Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef Virus/Trojan Help


  • This topic is locked This topic is locked
20 replies to this topic

#1 psychedelicpiper9

psychedelicpiper9

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 08 August 2012 - 07:17 AM

Hello!

I'm a new member, and I came upon your site after reading a couple recent threads dealing with the Sirefef virus. I've tried running Microsoft Security Essentials, but my laptop keeps restarting before it has the chance to remove it.

I have the same exact problem as in these two threads:

http://www.bleepingcomputer.com/forums/topic463661.html
http://www.bleepingcomputer.com/forums/topic462717.html

I've tried following them, and have successfully completed the step involving System Recovery Options and frst.exe I'm no technical expert, though, so I don't know what to put in the fixlist.

I'll attach the FRST.txt and Search.txt I've generated from my computer, and hopefully you can get back to me. I really appreciate it! :)



Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 08-08-2012
Ran by SYSTEM at 08-08-2012 06:33:39
Running from E:\
Windows Vista ™ Business (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [iSkysoft Helper Compact.exe] C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Anastassia\...\Run: [] [x]
HKU\Anastassia\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Anastassia\...\Run: [Akamai NetSession Interface] "C:\Users\Anastassia\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
HKU\Anastassia\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\Anastassia\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Anastassia\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

================================ Services (Whitelisted) ==================

2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
2 MacDrive8Service; "C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe" [192512 2009-09-03] (Mediafour Corporation)
2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [335872 2006-10-26] (Microsoft Corporation)
2 Akamai; c:\program files\common files\akamai/netsession_win_4f7fccd.dll [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-01-20] (Broadcom Corporation)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-08-08] (Malwarebytes Corporation)
0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [259176 2009-09-03] (Mediafour Corporation)
0 MDPMGRNT; C:\Windows\System32\Drivers\MDPMGRNT.sys [27488 2009-07-31] (Mediafour Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [25704 2011-12-09] (Wondershare)
3 WsAudio_DeviceS(2); C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [25704 2011-12-09] (Wondershare)
3 WsAudio_DeviceS(3); C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [25704 2011-12-09] (Wondershare)
3 WsAudio_DeviceS(4); C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [25704 2011-12-09] (Wondershare)
3 WsAudio_DeviceS(5); C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [25704 2011-12-09] (Wondershare)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-08 06:33 - 2012-08-08 06:33 - 00000000 ____D C:\FRST
2012-08-08 02:59 - 2012-08-08 02:59 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-08-08 02:08 - 2012-08-08 02:08 - 00000000 ____D C:\Users\Anastassia\AppData\Roaming\Malwarebytes
2012-08-08 02:07 - 2012-08-08 02:07 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-08 02:07 - 2012-08-08 02:07 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-08 02:07 - 2012-08-08 02:07 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-08-08 02:07 - 2012-07-03 10:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-08 01:59 - 2012-08-08 01:55 - 10651816 ____A (Malwarebytes Corporation ) C:\Users\Anastassia\Desktop\mbam-setup.exe
2012-08-08 01:41 - 2012-08-08 01:42 - 00000000 ____D C:\Qoobox
2012-08-08 01:31 - 2012-08-08 01:42 - 00000000 ____D C:\Windows\erdnt
2012-08-08 01:30 - 2012-08-08 02:56 - 00000000 ___SD C:\32788R22FWJFW
2012-08-08 01:27 - 2012-08-08 01:19 - 04729922 ____R (Swearware) C:\Users\Anastassia\Desktop\ComboFix.exe
2012-08-06 23:42 - 2012-08-06 23:42 - 00001826 ____A C:\Users\Anastassia\Desktop\Microsoft Security Essentials.lnk
2012-08-06 22:32 - 2012-08-06 22:19 - 16373192 ____A (Microsoft Corporation) C:\Users\Anastassia\Desktop\Windows-KB890830-V4.10.exe
2012-08-06 21:04 - 2012-08-06 21:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-06 20:57 - 2012-08-06 20:57 - 10288512 ____A (Microsoft Corporation) C:\Users\Anastassia\Desktop\mseinstall.exe
2012-08-05 02:55 - 2012-08-05 02:55 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-12 08:37 - 2012-06-13 05:40 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-12 08:21 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-12 08:21 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-12 08:21 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-12 08:21 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-12 08:21 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-12 08:21 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-12 08:21 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-12 08:21 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-12 08:21 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-12 08:21 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-12 08:21 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-12 08:21 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-12 08:21 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-12 08:21 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 14:02 - 2012-07-11 14:02 - 00001726 ____A C:\Users\Public\Desktop\CDBurnerXP.lnk
2012-07-11 14:02 - 2012-07-11 14:02 - 00000000 ____D C:\Users\Anastassia\AppData\Roaming\Canneverbe Limited
2012-07-11 14:02 - 2012-07-11 14:02 - 00000000 ____D C:\Users\All Users\Canneverbe Limited
2012-07-11 14:02 - 2012-07-11 14:02 - 00000000 ____D C:\Program Files\CDBurnerXP
2012-07-11 13:38 - 2012-06-21 00:31 - 1997193216 ____A C:\Users\Anastassia\Downloads\Citizen Kane.avi
2012-07-11 12:41 - 2012-07-11 12:41 - 00001647 ____A C:\Users\Public\Desktop\mkvmerge GUI.lnk
2012-07-11 12:41 - 2012-07-11 12:41 - 00000000 ____D C:\Users\Anastassia\AppData\Roaming\mkvtoolnix
2012-07-11 12:41 - 2012-01-10 09:16 - 00002953 ____A C:\Users\Anastassia\Desktop\MKVExtractGUI2_readme.txt
2012-07-11 12:40 - 2012-07-11 12:44 - 00000000 ____D C:\Program Files\MKVToolNix
2012-07-11 12:39 - 2012-07-11 12:40 - 00719218 ____A C:\Users\Anastassia\Desktop\MKVExtractGUI-2.2.2.9.zip
2012-07-11 12:22 - 2012-07-11 12:22 - 00000859 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-07-11 10:46 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 10:46 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 10:46 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 10:45 - 2012-06-04 07:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 10:45 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 10:45 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

