 4956 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:16:07.0845 4956 AmdPPM - ok
23:16:07.0876 4956 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:16:07.0879 4956 amdsata - ok
23:16:07.0908 4956 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:16:07.0912 4956 amdsbs - ok
23:16:07.0934 4956 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:16:07.0935 4956 amdxata - ok
23:16:07.0980 4956 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
23:16:07.0983 4956 AppID - ok
23:16:08.0005 4956 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:16:08.0007 4956 AppIDSvc - ok
23:16:08.0037 4956 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:16:08.0038 4956 Appinfo - ok
23:16:08.0068 4956 [ 4aba3e75a76195a3e38ed2766c962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
23:16:08.0072 4956 AppMgmt - ok
23:16:08.0130 4956 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
23:16:08.0132 4956 arc - ok
23:16:08.0165 4956 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:16:08.0168 4956 arcsas - ok
23:16:08.0265 4956 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:16:08.0267 4956 aspnet_state - ok
23:16:08.0291 4956 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:16:08.0291 4956 AsyncMac - ok
23:16:08.0329 4956 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
23:16:08.0331 4956 atapi - ok
23:16:08.0382 4956 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:16:08.0409 4956 AudioEndpointBuilder - ok
23:16:08.0440 4956 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:16:08.0445 4956 AudioSrv - ok
23:16:08.0495 4956 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:16:08.0498 4956 AxInstSV - ok
23:16:08.0544 4956 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:16:08.0551 4956 b06bdrv - ok
23:16:08.0587 4956 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:16:08.0592 4956 b57nd60a - ok
23:16:08.0674 4956 [ fb4fda64f2e8552eaeb5986c3f34462c ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
23:16:08.0734 4956 BCM43XX - ok
23:16:08.0777 4956 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:16:08.0780 4956 BDESVC - ok
23:16:08.0799 4956 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:16:08.0800 4956 Beep - ok
23:16:08.0856 4956 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
23:16:08.0906 4956 BFE - ok
23:16:08.0950 4956 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\system32\qmgr.dll
23:16:08.0974 4956 BITS - ok
23:16:09.0003 4956 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:16:09.0005 4956 blbdrive - ok
23:16:09.0044 4956 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:16:09.0046 4956 bowser - ok
23:16:09.0060 4956 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:16:09.0061 4956 BrFiltLo - ok
23:16:09.0079 4956 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:16:09.0080 4956 BrFiltUp - ok
23:16:09.0126 4956 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
23:16:09.0128 4956 BridgeMP - ok
23:16:09.0160 4956 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll
23:16:09.0163 4956 Browser - ok
23:16:09.0183 4956 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:16:09.0189 4956 Brserid - ok
23:16:09.0199 4956 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:16:09.0201 4956 BrSerWdm - ok
23:16:09.0212 4956 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:16:09.0214 4956 BrUsbMdm - ok
23:16:09.0225 4956 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:16:09.0227 4956 BrUsbSer - ok
23:16:09.0233 4956 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:16:09.0236 4956 BTHMODEM - ok
23:16:09.0264 4956 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
23:16:09.0267 4956 bthserv - ok
23:16:09.0288 4956 catchme - ok
23:16:09.0306 4956 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:16:09.0309 4956 cdfs - ok
23:16:09.0354 4956 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
23:16:09.0357 4956 cdrom - ok
23:16:09.0402 4956 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
23:16:09.0405 4956 CertPropSvc - ok
23:16:09.0432 4956 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:16:09.0434 4956 circlass - ok
23:16:09.0468 4956 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
23:16:09.0473 4956 CLFS - ok
23:16:09.0516 4956 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:16:09.0520 4956 clr_optimization_v2.0.50727_32 - ok
23:16:09.0556 4956 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:16:09.0559 4956 clr_optimization_v2.0.50727_64 - ok
23:16:09.0624 4956 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:16:09.0626 4956 clr_optimization_v4.0.30319_32 - ok
23:16:09.0642 4956 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:16:09.0645 4956 clr_optimization_v4.0.30319_64 - ok
23:16:09.0670 4956 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:16:09.0671 4956 CmBatt - ok
23:16:09.0702 4956 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:16:09.0703 4956 cmdide - ok
23:16:09.0740 4956 [ c4943b6c962e4b82197542447ad599f4 ] CNG C:\Windows\system32\Drivers\cng.sys
23:16:09.0757 4956 CNG - ok
23:16:09.0772 4956 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:16:09.0773 4956 Compbatt - ok
23:16:09.0814 4956 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:16:09.0815 4956 CompositeBus - ok
23:16:09.0825 4956 COMSysApp - ok
23:16:09.0841 4956 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:16:09.0842 4956 crcdisk - ok
23:16:09.0875 4956 [ 15597883fbe9b056f276ada3ad87d9af ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:16:09.0878 4956 CryptSvc - ok
23:16:09.0912 4956 [ 54da3dfd29ed9f1619b6f53f3ce55e49 ] CSC C:\Windows\system32\drivers\csc.sys
23:16:09.0929 4956 CSC - ok
23:16:09.0962 4956 [ 3ab183ab4d2c79dcf459cd2c1266b043 ] CscService C:\Windows\System32\cscsvc.dll
23:16:09.0979 4956 CscService - ok
23:16:10.0016 4956 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:16:10.0033 4956 DcomLaunch - ok
23:16:10.0061 4956 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
23:16:10.0065 4956 defragsvc - ok
23:16:10.0116 4956 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:16:10.0118 4956 DfsC - ok
23:16:10.0147 4956 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
23:16:10.0153 4956 Dhcp - ok
23:16:10.0177 4956 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
23:16:10.0179 4956 discache - ok
23:16:10.0199 4956 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:16:10.0201 4956 Disk - ok
23:16:10.0229 4956 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:16:10.0232 4956 Dnscache - ok
23:16:10.0318 4956 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:16:10.0343 4956 dot3svc - ok
23:16:10.0386 4956 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
23:16:10.0389 4956 DPS - ok
23:16:10.0512 4956 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:16:10.0513 4956 drmkaud - ok
23:16:10.0554 4956 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:16:10.0596 4956 DXGKrnl - ok
23:16:10.0645 4956 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:16:10.0647 4956 EapHost - ok
23:16:10.0741 4956 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:16:10.0825 4956 ebdrv - ok
23:16:10.0871 4956 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
23:16:10.0873 4956 EFS - ok
23:16:10.0909 4956 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:16:10.0919 4956 ehRecvr - ok
23:16:10.0946 4956 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
23:16:10.0949 4956 ehSched - ok
23:16:10.0981 4956 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:16:10.0989 4956 elxstor - ok