============ 3 Months Modified Files ========================

2012-08-08 03:25 - 2006-11-02 04:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-08 03:25 - 2006-11-02 04:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-08 03:24 - 2011-06-06 08:47 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cc24697ddf3580.job
2012-08-08 03:24 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-08 03:00 - 2010-10-05 00:28 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-08-08 02:59 - 2012-08-08 02:59 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-08-08 02:19 - 2012-04-08 04:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-08 02:07 - 2012-08-08 02:07 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-08 01:55 - 2012-08-08 01:59 - 10651816 ____A (Malwarebytes Corporation ) C:\Users\Anastassia\Desktop\mbam-setup.exe
2012-08-08 01:19 - 2012-08-08 01:27 - 04729922 ____R (Swearware) C:\Users\Anastassia\Desktop\ComboFix.exe
2012-08-08 01:00 - 2010-10-13 19:12 - 00001356 ____A C:\Users\Anastassia\AppData\Local\d3d9caps.dat
2012-08-08 00:11 - 2012-08-08 00:10 - 00000012 ____A C:\Users\Anastassia\Desktop\fix.bat
2012-08-06 23:42 - 2012-08-06 23:42 - 00001826 ____A C:\Users\Anastassia\Desktop\Microsoft Security Essentials.lnk
2012-08-06 22:19 - 2012-08-06 22:32 - 16373192 ____A (Microsoft Corporation) C:\Users\Anastassia\Desktop\Windows-KB890830-V4.10.exe
2012-08-06 21:06 - 2008-01-20 17:39 - 01248145 ____A C:\Windows\WindowsUpdate.log
2012-08-06 21:05 - 2011-02-04 08:14 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-06 20:57 - 2012-08-06 20:57 - 10288512 ____A (Microsoft Corporation) C:\Users\Anastassia\Desktop\mseinstall.exe
2012-08-06 20:46 - 2006-11-02 05:01 - 00032606 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-06 20:41 - 2010-10-24 03:32 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-03 15:26 - 2012-04-08 04:52 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-03 15:26 - 2011-05-17 13:03 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-02 10:46 - 2010-10-24 03:34 - 00001971 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-26 00:05 - 2010-10-14 00:18 - 00159744 ____A C:\Users\Anastassia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-14 19:30 - 2006-11-02 04:47 - 01714536 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 08:36 - 2006-11-02 02:23 - 00000219 ____A C:\Windows\win.ini
2012-07-11 14:02 - 2012-07-11 14:02 - 00001726 ____A C:\Users\Public\Desktop\CDBurnerXP.lnk
2012-07-11 12:41 - 2012-07-11 12:41 - 00001647 ____A C:\Users\Public\Desktop\mkvmerge GUI.lnk
2012-07-11 12:40 - 2012-07-11 12:39 - 00719218 ____A C:\Users\Anastassia\Desktop\MKVExtractGUI-2.2.2.9.zip
2012-07-11 12:22 - 2012-07-11 12:22 - 00000859 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-07-11 10:49 - 2012-04-07 19:32 - 00000752 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-07-03 10:46 - 2012-08-08 02:07 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 00:13 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-13 05:40 - 2012-07-12 08:37 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 18:08 - 2012-06-12 18:08 - 00001664 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-12 14:41 - 2012-06-12 14:41 - 00000804 ____A C:\Users\Anastassia\Desktop\Audacity.lnk
2012-06-09 23:11 - 2012-06-09 23:11 - 00001892 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-06-08 11:41 - 2010-11-06 13:42 - 00000934 ____A C:\Users\Anastassia\Desktop\Dropbox.lnk
2012-06-08 09:47 - 2012-07-11 10:46 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 08:47 - 2012-07-11 10:46 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 08:47 - 2012-07-11 10:46 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-04 07:26 - 2012-07-11 10:45 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 14:19 - 2012-06-19 03:25 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-19 03:25 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-19 03:25 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-19 03:25 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-19 03:25 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-19 03:25 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-19 03:25 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-19 03:24 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:12 - 2012-06-19 03:24 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-12 08:21 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-12 08:21 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-12 08:21 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-12 08:21 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-12 08:21 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-12 08:21 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-12 08:21 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-12 08:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-12 08:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-12 08:21 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-12 08:21 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-12 08:21 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-12 08:21 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-12 08:21 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 16:04 - 2012-07-11 10:45 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:03 - 2012-07-11 10:45 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-29 23:10 - 2012-04-07 19:30 - 00880496 ____A (BitTorrent, Inc.) C:\Users\Anastassia\Desktop\uTorrent.exe
2012-05-29 21:09 - 2012-04-08 04:40 - 00001186 ____A C:\Windows\PFRO.log
2012-05-29 20:42 - 2011-02-01 14:43 - 00001854 ____A C:\Users\Public\Desktop\Safari.lnk


ZeroAccess:
C:\Windows\Installer\{228cf61f-1375-4ad7-7874-df1cdfdbe27b}
C:\Windows\Installer\{228cf61f-1375-4ad7-7874-df1cdfdbe27b}\@
C:\Windows\Installer\{228cf61f-1375-4ad7-7874-df1cdfdbe27b}\L
C:\Windows\Installer\{228cf61f-1375-4ad7-7874-df1cdfdbe27b}\n
C:\Windows\Installer\{228cf61f-1375-4ad7-7874-df1cdfdbe27b}\U
C:\Windows\Installer\{228cf61f-1375-4ad7-7874-df1cdfdbe27b}\U\00000001.@
C:\Windows\Installer\{228cf61f-1375-4ad7-7874-df1cdfdbe27b}\U\80000000.@
C:\Windows\Installer\{228cf61f-1375-4ad7-7874-df1cdfdbe27b}\U\800000cb.@

ZeroAccess:
C:\Users\Anastassia\AppData\Local\{228cf61f-1375-4ad7-7874-df1cdfdbe27b}
C:\Users\Anastassia\AppData\Local\{228cf61f-1375-4ad7-7874-df1cdfdbe27b}\@
C:\Users\Anastassia\AppData\Local\{228cf61f-1375-4ad7-7874-df1cdfdbe27b}\L
C:\Users\Anastassia\AppData\Local\{228cf61f-1375-4ad7-7874-df1cdfdbe27b}\n
C:\Users\Anastassia\AppData\Local\{228cf61f-1375-4ad7-7874-df1cdfdbe27b}\U
C:\Users\Anastassia\AppData\Local\{228cf61f-1375-4ad7-7874-df1cdfdbe27b}\U\00000001.@
C:\Users\Anastassia\AppData\Local\{228cf61f-1375-4ad7-7874-df1cdfdbe27b}\U\80000000.@
C:\Users\Anastassia\AppData\Local\{228cf61f-1375-4ad7-7874-df1cdfdbe27b}\U\800000cb.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 1917.44 MB
Available physical RAM: 1543.48 MB
Total Pagefile: 1737.76 MB
Available Pagefile: 1601.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1984.97 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:74.44 GB) (Free:1.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (2007.11.03_2329) (CDROM) (Total:0.12 GB) (Free:0 GB) UDF
3 Drive e: (MY TASKS) (Fixed) (Total:37.3 GB) (Free:3.25 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 75 GB 1528 KB
Disk 1 Online 37 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 86 MB 32 KB
Partition 2 Primary 74 GB 86 MB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 FAT Partition 86 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 74 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 37 GB 32 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E MY TASKS FAT32 Partition 37 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-08 02:20

======================= End Of Log ==========================





Farbar Recovery Scan Tool Version: 08-08-2012
Ran by SYSTEM at 2012-08-08 06:35:33
Running from E:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2010-10-05 00:28] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:25] - [2008-01-20 18:25] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\System32\services.exe
[2010-10-05 00:28] - [2012-08-08 03:00] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843

=== End Of Search ===

Attached Files


Edited by psychedelicpiper9, 08 August 2012 - 07:24 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 PM

Posted 11 August 2012 - 12:55 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe C:\Windows\System32\services.exe
C:\Users\Anastassia\AppData\Local\{228cf61f-1375-4ad7-7874-df1cdfdbe27b}
C:\Windows\Installer\{228cf61f-1375-4ad7-7874-df1cdfdbe27b} 


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 psychedelicpiper9

psychedelicpiper9
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 12 August 2012 - 10:24 PM

Sorry about attaching my logs in the first post. I've seen other users do it, and thought there'd be no problem. I'll refrain from attaching them from now on. Thank you for replying!