23:16:11.0014 4956 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:16:11.0015 4956 ErrDev - ok
23:16:11.0057 4956 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
23:16:11.0064 4956 EventSystem - ok
23:16:11.0084 4956 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
23:16:11.0088 4956 exfat - ok
23:16:11.0106 4956 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:16:11.0110 4956 fastfat - ok
23:16:11.0171 4956 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
23:16:11.0190 4956 Fax - ok
23:16:11.0218 4956 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:16:11.0220 4956 fdc - ok
23:16:11.0245 4956 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:16:11.0247 4956 fdPHost - ok
23:16:11.0263 4956 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:16:11.0266 4956 FDResPub - ok
23:16:11.0283 4956 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:16:11.0285 4956 FileInfo - ok
23:16:11.0301 4956 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:16:11.0303 4956 Filetrace - ok
23:16:11.0324 4956 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:16:11.0325 4956 flpydisk - ok
23:16:11.0364 4956 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:16:11.0369 4956 FltMgr - ok
23:16:11.0410 4956 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
23:16:11.0436 4956 FontCache - ok
23:16:11.0477 4956 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:16:11.0479 4956 FontCache3.0.0.0 - ok
23:16:11.0496 4956 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:16:11.0498 4956 FsDepends - ok
23:16:11.0510 4956 [ e95ef8547de20cf0603557c0cf7a9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:16:11.0512 4956 Fs_Rec - ok
23:16:11.0554 4956 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:16:11.0558 4956 fvevol - ok
23:16:11.0576 4956 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:16:11.0578 4956 gagp30kx - ok
23:16:11.0627 4956 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
23:16:11.0654 4956 gpsvc - ok
23:16:11.0677 4956 [ 1e6438d4ea6e1174a3b3b1edc4de660b ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
23:16:11.0699 4956 hamachi - ok
23:16:11.0714 4956 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:16:11.0716 4956 hcw85cir - ok
23:16:11.0757 4956 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:16:11.0763 4956 HdAudAddService - ok
23:16:11.0809 4956 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:16:11.0811 4956 HDAudBus - ok
23:16:11.0829 4956 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:16:11.0830 4956 HidBatt - ok
23:16:11.0845 4956 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:16:11.0848 4956 HidBth - ok
23:16:11.0860 4956 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:16:11.0862 4956 HidIr - ok
23:16:11.0879 4956 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
23:16:11.0881 4956 hidserv - ok
23:16:11.0914 4956 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:16:11.0916 4956 HidUsb - ok
23:16:11.0944 4956 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:16:11.0948 4956 hkmsvc - ok
23:16:11.0983 4956 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:16:11.0988 4956 HomeGroupListener - ok
23:16:12.0019 4956 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:16:12.0022 4956 HomeGroupProvider - ok
23:16:12.0049 4956 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:16:12.0052 4956 HpSAMD - ok
23:16:12.0105 4956 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:16:12.0123 4956 HTTP - ok
23:16:12.0148 4956 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:16:12.0150 4956 hwpolicy - ok
23:16:12.0210 4956 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:16:12.0213 4956 i8042prt - ok
23:16:12.0249 4956 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:16:12.0256 4956 iaStorV - ok
23:16:12.0300 4956 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:16:12.0334 4956 idsvc - ok
23:16:12.0374 4956 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:16:12.0376 4956 iirsp - ok
23:16:12.0426 4956 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
23:16:12.0461 4956 IKEEXT - ok
23:16:12.0494 4956 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
23:16:12.0496 4956 intelide - ok
23:16:12.0516 4956 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:16:12.0518 4956 intelppm - ok
23:16:12.0553 4956 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:16:12.0556 4956 IPBusEnum - ok
23:16:12.0607 4956 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:16:12.0609 4956 IpFilterDriver - ok
23:16:12.0642 4956 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:16:12.0651 4956 iphlpsvc - ok
23:16:12.0674 4956 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:16:12.0676 4956 IPMIDRV - ok
23:16:12.0710 4956 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:16:12.0713 4956 IPNAT - ok
23:16:12.0734 4956 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:16:12.0736 4956 IRENUM - ok
23:16:12.0769 4956 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:16:12.0771 4956 isapnp - ok
23:16:12.0800 4956 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:16:12.0805 4956 iScsiPrt - ok
23:16:12.0836 4956 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:16:12.0838 4956 kbdclass - ok
23:16:12.0880 4956 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:16:12.0881 4956 kbdhid - ok
23:16:12.0895 4956 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
23:16:12.0896 4956 KeyIso - ok
23:16:12.0925 4956 [ da1e991a61cfdd755a589e206b97644b ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:16:12.0927 4956 KSecDD - ok
23:16:12.0939 4956 [ 7e33198d956943a4f11a5474c1e9106f ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:16:12.0942 4956 KSecPkg - ok
23:16:12.0968 4956 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:16:12.0970 4956 ksthunk - ok
23:16:12.0995 4956 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
23:16:13.0001 4956 KtmRm - ok
23:16:13.0042 4956 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll
23:16:13.0048 4956 LanmanServer - ok
23:16:13.0089 4956 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:16:13.0093 4956 LanmanWorkstation - ok
23:16:13.0110 4956 Lbd - ok
23:16:13.0132 4956 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:16:13.0134 4956 lltdio - ok
23:16:13.0165 4956 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:16:13.0170 4956 lltdsvc - ok
23:16:13.0183 4956 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:16:13.0185 4956 lmhosts - ok
23:16:13.0221 4956 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:16:13.0224 4956 LSI_FC - ok
23:16:13.0250 4956 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:16:13.0253 4956 LSI_SAS - ok
23:16:13.0279 4956 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:16:13.0281 4956 LSI_SAS2 - ok
23:16:13.0288 4956 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:16:13.0290 4956 LSI_SCSI - ok
23:16:13.0314 4956 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
23:16:13.0317 4956 luafv - ok
23:16:13.0348 4956 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:16:13.0351 4956 Mcx2Svc - ok
23:16:13.0366 4956 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:16:13.0368 4956 megasas - ok
23:16:13.0389 4956 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:16:13.0394 4956 MegaSR - ok
23:16:13.0422 4956 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
23:16:13.0424 4956 MMCSS - ok
23:16:13.0437 4956 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:16:13.0439 4956 Modem - ok
23:16:13.0459 4956 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:16:13.0460 4956 monitor - ok
23:16:13.0489 4956 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:16:13.0491 4956 mouclass - ok
23:16:13.0519 4956 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:16:13.0521 4956 mouhid - ok
23:16:13.0551 4956 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:16:13.0554 4956 mountmgr - ok
23:16:13.0580 4956 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:16:13.0583 4956 mpio - ok
23:16:13.0599 4956 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:16:13.0601 4956 mpsdrv - ok
23:16:13.0641 4956 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:16:13.0658 4956 MpsSvc - ok
23:16:13.0692 4956 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:16:13.0694 4956 MRxDAV - ok
23:16:13.0723 4956 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:16:13.0727 4956 mrxsmb - ok
23:16:13.0759 4956 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:16:13.0764 4956 mrxsmb10 - ok
23:16:13.0774 4956 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:16:13.0777 4956 mrxsmb20 - ok
23:16:13.0813 4956 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:16:13.0814 4956 msahci - ok
23:16:13.0840 4956 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:16:13.0843 4956 msdsm - ok
23:16:13.0861 4956 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
23:16:13.0865 4956 MSDTC - ok
23:16:13.0897 4956 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:16:13.0898 4956 Msfs - ok
23:16:13.0911 4956 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:16:13.0912 4956 mshidkmdf - ok
23:16:13.0938 4956 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:16:13.0939 4956 msisadrv - ok
23:16:13.0970 4956 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:16:13.0973 4956 MSiSCSI - ok
23:16:13.0978 4956 msiserver - ok
23:16:13.0998 4956 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:16:13.0999 4956 MSKSSRV - ok
23:16:14.0005 4956 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:16:14.0006 4956 MSPCLOCK - ok
23:16:14.0020 4956 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:16:14.0022 4956 MSPQM - ok
23:16:14.0056 4956 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:16:14.0061 4956 MsRPC - ok
23:16:14.0090 4956 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:16:14.0092 4956 mssmbios - ok
23:16:14.0108 4956 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:16:14.0110 4956 MSTEE - ok
23:16:14.0126 4956 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:16:14.0128 4956 MTConfig - ok
23:16:14.0154 4956 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:16:14.0156 4956 Mup - ok
23:16:14.0224 4956 [ 07b2740cf3294b98380b9e1bf8ab05b8 ] NanoServiceMain C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
23:16:14.0226 4956 NanoServiceMain - ok
23:16:14.0275 4956 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
23:16:14.0283 4956 napagent - ok
23:16:14.0326 4956 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:16:14.0331 4956 NativeWifiP - ok
23:16:14.0376 4956 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys
23:16:14.0426 4956 NDIS - ok
23:16:14.0460 4956 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:16:14.0462 4956 NdisCap - ok
23:16:14.0491 4956 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:16:14.0493 4956 NdisTapi - ok
23:16:14.0519 4956 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:16:14.0521 4956 Ndisuio - ok
23:16:14.0544 4956 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:16:14.0547 4956 NdisWan - ok
23:16:14.0578 4956 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:16:14.0580 4956 NDProxy - ok
23:16:14.0612 4956 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:16:14.0614 4956 NetBIOS - ok
23:16:14.0638 4956 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:16:14.0642 4956 NetBT - ok
23:16:14.0661 4956 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
23:16:14.0662 4956 Netlogon - ok
23:16:14.0696 4956 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
23:16:14.0703 4956 Netman - ok
23:16:14.0737 4956 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:16:14.0741 4956 NetMsmqActivator - ok
23:16:14.0754 4956 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:16:14.0755 4956 NetPipeActivator - ok
23:16:14.0777 4956 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
23:16:14.0784 4956 netprofm - ok
23:16:14.0861 4956 [ b330ce846d1c672f640d3b3647cef86d ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
23:16:14.0904 4956 netr28ux - ok
23:16:14.0921 4956 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:16:14.0922 4956 NetTcpActivator - ok
23:16:14.0929 4956 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:16:14.0930 4956 NetTcpPortSharing - ok
23:16:14.0957 4956 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:16:14.0959 4956 nfrd960 - ok
23:16:15.0002 4956 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:16:15.0007 4956 NlaSvc - ok
23:16:15.0043 4956 [ a82f339386766c585c3cf0c10aa9a002 ] NNSALPC C:\Windows\system32\DRIVERS\NNSAlpc.sys
23:16:15.0045 4956 NNSALPC - ok
23:16:15.0076 4956 [ 2a0c5d3890fc56254cbfa8d2a2dfa62c ] NNSHTTP C:\Windows\system32\DRIVERS\NNSHttp.sys
23:16:15.0079 4956 NNSHTTP - ok
23:16:15.0095 4956 [ 27f12ce54a0319527e599acd193b86f5 ] NNSIDS C:\Windows\system32\DRIVERS\NNSIds.sys
23:16:15.0098 4956 NNSIDS - ok
23:16:15.0126 4956 [ 02d6c70d0ca4040c81698a2014019e0a ] NNSNAHSL C:\Windows\system32\DRIVERS\NNSNAHSL.sys
23:16:15.0128 4956 NNSNAHSL - ok
23:16:15.0158 4956 [ 488a615dda26640fbeac945678208e23 ] NNSPICC C:\Windows\system32\DRIVERS\NNSPicc.sys
23:16:15.0161 4956 NNSPICC - ok
23:16:15.0204 4956 [ 7a07299fb6bce5f563b852fe930b5311 ] NNSPIHSW C:\Windows\system32\DRIVERS\NNSPihsw.sys
23:16:15.0207 4956 NNSPIHSW - ok
23:16:15.0232 4956 [ 643fe52ea4c41e806b6906cf0c786d24 ] NNSPOP3 C:\Windows\system32\DRIVERS\NNSPop3.sys
23:16:15.0235 4956 NNSPOP3 - ok
23:16:15.0255 4956 [ a5dfd37b6e05e976dd70df5d202c9bca ] NNSPROT C:\Windows\system32\DRIVERS\NNSProt.sys
23:16:15.0260 4956 NNSPROT - ok
23:16:15.0282 4956 [ a0c7a228d06b1e9fc5ab4ac7b50fe612 ] NNSPRV C:\Windows\system32\DRIVERS\NNSPrv.sys
23:16:15.0284 4956 NNSPRV - ok
23:16:15.0300 4956 [ f41b212f242b02ae54317e073cc9d02e ] NNSSMTP C:\Windows\system32\DRIVERS\NNSSmtp.sys
23:16:15.0303 4956 NNSSMTP - ok
23:16:15.0322 4956 [ b6d8243e45687b3791cbdabbe2697699 ] NNSSTRM C:\Windows\system32\DRIVERS\NNSStrm.sys
23:16:15.0326 4956 NNSSTRM - ok
23:16:15.0346 4956 [ 1257c0fb4765b6d33f9eaea326995aba ] NNSTLSC C:\Windows\system32\DRIVERS\NNSTlsc.sys
23:16:15.0349 4956 NNSTLSC - ok
23:16:15.0381 4956 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:16:15.0382 4956 Npfs - ok
23:16:15.0403 4956 npggsvc - ok
23:16:15.0422 4956 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:16:15.0424 4956 nsi - ok
23:16:15.0438 4956 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:16:15.0439 4956 nsiproxy - ok
23:16:15.0490 4956 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:16:15.0524 4956 Ntfs - ok
23:16:15.0540 4956 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
23:16:15.0542 4956 Null - ok
23:16:15.0578 4956 [ a85b4f2ef3a7304a5399ef0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
23:16:15.0585 4956 NVENETFD - ok
23:16:15.0834 4956 [ b34e9bfbd9c61048ef6281c3e7ec210a ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:16:16.0057 4956 nvlddmkm - ok
23:16:16.0096 4956 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:16:16.0099 4956 nvraid - ok
23:16:16.0114 4956 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:16:16.0115 4956 nvstor - ok