And I'm on Vista, just to make sure we're on the same page. Vista Business 32-bit, to be exact.

Here's my Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 08-08-2012
Ran by SYSTEM at 2012-08-12 23:36:08 Run:2
Running from E:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Users\Anastassia\AppData\Local\{228cf61f-1375-4ad7-7874-df1cdfdbe27b} moved successfully.
C:\Windows\Installer\{228cf61f-1375-4ad7-7874-df1cdfdbe27b} moved successfully.

==== End of Fixlog ====

Edited by psychedelicpiper9, 12 August 2012 - 11:39 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 PM

Posted 12 August 2012 - 11:40 PM

can you please try and rerun it the script it does not look correct


did you use notpad for this or did you use something else?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 psychedelicpiper9

psychedelicpiper9
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 12 August 2012 - 11:45 PM

I was worried you'd see that. I just edited my post and fixed it. At first, I'll be honest, I used TextEdit on my Mac computer. The thing is I can't access the Internet on my Windows laptop, since the thing lags and restarts before I have a chance to open the browser.

I just used another family member's Windows computer, though, and copy and pasted into Notepad as you said. The new log is in my edited post above.

Edited by psychedelicpiper9, 12 August 2012 - 11:52 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 PM

Posted 13 August 2012 - 12:09 AM

Hello


Is it still restarting?

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 psychedelicpiper9

psychedelicpiper9
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 13 August 2012 - 01:12 AM

ComboFix ran successfully on my Windows laptop, and it is not experiencing the restart issue any more! :D

Here is the log:

ComboFix 12-08-10.02 - Anastassia 08/13/2012 0:34.1.1 - x86
MicrosoftÆ Windows Vistaô Business 6.0.6002.2.1252.1.1033.18.1917.1214 [GMT -5:00]
Running from: c:\users\Anastassia\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Anastassia\shaiya_us_downloader_20110225.exe
c:\windows\TEMP\GUM4120.tmp\GoogleCrashHandler.exe
c:\windows\TEMP\GUM4120.tmp\GoogleUpdate.exe
c:\windows\TEMP\GUM4120.tmp\GoogleUpdateBroker.exe
c:\windows\TEMP\GUM4120.tmp\GoogleUpdateOnDemand.exe
c:\windows\TEMP\GUM4120.tmp\goopdate.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_am.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_ar.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_bg.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_bn.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_ca.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_cs.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_da.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_de.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_el.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_en-GB.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_en.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_es-419.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_es.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_et.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_fa.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_fi.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_fil.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_fr.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_gu.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_hi.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_hr.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_hu.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_id.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_is.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_it.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_iw.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_ja.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_kn.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_ko.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_lt.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_lv.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_ml.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_mr.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_ms.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_nl.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_no.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_pl.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_pt-BR.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_pt-PT.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_ro.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_ru.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_sk.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_sl.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_sr.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_sv.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_sw.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_ta.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_te.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_th.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_tr.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_uk.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_ur.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_vi.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_zh-CN.dll
c:\windows\TEMP\GUM4120.tmp\goopdateres_zh-TW.dll
c:\windows\TEMP\GUM4120.tmp\npGoogleUpdate3.dll
c:\windows\TEMP\GUM4120.tmp\psmachine.dll
c:\windows\TEMP\GUM4120.tmp\psuser.dll
c:\windows\TEMP\MPENGINE.DLL
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 05:52 . 2012-08-13 05:52 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1C6BB3B-9CBE-4208-A319-3DF6F473FD33}\offreg.dll
2012-08-13 05:49 . 2012-08-13 05:52 -------- d-----w- c:\users\Anastassia\AppData\Local\temp
2012-08-13 05:49 . 2012-08-13 05:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-08 14:33 . 2012-08-08 14:33 -------- d-----w- C:\FRST
2012-08-08 10:59 . 2012-08-08 10:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-08-08 10:08 . 2012-08-08 10:08 -------- d-----w- c:\users\Anastassia\AppData\Roaming\Malwarebytes
2012-08-08 10:07 . 2012-08-08 10:07 -------- d-----w- c:\programdata\Malwarebytes
2012-08-08 10:07 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-08 10:07 . 2012-08-08 10:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-07 05:08 . 2012-02-09 19:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E1ED39AA-8EF9-4359-A357-C1F2EC7495E0}\gapaengine.dll
2012-08-07 05:07 . 2012-07-16 07:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1C6BB3B-9CBE-4208-A319-3DF6F473FD33}\mpengine.dll
2012-08-07 05:04 . 2012-08-07 05:05 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-05 10:55 . 2012-08-05 10:55 -------- d-sh--w- c:\windows\system32\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 23:26 . 2012-04-08 12:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 23:26 . 2011-05-17 21:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:40 . 2012-07-12 16:37 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-11 18:46 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 18:46 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 18:45 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-19 11:25 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 11:25 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 11:25 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 11:25 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 11:25 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 11:25 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 11:25 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-19 11:24 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12 . 2012-06-19 11:24 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-12 16:21 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 16:21 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 16:21 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 16:21 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 16:21 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04 . 2012-07-11 18:45 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 18:45 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-18 07:53 . 2012-05-30 05:20 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-10-10 3906656]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-10 20:51 3906656 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-10-10 20:51 3906656 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-10-10 3906656]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-10 3906656]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-10-10 3906656]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Anastassia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Anastassia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Anastassia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Akamai NetSession Interface"="c:\users\Anastassia\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\Anastassia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Anastassia\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-2-17 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2012-02-23 16:38 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2009-01-20 20:36 3563520 ----a-w- c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Getting started with MacDrive 8]
2009-03-31 22:21 141312 ----a-w- c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 23:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacDrive 8 application]
2009-06-15 17:08 202328 ----a-w- c:\program files\Mediafour\MacDrive 8\MacDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 22:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 20:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 17:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-12-17 20:05 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 19:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-10-26 19:39 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 23:26]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc24697ddf3580.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 11:32]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 11:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Anastassia\AppData\Roaming\Mozilla\Firefox\Profiles\fpmsyxuv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aimright-chromesbox-en-us&tb_uuid=20110629034605816&tb_oid=29-06-2011&tb_mrud=13-06-2012
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aimright-ab-en-us&tb_uuid=20110629034605816&tb_oid=29-06-2011&tb_mrud=13-06-2012&query=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
HKLM-Run-iSkysoft Helper Compact.exe - c:\program files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
AddRemove-Final Fantasy VII - c:\program files\Final Fantasy VII\Uninst.isu
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3776)
c:\users\Anastassia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Mediafour\MacDrive 8\MDVolumeIcons.dll
c:\program files\Mediafour\MacDrive 8\MACDRAPI.DLL
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-08-13 01:05:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-13 06:04
.
Pre-Run: 2,405,007,360 bytes free
Post-Run: 8,565,194,752 bytes free
.
- - End Of File - - 0FD3F79B44713693A7016837FC009711