23:16:16.0161 4956 [ dfda089bb2cd0ff7e789e2ef6ba1e4ba ] nvsvc C:\Windows\system32\nvvsvc.exe
23:16:16.0186 4956 nvsvc - ok
23:16:16.0325 4956 [ e7818cd4fb51284c948d68a7a85a69b8 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
23:16:16.0352 4956 nvUpdatusService - ok
23:16:16.0377 4956 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:16:16.0380 4956 nv_agp - ok
23:16:16.0431 4956 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:16:16.0433 4956 ohci1394 - ok
23:16:16.0486 4956 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:16:16.0491 4956 p2pimsvc - ok
23:16:16.0513 4956 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:16:16.0520 4956 p2psvc - ok
23:16:16.0543 4956 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:16:16.0545 4956 Parport - ok
23:16:16.0567 4956 [ 871eadac56b0a4c6512bbe32753ccf79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:16:16.0569 4956 partmgr - ok
23:16:16.0580 4956 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:16:16.0584 4956 PcaSvc - ok
23:16:16.0613 4956 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
23:16:16.0617 4956 pci - ok
23:16:16.0652 4956 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
23:16:16.0654 4956 pciide - ok
23:16:16.0671 4956 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:16:16.0676 4956 pcmcia - ok
23:16:16.0695 4956 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:16:16.0697 4956 pcw - ok
23:16:16.0747 4956 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:16:16.0789 4956 PEAUTH - ok
23:16:16.0921 4956 [ b9b0a4299dd2d76a4243f75fd54dc680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:16:16.0947 4956 PeerDistSvc - ok
23:16:17.0006 4956 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:16:17.0008 4956 PerfHost - ok
23:16:17.0067 4956 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
23:16:17.0101 4956 pla - ok
23:16:17.0150 4956 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:16:17.0158 4956 PlugPlay - ok
23:16:17.0185 4956 PnkBstrA - ok
23:16:17.0203 4956 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:16:17.0206 4956 PNRPAutoReg - ok
23:16:17.0227 4956 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:16:17.0230 4956 PNRPsvc - ok
23:16:17.0264 4956 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:16:17.0273 4956 PolicyAgent - ok
23:16:17.0304 4956 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
23:16:17.0308 4956 Power - ok
23:16:17.0343 4956 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:16:17.0346 4956 PptpMiniport - ok
23:16:17.0363 4956 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:16:17.0366 4956 Processor - ok
23:16:17.0388 4956 [ 5c78838b4d166d1a27db3a8a820c799a ] ProfSvc C:\Windows\system32\profsvc.dll
23:16:17.0392 4956 ProfSvc - ok
23:16:17.0401 4956 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:16:17.0402 4956 ProtectedStorage - ok
23:16:17.0442 4956 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:16:17.0444 4956 Psched - ok
23:16:17.0474 4956 [ 943eca8a96d9f36eb3af1f012216adeb ] PSINAflt C:\Windows\system32\DRIVERS\PSINAflt.sys
23:16:17.0477 4956 PSINAflt - ok
23:16:17.0493 4956 [ cd5869d68e270c128ae6d871fe2de761 ] PSINFile C:\Windows\system32\DRIVERS\PSINFile.sys
23:16:17.0496 4956 PSINFile - ok
23:16:17.0552 4956 [ 455a23dedcce1d381887603b6f27f322 ] PSINKNC C:\Windows\system32\DRIVERS\psinknc.sys
23:16:17.0561 4956 PSINKNC - ok
23:16:17.0578 4956 [ 3baa93657716ba8fc253bebd683a328c ] PSINProc C:\Windows\system32\DRIVERS\PSINProc.sys
23:16:17.0581 4956 PSINProc - ok
23:16:17.0588 4956 [ 5f1894391ef5ae210fbcca90abc66437 ] PSINProt C:\Windows\system32\DRIVERS\PSINProt.sys
23:16:17.0592 4956 PSINProt - ok
23:16:17.0641 4956 [ e437c22dd66ba8f763f01d02c9713f8d ] PSKMAD C:\Windows\system32\DRIVERS\PSKMAD.sys
23:16:17.0643 4956 PSKMAD - ok
23:16:17.0675 4956 [ 98a9d3236c6301503571de79b86e8538 ] PSUAService C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
23:16:17.0677 4956 PSUAService - ok
23:16:17.0730 4956 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:16:17.0763 4956 ql2300 - ok
23:16:17.0777 4956 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:16:17.0780 4956 ql40xx - ok
23:16:17.0811 4956 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
23:16:17.0816 4956 QWAVE - ok
23:16:17.0834 4956 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:16:17.0836 4956 QWAVEdrv - ok
23:16:17.0853 4956 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:16:17.0854 4956 RasAcd - ok
23:16:17.0887 4956 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:16:17.0889 4956 RasAgileVpn - ok
23:16:17.0904 4956 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
23:16:17.0907 4956 RasAuto - ok
23:16:17.0941 4956 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:16:17.0945 4956 Rasl2tp - ok
23:16:17.0963 4956 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
23:16:17.0970 4956 RasMan - ok
23:16:17.0990 4956 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:16:17.0993 4956 RasPppoe - ok
23:16:18.0014 4956 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:16:18.0016 4956 RasSstp - ok
23:16:18.0049 4956 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:16:18.0054 4956 rdbss - ok
23:16:18.0072 4956 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:16:18.0073 4956 rdpbus - ok
23:16:18.0088 4956 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:16:18.0089 4956 RDPCDD - ok
23:16:18.0121 4956 [ 1b6163c503398b23ff8b939c67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:16:18.0124 4956 RDPDR - ok
23:16:18.0137 4956 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:16:18.0139 4956 RDPENCDD - ok
23:16:18.0158 4956 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:16:18.0159 4956 RDPREFMP - ok
23:16:18.0206 4956 [ 70cba1a0c98600a2aa1863479b35cb90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:16:18.0208 4956 RdpVideoMiniport - ok
23:16:18.0237 4956 [ 6d76e6433574b058adcb0c50df834492 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:16:18.0241 4956 RDPWD - ok
23:16:18.0267 4956 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:16:18.0271 4956 rdyboost - ok
23:16:18.0292 4956 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:16:18.0296 4956 RemoteAccess - ok
23:16:18.0321 4956 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:16:18.0325 4956 RemoteRegistry - ok
23:16:18.0355 4956 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:16:18.0357 4956 RpcEptMapper - ok
23:16:18.0371 4956 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
23:16:18.0373 4956 RpcLocator - ok
23:16:18.0412 4956 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\System32\rpcss.dll
23:16:18.0416 4956 RpcSs - ok
23:16:18.0445 4956 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:16:18.0447 4956 rspndr - ok
23:16:18.0479 4956 [ e60c0a09f997826c7627b244195ab581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:16:18.0480 4956 s3cap - ok
23:16:18.0492 4956 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
23:16:18.0493 4956 SamSs - ok
23:16:18.0522 4956 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:16:18.0525 4956 sbp2port - ok
23:16:18.0543 4956 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:16:18.0547 4956 SCardSvr - ok
23:16:18.0579 4956 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:16:18.0581 4956 scfilter - ok
23:16:18.0636 4956 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
23:16:18.0671 4956 Schedule - ok
23:16:18.0706 4956 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
23:16:18.0707 4956 SCPolicySvc - ok