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 PM

Posted 13 August 2012 - 01:54 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 psychedelicpiper9

psychedelicpiper9
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 13 August 2012 - 03:12 AM

Here's the log for TDSSKiller:

02:14:39.0459 3348 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
02:14:39.0833 3348 ============================================================
02:14:39.0833 3348 Current date / time: 2012/08/13 02:14:39.0833
02:14:39.0833 3348 SystemInfo:
02:14:39.0833 3348
02:14:39.0833 3348 OS Version: 6.0.6002 ServicePack: 2.0
02:14:39.0833 3348 Product type: Workstation
02:14:39.0833 3348 ComputerName: NYAA
02:14:39.0833 3348 UserName: Anastassia
02:14:39.0833 3348 Windows directory: C:\Windows
02:14:39.0833 3348 System windows directory: C:\Windows
02:14:39.0833 3348 Processor architecture: Intel x86
02:14:39.0833 3348 Number of processors: 1
02:14:39.0833 3348 Page size: 0x1000
02:14:39.0833 3348 Boot type: Normal boot
02:14:39.0833 3348 ============================================================
02:14:41.0705 3348 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:14:41.0736 3348 Drive \Device\Harddisk1\DR1 - Size: 0x953C94000 (37.31 Gb), SectorSize: 0x200, Cylinders: 0x1306, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:14:42.0235 3348 ============================================================
02:14:42.0235 3348 \Device\Harddisk0\DR0:
02:14:42.0345 3348 MBR partitions:
02:14:42.0345 3348 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B24B, BlocksNum 0x94E3276
02:14:42.0345 3348 \Device\Harddisk1\DR1:
02:14:42.0345 3348 MBR partitions:
02:14:42.0345 3348 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x4A9E461
02:14:42.0345 3348 ============================================================
02:14:42.0391 3348 C: <-> \Device\Harddisk0\DR0\Partition0
02:14:42.0391 3348 G: <-> \Device\Harddisk1\DR1\Partition0
02:14:42.0391 3348 ============================================================
02:14:42.0391 3348 Initialize success
02:14:42.0391 3348 ============================================================
02:14:59.0380 2328 ============================================================
02:14:59.0380 2328 Scan started
02:14:59.0380 2328 Mode: Manual;
02:14:59.0380 2328 ============================================================
02:15:02.0281 2328 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
02:15:02.0297 2328 ACPI - ok
02:15:02.0765 2328 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
02:15:02.0781 2328 AdobeARMservice - ok
02:15:03.0280 2328 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:15:03.0295 2328 AdobeFlashPlayerUpdateSvc - ok
02:15:04.0138 2328 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
02:15:04.0185 2328 adp94xx - ok
02:15:04.0824 2328 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
02:15:04.0855 2328 adpahci - ok
02:15:04.0887 2328 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
02:15:04.0902 2328 adpu160m - ok
02:15:04.0918 2328 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
02:15:04.0933 2328 adpu320 - ok
02:15:04.0980 2328 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
02:15:04.0980 2328 AeLookupSvc - ok
02:15:06.0759 2328 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
02:15:06.0774 2328 AFD - ok
02:15:06.0821 2328 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
02:15:06.0821 2328 agp440 - ok
02:15:06.0868 2328 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
02:15:06.0868 2328 aic78xx - ok
02:15:11.0907 2328 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files\common files\akamai/netsession_win_4f7fccd.dll
02:15:11.0907 2328 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
02:15:11.0922 2328 Akamai ( HiddenFile.Multi.Generic ) - warning
02:15:11.0922 2328 Akamai - detected HiddenFile.Multi.Generic (1)
02:15:13.0030 2328 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
02:15:13.0045 2328 ALG - ok
02:15:13.0451 2328 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
02:15:13.0545 2328 aliide - ok
02:15:13.0919 2328 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
02:15:13.0919 2328 amdagp - ok
02:15:14.0559 2328 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
02:15:14.0590 2328 amdide - ok
02:15:14.0637 2328 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
02:15:14.0637 2328 AmdK7 - ok
02:15:14.0668 2328 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
02:15:14.0668 2328 AmdK8 - ok
02:15:14.0715 2328 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
02:15:14.0730 2328 Appinfo - ok
02:15:14.0995 2328 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:15:15.0011 2328 Apple Mobile Device - ok
02:15:15.0432 2328 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
02:15:15.0432 2328 AppMgmt - ok
02:15:15.0463 2328 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
02:15:15.0463 2328 arc - ok
02:15:15.0510 2328 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
02:15:15.0510 2328 arcsas - ok
02:15:15.0557 2328 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
02:15:15.0557 2328 AsyncMac - ok
02:15:15.0978 2328 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
02:15:15.0978 2328 atapi - ok
02:15:16.0462 2328 Ati External Event Utility (a63b95991d0036d8d5a188bb4a31cf18) C:\Windows\system32\Ati2evxx.exe
02:15:16.0477 2328 Ati External Event Utility - ok
02:15:18.0069 2328 atikmdag (daca081e9dc82d4a05b0d21e8aa93df8) C:\Windows\system32\DRIVERS\atikmdag.sys
02:15:18.0147 2328 atikmdag - ok
02:15:19.0504 2328 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
02:15:19.0519 2328 AudioEndpointBuilder - ok
02:15:19.0519 2328 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
02:15:19.0535 2328 Audiosrv - ok
02:15:19.0941 2328 BCM42RLY (31a7cf8b26035fcf58bd1dbf36b1e69a) C:\Windows\system32\drivers\BCM42RLY.sys
02:15:20.0034 2328 BCM42RLY - ok
02:15:21.0095 2328 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys
02:15:21.0235 2328 BCM43XX - ok
02:15:21.0329 2328 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
02:15:21.0329 2328 bcm4sbxp - ok
02:15:21.0376 2328 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
02:15:21.0376 2328 Beep - ok
02:15:21.0501 2328 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
02:15:21.0532 2328 BFE - ok
02:15:21.0641 2328 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
02:15:21.0641 2328 blbdrive - ok
02:15:22.0561 2328 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
02:15:22.0577 2328 Bonjour Service - ok
02:15:22.0655 2328 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
02:15:22.0655 2328 bowser - ok
02:15:22.0702 2328 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
02:15:22.0702 2328 BrFiltLo - ok
02:15:22.0733 2328 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
02:15:22.0733 2328 BrFiltUp - ok
02:15:22.0764 2328 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
02:15:22.0764 2328 Browser - ok
02:15:22.0795 2328 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
02:15:22.0811 2328 Brserid - ok
02:15:22.0827 2328 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
02:15:22.0827 2328 BrSerWdm - ok
02:15:22.0873 2328 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
02:15:22.0873 2328 BrUsbMdm - ok
02:15:22.0905 2328 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
02:15:22.0905 2328 BrUsbSer - ok
02:15:22.0936 2328 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
02:15:22.0936 2328 BTHMODEM - ok
02:15:22.0967 2328 catchme - ok
02:15:22.0998 2328 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
02:15:22.0998 2328 cdfs - ok
02:15:23.0061 2328 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
02:15:23.0061 2328 cdrom - ok
02:15:23.0560 2328 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
02:15:23.0560 2328 CertPropSvc - ok
02:15:23.0607 2328 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
02:15:23.0607 2328 circlass - ok
02:15:24.0589 2328 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
02:15:24.0605 2328 CLFS - ok
02:15:25.0588 2328 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:15:25.0588 2328 clr_optimization_v2.0.50727_32 - ok