23:16:18.0739 4956 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:16:18.0743 4956 SDRSVC - ok
23:16:18.0765 4956 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:16:18.0767 4956 secdrv - ok
23:16:18.0773 4956 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
23:16:18.0775 4956 seclogon - ok
23:16:18.0800 4956 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll
23:16:18.0802 4956 SENS - ok
23:16:18.0817 4956 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:16:18.0820 4956 SensrSvc - ok
23:16:18.0847 4956 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:16:18.0848 4956 Serenum - ok
23:16:18.0873 4956 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:16:18.0875 4956 Serial - ok
23:16:18.0909 4956 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:16:18.0911 4956 sermouse - ok
23:16:18.0940 4956 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:16:18.0944 4956 SessionEnv - ok
23:16:18.0967 4956 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:16:18.0969 4956 sffdisk - ok
23:16:18.0990 4956 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:16:18.0991 4956 sffp_mmc - ok
23:16:18.0999 4956 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:16:19.0000 4956 sffp_sd - ok
23:16:19.0024 4956 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:16:19.0025 4956 sfloppy - ok
23:16:19.0070 4956 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:16:19.0076 4956 SharedAccess - ok
23:16:19.0117 4956 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:16:19.0122 4956 ShellHWDetection - ok
23:16:19.0136 4956 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:16:19.0138 4956 SiSRaid2 - ok
23:16:19.0150 4956 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:16:19.0153 4956 SiSRaid4 - ok
23:16:19.0205 4956 [ 579ba0a911ff5ea70cb604cd3b744b0a ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
23:16:19.0208 4956 SkypeUpdate - ok
23:16:19.0227 4956 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:16:19.0230 4956 Smb - ok
23:16:19.0259 4956 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:16:19.0262 4956 SNMPTRAP - ok
23:16:19.0276 4956 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:16:19.0278 4956 spldr - ok
23:16:19.0319 4956 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe
23:16:19.0336 4956 Spooler - ok
23:16:19.0417 4956 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
23:16:19.0478 4956 sppsvc - ok
23:16:19.0507 4956 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:16:19.0510 4956 sppuinotify - ok
23:16:19.0548 4956 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
23:16:19.0565 4956 srv - ok
23:16:19.0583 4956 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:16:19.0590 4956 srv2 - ok
23:16:19.0604 4956 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:16:19.0607 4956 srvnet - ok
23:16:19.0631 4956 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:16:19.0636 4956 SSDPSRV - ok
23:16:19.0651 4956 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:16:19.0654 4956 SstpSvc - ok
23:16:19.0698 4956 Steam Client Service - ok
23:16:19.0712 4956 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:16:19.0714 4956 stexstor - ok
23:16:19.0764 4956 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
23:16:19.0782 4956 stisvc - ok
23:16:19.0815 4956 [ 7785dc213270d2fc066538daf94087e7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:16:19.0817 4956 storflt - ok
23:16:19.0845 4956 [ d34e4943d5ac096c8edeebfd80d76e23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:16:19.0846 4956 storvsc - ok
23:16:19.0870 4956 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
23:16:19.0871 4956 swenum - ok
23:16:19.0900 4956 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
23:16:19.0916 4956 swprv - ok
23:16:19.0939 4956 Synth3dVsc - ok
23:16:19.0996 4956 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
23:16:20.0030 4956 SysMain - ok
23:16:20.0060 4956 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:16:20.0063 4956 TabletInputService - ok
23:16:20.0083 4956 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:16:20.0090 4956 TapiSrv - ok
23:16:20.0121 4956 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
23:16:20.0124 4956 TBS - ok
23:16:20.0194 4956 [ fc62769e7bff2896035aeed399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:16:20.0229 4956 Tcpip - ok
23:16:20.0277 4956 [ fc62769e7bff2896035aeed399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:16:20.0287 4956 TCPIP6 - ok
23:16:20.0318 4956 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:16:20.0320 4956 tcpipreg - ok
23:16:20.0338 4956 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:16:20.0339 4956 TDPIPE - ok
23:16:20.0373 4956 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:16:20.0375 4956 TDTCP - ok
23:16:20.0411 4956 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:16:20.0414 4956 tdx - ok
23:16:20.0446 4956 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:16:20.0448 4956 TermDD - ok
23:16:20.0495 4956 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
23:16:20.0514 4956 TermService - ok
23:16:20.0535 4956 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
23:16:20.0538 4956 Themes - ok
23:16:20.0560 4956 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
23:16:20.0561 4956 THREADORDER - ok
23:16:20.0573 4956 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
23:16:20.0576 4956 TrkWks - ok
23:16:20.0623 4956 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:16:20.0626 4956 TrustedInstaller - ok
23:16:20.0661 4956 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:16:20.0663 4956 tssecsrv - ok
23:16:20.0706 4956 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:16:20.0708 4956 TsUsbFlt - ok
23:16:20.0726 4956 tsusbhub - ok
23:16:20.0769 4956 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:16:20.0772 4956 tunnel - ok
23:16:20.0793 4956 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:16:20.0795 4956 uagp35 - ok
23:16:20.0824 4956 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:16:20.0830 4956 udfs - ok
23:16:20.0866 4956 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:16:20.0869 4956 UI0Detect - ok
23:16:20.0895 4956 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:16:20.0898 4956 uliagpkx - ok
23:16:20.0930 4956 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\drivers\umbus.sys
23:16:20.0932 4956 umbus - ok
23:16:20.0961 4956 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:16:20.0963 4956 UmPass - ok
23:16:20.0995 4956 [ a293dcd756d04d8492a750d03b9a297c ] UmRdpService C:\Windows\System32\umrdp.dll
23:16:21.0000 4956 UmRdpService - ok
23:16:21.0025 4956 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
23:16:21.0031 4956 upnphost - ok
23:16:21.0066 4956 [ aa33fc47ed58c34e6e9261e4f850b7eb ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
23:16:21.0068 4956 USBAAPL64 - ok
23:16:21.0110 4956 [ 82e8f44688e6fac57b5b7c6fc7adbc2a ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:16:21.0112 4956 usbaudio - ok
23:16:21.0130 4956 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:16:21.0132 4956 usbccgp - ok
23:16:21.0157 4956 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:16:21.0160 4956 usbcir - ok
23:16:21.0181 4956 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:16:21.0183 4956 usbehci - ok
23:16:21.0213 4956 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:16:21.0219 4956 usbhub - ok
23:16:21.0232 4956 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:16:21.0234 4956 usbohci - ok