02:15:26.0633 2328 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:15:26.0649 2328 clr_optimization_v4.0.30319_32 - ok
02:15:26.0680 2328 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
02:15:26.0680 2328 CmBatt - ok
02:15:26.0711 2328 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
02:15:26.0711 2328 cmdide - ok
02:15:26.0820 2328 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
02:15:26.0929 2328 Compbatt - ok
02:15:26.0945 2328 COMSysApp - ok
02:15:27.0132 2328 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
02:15:27.0132 2328 crcdisk - ok
02:15:27.0148 2328 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
02:15:27.0163 2328 Crusoe - ok
02:15:28.0255 2328 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
02:15:28.0271 2328 CryptSvc - ok
02:15:28.0630 2328 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
02:15:28.0645 2328 CSC - ok
02:15:29.0207 2328 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
02:15:29.0223 2328 CscService - ok
02:15:29.0691 2328 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
02:15:29.0722 2328 DcomLaunch - ok
02:15:31.0656 2328 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
02:15:31.0656 2328 DfsC - ok
02:15:35.0821 2328 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
02:15:35.0962 2328 DFSR - ok
02:15:36.0274 2328 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
02:15:36.0336 2328 Dhcp - ok
02:15:37.0241 2328 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
02:15:37.0241 2328 disk - ok
02:15:37.0288 2328 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
02:15:37.0366 2328 Dnscache - ok
02:15:37.0756 2328 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
02:15:37.0756 2328 dot3svc - ok
02:15:37.0803 2328 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
02:15:37.0818 2328 DPS - ok
02:15:37.0849 2328 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
02:15:37.0849 2328 drmkaud - ok
02:15:40.0345 2328 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
02:15:40.0377 2328 DXGKrnl - ok
02:15:40.0845 2328 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
02:15:40.0845 2328 E1G60 - ok
02:15:40.0876 2328 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
02:15:40.0876 2328 EapHost - ok
02:15:41.0344 2328 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
02:15:41.0359 2328 Ecache - ok
02:15:41.0406 2328 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
02:15:41.0437 2328 elxstor - ok
02:15:42.0327 2328 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
02:15:42.0389 2328 EMDMgmt - ok
02:15:42.0451 2328 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
02:15:42.0451 2328 ErrDev - ok
02:15:42.0888 2328 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
02:15:42.0904 2328 EventSystem - ok
02:15:43.0419 2328 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
02:15:43.0434 2328 exfat - ok
02:15:44.0401 2328 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
02:15:44.0417 2328 fastfat - ok
02:15:44.0464 2328 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
02:15:44.0495 2328 Fax - ok
02:15:44.0542 2328 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
02:15:44.0542 2328 fdc - ok
02:15:44.0573 2328 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
02:15:44.0573 2328 fdPHost - ok
02:15:44.0604 2328 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
02:15:44.0604 2328 FDResPub - ok
02:15:44.0620 2328 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
02:15:44.0635 2328 FileInfo - ok
02:15:44.0651 2328 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
02:15:44.0651 2328 Filetrace - ok
02:15:44.0885 2328 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
02:15:44.0916 2328 FLEXnet Licensing Service - ok
02:15:44.0947 2328 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
02:15:44.0947 2328 flpydisk - ok
02:15:45.0415 2328 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
02:15:45.0415 2328 FltMgr - ok
02:15:45.0525 2328 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
02:15:45.0571 2328 FontCache - ok
02:15:46.0429 2328 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
02:15:46.0429 2328 FontCache3.0.0.0 - ok
02:15:46.0461 2328 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
02:15:46.0476 2328 Fs_Rec - ok
02:15:46.0507 2328 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
02:15:46.0507 2328 gagp30kx - ok
02:15:46.0866 2328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:15:46.0866 2328 GEARAspiWDM - ok
02:15:47.0397 2328 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
02:15:47.0428 2328 gpsvc - ok
02:15:47.0943 2328 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
02:15:47.0958 2328 gupdate - ok
02:15:47.0989 2328 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
02:15:47.0989 2328 gupdatem - ok
02:15:48.0426 2328 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
02:15:48.0457 2328 HdAudAddService - ok
02:15:48.0941 2328 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
02:15:48.0957 2328 HDAudBus - ok
02:15:49.0269 2328 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
02:15:49.0315 2328 HidBth - ok
02:15:49.0331 2328 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
02:15:49.0331 2328 HidIr - ok
02:15:49.0471 2328 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
02:15:49.0471 2328 hidserv - ok
02:15:49.0518 2328 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
02:15:49.0518 2328 HidUsb - ok
02:15:49.0549 2328 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
02:15:49.0549 2328 hkmsvc - ok
02:15:49.0565 2328 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
02:15:49.0565 2328 HpCISSs - ok
02:15:49.0627 2328 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
02:15:49.0643 2328 HSFHWAZL - ok
02:15:49.0939 2328 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
02:15:49.0971 2328 HSF_DPV - ok
02:15:50.0938 2328 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
02:15:50.0953 2328 HTTP - ok
02:15:50.0985 2328 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
02:15:50.0985 2328 i2omp - ok
02:15:51.0031 2328 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
02:15:51.0031 2328 i8042prt - ok
02:15:51.0531 2328 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
02:15:51.0546 2328 iaStorV - ok
02:15:52.0529 2328 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:15:52.0623 2328 idsvc - ok
02:15:52.0654 2328 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
02:15:52.0654 2328 iirsp - ok
02:15:52.0997 2328 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
02:15:53.0091 2328 IKEEXT - ok
02:15:53.0122 2328 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
02:15:53.0122 2328 intelide - ok
02:15:53.0169 2328 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
02:15:53.0169 2328 intelppm - ok
02:15:53.0200 2328 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
02:15:53.0200 2328 IPBusEnum - ok
02:15:53.0215 2328 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:15:53.0215 2328 IpFilterDriver - ok
02:15:53.0262 2328 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
02:15:53.0293 2328 iphlpsvc - ok
02:15:53.0293 2328 IpInIp - ok
02:15:53.0325 2328 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
02:15:53.0325 2328 IPMIDRV - ok
02:15:53.0356 2328 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
02:15:53.0371 2328 IPNAT - ok
02:15:53.0980 2328 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
02:15:54.0027 2328 iPod Service - ok
02:15:54.0339 2328 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
02:15:54.0432 2328 IRENUM - ok
02:15:54.0463 2328 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
02:15:54.0463 2328 isapnp - ok
02:15:55.0555 2328 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
02:15:55.0571 2328 iScsiPrt - ok
02:15:55.0602 2328 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
02:15:55.0602 2328 iteatapi - ok
02:15:55.0618 2328 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
02:15:55.0618 2328 iteraid - ok
02:15:55.0649 2328 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
02:15:55.0649 2328 kbdclass - ok
02:15:55.0680 2328 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
02:15:55.0696 2328 kbdhid - ok
02:15:55.0727 2328 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
02:15:55.0727 2328 KeyIso - ok
02:15:56.0039 2328 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
02:15:56.0070 2328 KSecDD - ok
02:15:56.0179 2328 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
02:15:56.0195 2328 KtmRm - ok
02:15:56.0554 2328 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
02:15:56.0569 2328 LanmanServer - ok
02:15:57.0037 2328 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
02:15:57.0053 2328 LanmanWorkstation - ok
02:15:57.0537 2328 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
02:15:57.0537 2328 lltdio - ok
02:15:57.0568 2328 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
02:15:57.0583 2328 lltdsvc - ok
02:15:57.0615 2328 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
02:15:57.0615 2328 lmhosts - ok
02:15:57.0646 2328 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
02:15:57.0661 2328 LSI_FC - ok
02:15:57.0693 2328 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
02:15:57.0708 2328 LSI_SAS - ok
02:15:57.0724 2328 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
02:15:57.0739 2328 LSI_SCSI - ok
02:15:57.0771 2328 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
02:15:57.0771 2328 luafv - ok
02:15:58.0067 2328 MacDrive8Service (ca75ca6dc8a446827ca4e8561df60db0) C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
02:15:58.0083 2328 MacDrive8Service - ok
02:15:58.0769 2328 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
02:15:58.0816 2328 MBAMSwissArmy - ok
02:15:59.0065 2328 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
02:15:59.0065 2328 mcdbus - ok
02:15:59.0923 2328 MDFSYSNT (030297707483792d7d64775a23062df3) C:\Windows\system32\drivers\MDFSYSNT.sys
02:15:59.0970 2328 MDFSYSNT - ok
02:16:00.0672 2328 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
02:16:00.0688 2328 MDM - ok
02:16:01.0156 2328 MDPMGRNT (26784cbd67a803a78411fff404d45db7) C:\Windows\system32\drivers\MDPMGRNT.sys
02:16:01.0156 2328 MDPMGRNT - ok
02:16:01.0187 2328 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
02:16:01.0187 2328 megasas - ok
02:16:01.0327 2328 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
02:16:01.0437 2328 MegaSR - ok
02:16:01.0639 2328 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
02:16:01.0655 2328 Microsoft Office Groove Audit Service - ok
02:16:01.0686 2328 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
02:16:01.0686 2328 MMCSS - ok
02:16:01.0717 2328 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
02:16:01.0717 2328 Modem - ok
02:16:01.0733 2328 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
02:16:01.0733 2328 monitor - ok
02:16:01.0749 2328 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
02:16:01.0764 2328 mouclass - ok
02:16:01.0795 2328 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
02:16:01.0795 2328 mouhid - ok
02:16:02.0092 2328 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
02:16:02.0092 2328 MountMgr - ok
02:16:02.0170 2328 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
02:16:02.0185 2328 MozillaMaintenance - ok
02:16:03.0839 2328 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
02:16:03.0901 2328 MpFilter - ok
02:16:04.0042 2328 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
02:16:04.0089 2328 mpio - ok
02:16:04.0245 2328 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
02:16:04.0276 2328 mpsdrv - ok
02:16:05.0399 2328 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
02:16:05.0586 2328 MpsSvc - ok
02:16:05.0727 2328 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
02:16:05.0742 2328 Mraid35x - ok
02:16:05.0914 2328 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
02:16:06.0163 2328 MRxDAV - ok
02:16:07.0177 2328 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:16:07.0177 2328 mrxsmb - ok
02:16:08.0176 2328 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:16:08.0191 2328 mrxsmb10 - ok
02:16:09.0205 2328 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:16:09.0205 2328 mrxsmb20 - ok
02:16:09.0237 2328 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
02:16:09.0237 2328 msahci - ok
02:16:10.0641 2328 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
02:16:10.0641 2328 msdsm - ok
02:16:11.0202 2328 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
02:16:11.0202 2328 MSDTC - ok
02:16:11.0577 2328 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
02:16:11.0592 2328 Msfs - ok
02:16:11.0670 2328 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
02:16:11.0670 2328 msisadrv - ok
02:16:11.0701 2328 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
02:16:11.0717 2328 MSiSCSI - ok
02:16:11.0717 2328 msiserver - ok
02:16:11.0733 2328 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
02:16:11.0748 2328 MSKSSRV - ok
02:16:11.0967 2328 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
02:16:11.0967 2328 MsMpSvc - ok
02:16:12.0169 2328 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
02:16:12.0201 2328 MSPCLOCK - ok
02:16:12.0247 2328 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
02:16:12.0247 2328 MSPQM - ok
02:16:12.0840 2328 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
02:16:12.0840 2328 MsRPC - ok
02:16:13.0059 2328 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
02:16:13.0059 2328 mssmbios - ok
02:16:13.0121 2328 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
02:16:13.0121 2328 MSTEE - ok
02:16:13.0620 2328 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
02:16:13.0667 2328 Mup - ok
02:16:14.0353 2328 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
02:16:14.0369 2328 napagent - ok
02:16:15.0258 2328 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
02:16:15.0274 2328 NativeWifiP - ok
02:16:16.0350 2328 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
02:16:16.0366 2328 NDIS - ok
02:16:16.0678 2328 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
02:16:16.0678 2328 NdisTapi - ok
02:16:16.0709 2328 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
02:16:16.0725 2328 Ndisuio - ok
02:16:17.0286 2328 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
02:16:17.0286 2328 NdisWan - ok
02:16:17.0333 2328 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
02:16:17.0333 2328 NDProxy - ok
02:16:17.0349 2328 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
02:16:17.0364 2328 NetBIOS - ok
02:16:17.0848 2328 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
02:16:17.0910 2328 netbt - ok
02:16:17.0957 2328 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
02:16:17.0957 2328 Netlogon - ok
02:16:18.0347 2328 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
02:16:18.0363 2328 Netman - ok
02:16:18.0394 2328 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
02:16:18.0472 2328 netprofm - ok
02:16:18.0971 2328 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:16:19.0002 2328 NetTcpPortSharing - ok
02:16:19.0049 2328 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
02:16:19.0049 2328 nfrd960 - ok
02:16:19.0361 2328 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
02:16:19.0361 2328 NisDrv - ok
02:16:19.0923 2328 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
02:16:19.0923 2328 NisSrv - ok
02:16:20.0344 2328 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
02:16:20.0359 2328 NlaSvc - ok
02:16:20.0859 2328 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
02:16:20.0859 2328 Npfs - ok
02:16:20.0921 2328 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
02:16:20.0952 2328 nsi - ok
02:16:20.0999 2328 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
02:16:20.0999 2328 nsiproxy - ok
02:16:22.0169 2328 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
02:16:22.0263 2328 Ntfs - ok
02:16:22.0309 2328 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
02:16:22.0309 2328 ntrigdigi - ok
02:16:22.0325 2328 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
02:16:22.0325 2328 Null - ok
02:16:22.0372 2328 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
02:16:22.0387 2328 nvraid - ok
02:16:22.0403 2328 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
02:16:22.0419 2328 nvstor - ok
02:16:22.0450 2328 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