23:16:21.0260 4956 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:16:21.0261 4956 usbprint - ok
23:16:21.0294 4956 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
23:16:21.0297 4956 USBSTOR - ok
23:16:21.0314 4956 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:16:21.0315 4956 usbuhci - ok
23:16:21.0338 4956 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
23:16:21.0341 4956 UxSms - ok
23:16:21.0349 4956 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
23:16:21.0350 4956 VaultSvc - ok
23:16:21.0379 4956 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:16:21.0380 4956 vdrvroot - ok
23:16:21.0417 4956 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
23:16:21.0434 4956 vds - ok
23:16:21.0461 4956 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:16:21.0463 4956 vga - ok
23:16:21.0478 4956 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
23:16:21.0479 4956 VgaSave - ok
23:16:21.0496 4956 VGPU - ok
23:16:21.0526 4956 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:16:21.0531 4956 vhdmp - ok
23:16:21.0558 4956 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:16:21.0560 4956 viaide - ok
23:16:21.0595 4956 [ 86ea3e79ae350fea5331a1303054005f ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:16:21.0599 4956 vmbus - ok
23:16:21.0615 4956 [ 7de90b48f210d29649380545db45a187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:16:21.0616 4956 VMBusHID - ok
23:16:21.0644 4956 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:16:21.0646 4956 volmgr - ok
23:16:21.0686 4956 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:16:21.0692 4956 volmgrx - ok
23:16:21.0724 4956 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:16:21.0729 4956 volsnap - ok
23:16:21.0755 4956 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:16:21.0759 4956 vsmraid - ok
23:16:21.0823 4956 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
23:16:21.0851 4956 VSS - ok
23:16:21.0867 4956 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:16:21.0869 4956 vwifibus - ok
23:16:21.0887 4956 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:16:21.0890 4956 vwififlt - ok
23:16:21.0934 4956 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
23:16:21.0952 4956 W32Time - ok
23:16:21.0964 4956 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:16:21.0966 4956 WacomPen - ok
23:16:22.0006 4956 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:16:22.0009 4956 WANARP - ok
23:16:22.0013 4956 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:16:22.0015 4956 Wanarpv6 - ok
23:16:22.0086 4956 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:16:22.0119 4956 WatAdminSvc - ok
23:16:22.0192 4956 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
23:16:22.0235 4956 wbengine - ok
23:16:22.0269 4956 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:16:22.0274 4956 WbioSrvc - ok
23:16:22.0304 4956 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:16:22.0311 4956 wcncsvc - ok
23:16:22.0326 4956 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:16:22.0329 4956 WcsPlugInService - ok
23:16:22.0349 4956 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:16:22.0350 4956 Wd - ok
23:16:22.0376 4956 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:16:22.0393 4956 Wdf01000 - ok
23:16:22.0410 4956 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:16:22.0412 4956 WdiServiceHost - ok
23:16:22.0418 4956 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:16:22.0421 4956 WdiSystemHost - ok
23:16:22.0454 4956 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:16:22.0461 4956 WebClient - ok
23:16:22.0483 4956 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:16:22.0488 4956 Wecsvc - ok
23:16:22.0507 4956 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:16:22.0509 4956 wercplsupport - ok
23:16:22.0530 4956 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:16:22.0532 4956 WerSvc - ok
23:16:22.0561 4956 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:16:22.0563 4956 WfpLwf - ok
23:16:22.0575 4956 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:16:22.0577 4956 WIMMount - ok
23:16:22.0596 4956 WinDefend - ok
23:16:22.0603 4956 WinHttpAutoProxySvc - ok
23:16:22.0647 4956 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:16:22.0651 4956 Winmgmt - ok
23:16:22.0712 4956 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
23:16:22.0754 4956 WinRM - ok
23:16:22.0818 4956 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:16:22.0820 4956 WinUsb - ok
23:16:22.0852 4956 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
23:16:22.0877 4956 Wlansvc - ok
23:16:22.0903 4956 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:16:22.0905 4956 WmiAcpi - ok
23:16:22.0936 4956 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:16:22.0940 4956 wmiApSrv - ok
23:16:22.0967 4956 WMPNetworkSvc - ok
23:16:22.0981 4956 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:16:22.0984 4956 WPCSvc - ok
23:16:23.0008 4956 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:16:23.0011 4956 WPDBusEnum - ok
23:16:23.0031 4956 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:16:23.0033 4956 ws2ifsl - ok
23:16:23.0048 4956 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll
23:16:23.0050 4956 wscsvc - ok
23:16:23.0055 4956 WSearch - ok
23:16:23.0126 4956 [ 9df12edbc698b0bc353b3ef84861e430 ] wuauserv C:\Windows\system32\wuaueng.dll
23:16:23.0171 4956 wuauserv - ok
23:16:23.0189 4956 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:16:23.0192 4956 WudfPf - ok
23:16:23.0235 4956 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:16:23.0238 4956 WUDFRd - ok
23:16:23.0269 4956 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:16:23.0272 4956 wudfsvc - ok
23:16:23.0295 4956 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
23:16:23.0300 4956 WwanSvc - ok
23:16:23.0330 4956 ================ Scan global ===============================
23:16:23.0350 4956 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
23:16:23.0381 4956 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
23:16:23.0397 4956 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
23:16:23.0417 4956 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
23:16:23.0442 4956 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
23:16:23.0448 4956 [Global] - ok
23:16:23.0449 4956 ================ Scan MBR ==================================
23:16:23.0451 4956 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:16:23.0458 4956 \Device\Harddisk0\DR0 - ok
23:16:23.0465 4956 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
23:16:23.0637 4956 \Device\Harddisk1\DR1 - ok
23:16:23.0638 4956 ================ Scan VBR ==================================
23:16:23.0640 4956 Boot (0x1200) (d55af5ac3c4589491c11b4a040f4e4d9) \Device\Harddisk0\DR0\Partition1
23:16:23.0641 4956 \Device\Harddisk0\DR0\Partition1 - ok
23:16:23.0644 4956 Boot (0x1200) (e25ae49564ce6d8dca626bc1bcfed060) \Device\Harddisk1\DR1\Partition1
23:16:23.0646 4956 \Device\Harddisk1\DR1\Partition1 - ok
23:16:23.0646 4956 ============================================================
23:16:23.0646 4956 Scan finished
23:16:23.0646 4956 ============================================================
23:16:23.0655 4424 Detected object count: 1
23:16:23.0655 4424 Actual detected object count: 1
23:16:37.0037 4424 c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll - copied to quarantine
23:16:37.0038 4424 HKLM\SYSTEM\ControlSet001\services\Akamai - will be deleted on reboot
23:16:37.0071 4424 HKLM\SYSTEM\ControlSet002\services\Akamai - will be deleted on reboot
23:16:37.0219 4424 c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll - will be deleted on reboot
23:16:37.0219 4424 Akamai ( HiddenFile.Multi.Generic ) - User select action: Delete
23:17:37.0289 1684 Deinitialize success

#11 maxdragon

maxdragon
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 15 August 2012 - 12:11 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-14 23:21:30
-----------------------------
23:21:30.250 OS Version: Windows x64 6.1.7601 Service Pack 1
23:21:30.250 Number of processors: 2 586 0xF0B
23:21:30.251 ComputerName: BRANDON-PC UserName: Brandon
23:21:35.139 Initialize success
23:22:18.061 AVAST engine defs: 12081401
23:23:05.290 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000006d
23:23:05.290 Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3
23:23:05.290 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000006e
23:23:05.290 Disk 1 Vendor: ST325031 3.AA Size: 238475MB BusType: 3
23:23:05.306 Disk 1 MBR read successfully
23:23:05.306 Disk 1 MBR scan
23:23:05.306 Disk 1 Windows 7 default MBR code
23:23:05.306 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
23:23:05.337 Disk 1 scanning C:\Windows\system32\drivers
23:23:15.537 Service scanning
23:23:37.267 Modules scanning
23:23:37.267 Disk 1 trace - called modules:
23:23:37.283 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
23:23:37.283 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004c1b060]
23:23:37.283 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8004ab0760]
23:23:37.283 5 ACPI.sys[fffff88000fac7a1] -> nt!IofCallDriver -> \Device\0000006e[0xfffffa80048d29c0]
23:23:38.063 AVAST engine scan C:\Windows
23:23:53.676 AVAST engine scan C:\Windows\system32
23:27:36.161 AVAST engine scan C:\Windows\system32\drivers
23:28:03.422 AVAST engine scan C:\Users\Brandon
23:58:57.197 AVAST engine scan C:\ProgramData
00:02:53.116 Scan finished successfully
01:10:16.792 Disk 1 MBR has been saved successfully to "C:\Users\Brandon\Desktop\MBR.dat"
01:10:16.792 The log file has been saved successfully to "C:\Users\Brandon\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:18 AM

Posted 15 August 2012 - 08:41 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 maxdragon

maxdragon
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 15 August 2012 - 07:55 PM

ComboFix 12-08-15.01 - Brandon 08/15/2012 20:35:25.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.3048 [GMT -4:00]
Running from: c:\users\Brandon\Desktop\ComboFix.exe
Command switches used :: c:\users\Brandon\Desktop\CFScript.txt
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache86\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 00:45 . 2011-03-10 22:05 57928 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2012-08-16 00:43 . 2012-08-16 00:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-16 00:43 . 2012-08-16 00:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 03:16 . 2012-08-15 03:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-03 00:19 . 2012-07-06 02:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-01 04:31 . 2012-08-16 00:43 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-07-28 06:43 . 2012-07-28 06:43 -------- d-----w- c:\windows\SysWow64\Adobe
2012-07-22 19:41 . 2012-07-22 19:41 -------- d-----w- c:\users\Brandon\AppData\Local\Macromedia
2012-07-18 03:30 . 2012-07-18 03:30 -------- d-----w- c:\users\Brandon\AppData\Roaming\Trine2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 01:56 . 2012-03-31 02:10 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 01:56 . 2011-12-03 20:19 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 11:02 . 2012-07-13 11:02 130088 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2012-07-13 11:02 . 2012-07-13 11:02 205352 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2012-07-13 11:02 . 2012-07-13 11:02 123944 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2012-07-13 11:02 . 2012-07-13 11:02 167464 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2012-07-13 11:02 . 2012-07-13 11:02 119336 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2012-07-12 15:18 . 2012-07-12 15:18 219688 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
2012-07-08 19:38 . 2012-07-08 18:29 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-08 19:38 . 2012-07-08 19:38 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-08 19:38 . 2012-07-08 18:29 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-08 18:29 . 2012-07-08 18:29 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-07 04:13 . 2012-07-08 18:29 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-07-06 02:06 . 2011-01-15 04:09 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 17:46 . 2011-11-29 03:06 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 04:01 . 2010-10-20 18:26 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-06-29 04:01 . 2010-10-20 18:26 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-06-27 19:51 . 2012-06-27 19:51 105000 ----a-w- c:\windows\system32\drivers\NNStlsc.sys
2012-06-27 19:51 . 2012-06-27 19:51 112680 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys
2012-06-27 19:51 . 2012-06-27 19:51 109096 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
2012-06-27 19:51 . 2012-06-27 19:51 68648 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys
2012-06-27 19:51 . 2012-06-27 19:51 304680 ----a-w- c:\windows\system32\drivers\NNSProt.sys
2012-06-27 19:51 . 2012-06-27 19:51 116776 ----a-w- c:\windows\system32\drivers\NNSPop3.sys
2012-06-27 19:51 . 2012-06-27 19:51 93224 ----a-w- c:\windows\system32\drivers\NNSpicc.sys
2012-06-27 19:51 . 2012-06-27 19:51 33320 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys
2012-06-27 19:51 . 2012-06-27 19:51 113192 ----a-w- c:\windows\system32\drivers\NNSIds.sys
2012-06-27 19:51 . 2012-06-27 19:51 89128 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys
2012-06-27 19:51 . 2012-06-27 19:51 116776 ----a-w- c:\windows\system32\drivers\NNSHttp.sys
2012-06-20 15:28 . 2012-07-07 09:15 4145600 ----a-w- c:\windows\SysWow64\GameMon.des
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-15_00.08.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-08-15 00:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-16 00:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-15 00:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-16 00:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-16 00:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-15 00:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-15 15:51 . 2012-08-16 00:46 74324 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-16 00:46 44236 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-15 04:43 . 2012-08-16 00:46 30200 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3466096303-1108741516-2037161739-1000_UserData.bin
- 2012-08-15 00:07 . 2011-03-10 22:05 57928 c:\windows\system64\drivers\PSKMAD.sys
+ 2012-08-16 00:45 . 2011-03-10 22:05 57928 c:\windows\system64\drivers\PSKMAD.sys
+ 2010-10-15 06:33 . 2012-08-15 01:56 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-15 06:33 . 2012-08-07 20:41 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-15 06:33 . 2012-08-15 01:56 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-15 06:33 . 2012-08-07 20:41 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-07 20:41 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-15 01:56 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-15 15:51 . 2012-08-16 00:46 74324 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-16 00:46 44236 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-15 04:43 . 2012-08-16 00:46 30200 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3466096303-1108741516-2037161739-1000_UserData.bin