02:16:22.0465 2328 nv_agp - ok
02:16:22.0465 2328 NwlnkFlt - ok
02:16:22.0481 2328 NwlnkFwd - ok
02:16:23.0386 2328 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:16:23.0401 2328 odserv - ok
02:16:23.0916 2328 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
02:16:23.0932 2328 ohci1394 - ok
02:16:23.0994 2328 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:16:24.0010 2328 ose - ok
02:16:24.0400 2328 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
02:16:24.0478 2328 p2pimsvc - ok
02:16:24.0493 2328 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
02:16:24.0493 2328 p2psvc - ok
02:16:24.0930 2328 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
02:16:24.0946 2328 Parport - ok
02:16:25.0429 2328 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
02:16:25.0461 2328 partmgr - ok
02:16:25.0492 2328 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
02:16:25.0492 2328 Parvdm - ok
02:16:25.0507 2328 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
02:16:25.0523 2328 PcaSvc - ok
02:16:25.0570 2328 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
02:16:25.0585 2328 pci - ok
02:16:25.0617 2328 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
02:16:25.0617 2328 pciide - ok
02:16:25.0648 2328 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
02:16:25.0663 2328 pcmcia - ok
02:16:25.0960 2328 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
02:16:26.0053 2328 PEAUTH - ok
02:16:29.0532 2328 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
02:16:29.0595 2328 pla - ok
02:16:35.0585 2328 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
02:16:35.0601 2328 PlugPlay - ok
02:16:37.0145 2328 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
02:16:37.0145 2328 PNRPAutoReg - ok
02:16:37.0161 2328 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
02:16:37.0161 2328 PNRPsvc - ok
02:16:37.0597 2328 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
02:16:37.0629 2328 PolicyAgent - ok
02:16:38.0190 2328 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
02:16:38.0237 2328 PptpMiniport - ok
02:16:38.0596 2328 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
02:16:38.0596 2328 Processor - ok
02:16:39.0157 2328 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
02:16:39.0173 2328 ProfSvc - ok
02:16:39.0220 2328 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
02:16:39.0220 2328 ProtectedStorage - ok
02:16:39.0657 2328 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
02:16:39.0657 2328 PSched - ok
02:16:39.0735 2328 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
02:16:39.0813 2328 ql2300 - ok
02:16:40.0593 2328 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
02:16:40.0593 2328 ql40xx - ok
02:16:40.0639 2328 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
02:16:40.0655 2328 QWAVE - ok
02:16:41.0092 2328 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
02:16:41.0139 2328 QWAVEdrv - ok
02:16:42.0714 2328 R300 (daca081e9dc82d4a05b0d21e8aa93df8) C:\Windows\system32\DRIVERS\atikmdag.sys
02:16:42.0730 2328 R300 - ok
02:16:44.0742 2328 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
02:16:44.0758 2328 RasAcd - ok
02:16:45.0725 2328 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
02:16:45.0741 2328 RasAuto - ok
02:16:46.0708 2328 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:16:46.0739 2328 Rasl2tp - ok
02:16:46.0786 2328 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
02:16:46.0801 2328 RasMan - ok
02:16:47.0347 2328 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
02:16:47.0410 2328 RasPppoe - ok
02:16:47.0457 2328 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
02:16:47.0488 2328 RasSstp - ok
02:16:47.0784 2328 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
02:16:47.0784 2328 rdbss - ok
02:16:47.0815 2328 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:16:47.0815 2328 RDPCDD - ok
02:16:48.0814 2328 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
02:16:48.0814 2328 rdpdr - ok
02:16:48.0845 2328 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
02:16:48.0845 2328 RDPENCDD - ok
02:16:49.0719 2328 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
02:16:49.0719 2328 RDPWD - ok
02:16:49.0781 2328 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
02:16:49.0781 2328 RemoteAccess - ok
02:16:50.0826 2328 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
02:16:50.0842 2328 RemoteRegistry - ok
02:16:50.0857 2328 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
02:16:50.0857 2328 RpcLocator - ok
02:16:51.0793 2328 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
02:16:51.0793 2328 RpcSs - ok
02:16:51.0825 2328 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
02:16:51.0825 2328 rspndr - ok
02:16:51.0887 2328 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
02:16:51.0887 2328 SamSs - ok
02:16:51.0918 2328 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
02:16:51.0918 2328 sbp2port - ok
02:16:51.0981 2328 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
02:16:51.0996 2328 SCardSvr - ok
02:16:52.0059 2328 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
02:16:52.0090 2328 Schedule - ok
02:16:52.0152 2328 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
02:16:52.0168 2328 SCPolicySvc - ok
02:16:52.0230 2328 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
02:16:52.0246 2328 sdbus - ok
02:16:52.0277 2328 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
02:16:52.0293 2328 SDRSVC - ok
02:16:52.0293 2328 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
02:16:52.0308 2328 secdrv - ok
02:16:52.0308 2328 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
02:16:52.0324 2328 seclogon - ok
02:16:52.0324 2328 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
02:16:52.0339 2328 SENS - ok
02:16:52.0605 2328 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
02:16:52.0620 2328 Serenum - ok
02:16:52.0651 2328 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
02:16:52.0667 2328 Serial - ok
02:16:52.0683 2328 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
02:16:52.0683 2328 sermouse - ok
02:16:52.0745 2328 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
02:16:52.0745 2328 SessionEnv - ok
02:16:52.0776 2328 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
02:16:52.0776 2328 sffdisk - ok
02:16:52.0792 2328 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
02:16:52.0807 2328 sffp_mmc - ok
02:16:52.0823 2328 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
02:16:52.0823 2328 sffp_sd - ok
02:16:52.0839 2328 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
02:16:52.0839 2328 sfloppy - ok
02:16:52.0901 2328 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
02:16:52.0917 2328 SharedAccess - ok
02:16:53.0338 2328 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
02:16:53.0353 2328 ShellHWDetection - ok
02:16:53.0400 2328 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
02:16:53.0400 2328 sisagp - ok
02:16:53.0416 2328 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
02:16:53.0416 2328 SiSRaid2 - ok
02:16:53.0447 2328 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
02:16:53.0447 2328 SiSRaid4 - ok
02:16:54.0804 2328 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
02:16:54.0960 2328 slsvc - ok
02:16:55.0974 2328 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
02:16:55.0974 2328 SLUINotify - ok
02:16:56.0333 2328 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
02:16:56.0349 2328 Smb - ok
02:16:56.0380 2328 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
02:16:56.0380 2328 SNMPTRAP - ok
02:16:56.0411 2328 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
02:16:56.0411 2328 spldr - ok
02:16:56.0442 2328 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
02:16:56.0473 2328 Spooler - ok
02:16:56.0848 2328 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
02:16:56.0879 2328 srv - ok
02:16:57.0363 2328 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
02:16:57.0378 2328 srv2 - ok
02:16:57.0456 2328 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
02:16:57.0456 2328 srvnet - ok
02:16:57.0503 2328 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
02:16:57.0503 2328 SSDPSRV - ok