- 2010-10-15 06:33 . 2012-08-07 20:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-15 06:33 . 2012-08-15 01:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-15 06:33 . 2012-08-15 01:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-15 06:33 . 2012-08-07 20:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-07 20:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-15 01:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-16 00:45 . 2012-08-16 00:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-15 00:07 . 2012-08-15 00:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-15 00:07 . 2012-08-15 00:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-16 00:45 . 2012-08-16 00:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-15 01:56 . 2012-08-15 01:56 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe
+ 2012-08-15 00:56 . 2012-08-15 00:56 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
+ 2012-08-15 00:56 . 2012-08-15 00:56 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll
+ 2012-03-31 02:10 . 2012-08-15 01:56 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-03-31 02:10 . 2012-08-03 04:56 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-08-15 01:56 . 2012-08-15 01:56 417992 c:\windows\system64\Macromed\Flash\FlashUtil64_11_3_300_271_Plugin.exe
+ 2012-08-15 00:56 . 2012-08-15 00:56 417992 c:\windows\system64\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.exe
+ 2012-08-15 00:56 . 2012-08-15 00:56 513224 c:\windows\system64\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.dll
+ 2012-08-15 01:56 . 2012-08-15 01:56 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_Plugin.exe
+ 2012-08-15 00:56 . 2012-08-15 00:56 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.exe
+ 2012-08-15 00:56 . 2012-08-15 00:56 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.dll
- 2009-07-14 05:01 . 2012-08-15 00:06 281416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-16 00:43 281416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-15 01:56 . 2012-08-15 01:56 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
+ 2012-08-15 01:56 . 2012-08-15 01:56 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
- 2010-10-15 06:40 . 2012-08-14 06:20 6072532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3466096303-1108741516-2037161739-1000-8192.dat
+ 2010-10-15 06:40 . 2012-08-16 00:43 6072532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3466096303-1108741516-2037161739-1000-8192.dat
+ 2012-08-15 01:56 . 2012-08-15 01:56 12315336 c:\windows\system64\Macromed\Flash\NPSWF64_11_3_300_271.dll
+ 2012-08-15 01:56 . 2012-08-15 01:56 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2012-03-15 21:02 86696 ----a-w- c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-03-15 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Brandon\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Spotify Web Helper"="c:\users\Brandon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-31 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-15 217256]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-29 296096]
"PSUAMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152]
"emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe" [2012-07-30 3408288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X]
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2012-06-27 33320]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2012-01-13 1675840]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-17 1255736]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2012-06-27 68648]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-04-30 44688]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2012-06-27 89128]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2012-06-27 116776]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2012-06-27 113192]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2012-06-27 93224]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2012-06-27 116776]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2012-06-27 304680]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2012-06-27 109096]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2012-06-27 112680]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2012-07-12 219688]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2012-06-27 105000]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2012-07-13 205352]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-07-30 3075920]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-07-13 140064]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-07-13 167464]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2012-07-13 119336]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2012-07-13 123944]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2012-07-13 130088]
S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-07-13 36640]
S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PSKMAD
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 01:56]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3466096303-1108741516-2037161739-1000Core.job
- c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-31 21:41]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3466096303-1108741516-2037161739-1000UA.job
- c:\users\Brandon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-31 21:41]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>???????????????????e;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\ll0qk0i4.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p=
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-25715663.sys
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-08-15 20:52:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-16 00:52
ComboFix2.txt 2012-08-15 00:15
.
Pre-Run: 63,492,898,816 bytes free
Post-Run: 63,348,736,000 bytes free
.
- - End Of File - - 5946CA2F865C491B798C478D5076CA20

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:18 AM

Posted 15 August 2012 - 08:28 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 maxdragon

maxdragon
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 16 August 2012 - 08:20 PM

Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.3
Adobe Shockwave Player 11.6
Akamai NetSession Interface
Akamai NetSession Interface Service
Bastion
Blacklight: Retribution
Combined Community Codec Pack 2010-10-10
Diablo III
Dungeon Defenders
Emsisoft Anti-Malware
Google Chrome
H&R Block Premium + Efile + State 2010
League of Legends
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 13.0 (x86 en-US)
NETGEAR WNDA4100
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
OpenAL
OpenOffice.org 3.3
Panda Cloud Antivirus
Panda Security Toolbar
Panda Security URL Filtering
Pando Media Booster
PHANTASY STAR ONLINE 2
Portal 2
PunkBuster Services
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 5.9
Spotify
StarCraft II
Steam
swMSM
Team Fortress 2
Trine
Trine 2
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Vindictus
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01


i don't know if i still need the visual C++ i think it was instead back when i had a C++ class do i still need that for anything?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users