02:16:57.0550 2328 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
02:16:57.0550 2328 SstpSvc - ok
02:16:57.0612 2328 Steam Client Service - ok
02:16:57.0831 2328 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
02:16:57.0846 2328 stisvc - ok
02:16:57.0877 2328 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
02:16:57.0877 2328 swenum - ok
02:16:58.0501 2328 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
02:16:58.0517 2328 swprv - ok
02:16:59.0375 2328 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
02:16:59.0391 2328 Symc8xx - ok
02:16:59.0422 2328 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
02:16:59.0422 2328 Sym_hi - ok
02:16:59.0453 2328 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
02:16:59.0453 2328 Sym_u3 - ok
02:16:59.0515 2328 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys
02:16:59.0531 2328 SynTP - ok
02:17:00.0498 2328 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
02:17:00.0576 2328 SysMain - ok
02:17:01.0481 2328 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
02:17:01.0497 2328 TabletInputService - ok
02:17:01.0933 2328 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
02:17:01.0949 2328 TapiSrv - ok
02:17:02.0542 2328 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
02:17:02.0542 2328 TBS - ok
02:17:03.0525 2328 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
02:17:03.0603 2328 Tcpip - ok
02:17:03.0618 2328 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
02:17:03.0634 2328 Tcpip6 - ok
02:17:03.0977 2328 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
02:17:03.0977 2328 tcpipreg - ok
02:17:04.0008 2328 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
02:17:04.0008 2328 TDPIPE - ok
02:17:04.0601 2328 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
02:17:04.0632 2328 TDTCP - ok
02:17:05.0022 2328 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
02:17:05.0038 2328 tdx - ok
02:17:05.0662 2328 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
02:17:05.0662 2328 TermDD - ok
02:17:06.0551 2328 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
02:17:06.0567 2328 TermService - ok
02:17:06.0988 2328 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
02:17:06.0988 2328 Themes - ok
02:17:07.0643 2328 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
02:17:07.0643 2328 THREADORDER - ok
02:17:07.0674 2328 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
02:17:07.0690 2328 TrkWks - ok
02:17:08.0033 2328 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
02:17:08.0033 2328 TrustedInstaller - ok
02:17:08.0579 2328 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:17:08.0579 2328 tssecsrv - ok
02:17:08.0813 2328 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
02:17:08.0829 2328 tunmp - ok
02:17:08.0907 2328 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
02:17:08.0907 2328 tunnel - ok
02:17:08.0938 2328 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
02:17:08.0938 2328 uagp35 - ok
02:17:09.0016 2328 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
02:17:09.0078 2328 udfs - ok
02:17:09.0577 2328 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
02:17:09.0577 2328 UI0Detect - ok
02:17:09.0609 2328 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
02:17:09.0609 2328 uliagpkx - ok
02:17:10.0014 2328 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
02:17:10.0030 2328 uliahci - ok
02:17:10.0061 2328 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
02:17:10.0077 2328 UlSata - ok
02:17:10.0108 2328 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
02:17:10.0108 2328 ulsata2 - ok
02:17:10.0139 2328 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
02:17:10.0155 2328 umbus - ok
02:17:10.0669 2328 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
02:17:10.0685 2328 UmRdpService - ok
02:17:10.0732 2328 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
02:17:10.0747 2328 upnphost - ok
02:17:10.0872 2328 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
02:17:10.0888 2328 USBAAPL - ok
02:17:11.0028 2328 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
02:17:11.0028 2328 usbaudio - ok
02:17:11.0184 2328 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
02:17:11.0247 2328 usbccgp - ok
02:17:11.0605 2328 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
02:17:11.0605 2328 usbcir - ok
02:17:12.0058 2328 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
02:17:12.0073 2328 usbehci - ok
02:17:12.0385 2328 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
02:17:12.0432 2328 usbhub - ok
02:17:12.0635 2328 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
02:17:12.0651 2328 usbohci - ok
02:17:12.0682 2328 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
02:17:12.0682 2328 usbprint - ok
02:17:13.0150 2328 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:17:13.0150 2328 USBSTOR - ok
02:17:13.0181 2328 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
02:17:13.0181 2328 usbuhci - ok
02:17:13.0680 2328 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
02:17:13.0696 2328 UxSms - ok
02:17:14.0616 2328 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
02:17:14.0632 2328 vds - ok
02:17:14.0663 2328 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
02:17:14.0663 2328 vga - ok
02:17:14.0694 2328 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
02:17:14.0694 2328 VgaSave - ok
02:17:14.0725 2328 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
02:17:14.0725 2328 viaagp - ok
02:17:14.0741 2328 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
02:17:14.0741 2328 ViaC7 - ok
02:17:14.0772 2328 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
02:17:14.0772 2328 viaide - ok
02:17:14.0803 2328 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
02:17:14.0803 2328 volmgr - ok
02:17:15.0677 2328 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
02:17:15.0693 2328 volmgrx - ok
02:17:16.0145 2328 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
02:17:16.0161 2328 volsnap - ok
02:17:16.0192 2328 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
02:17:16.0192 2328 vsmraid - ok
02:17:17.0143 2328 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
02:17:17.0206 2328 VSS - ok
02:17:17.0658 2328 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
02:17:17.0674 2328 W32Time - ok
02:17:18.0610 2328 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
02:17:18.0625 2328 WacomPen - ok
02:17:18.0657 2328 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:17:18.0657 2328 Wanarp - ok
02:17:18.0672 2328 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
02:17:18.0672 2328 Wanarpv6 - ok
02:17:20.0279 2328 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
02:17:20.0419 2328 wbengine - ok
02:17:21.0309 2328 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
02:17:21.0324 2328 wcncsvc - ok
02:17:21.0355 2328 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
02:17:21.0355 2328 WcsPlugInService - ok
02:17:21.0792 2328 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
02:17:21.0792 2328 Wd - ok
02:17:22.0837 2328 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
02:17:22.0884 2328 Wdf01000 - ok
02:17:23.0259 2328 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
02:17:23.0259 2328 WdiServiceHost - ok
02:17:23.0274 2328 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
02:17:23.0274 2328 WdiSystemHost - ok
02:17:23.0820 2328 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
02:17:23.0836 2328 WebClient - ok
02:17:24.0413 2328 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
02:17:24.0429 2328 Wecsvc - ok
02:17:24.0444 2328 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
02:17:24.0460 2328 wercplsupport - ok
02:17:25.0318 2328 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
02:17:25.0333 2328 WerSvc - ok
02:17:25.0895 2328 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
02:17:25.0926 2328 winachsf - ok
02:17:26.0878 2328 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
02:17:26.0909 2328 WinDefend - ok
02:17:26.0925 2328 WinHttpAutoProxySvc - ok
02:17:27.0954 2328 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
02:17:27.0954 2328 Winmgmt - ok
02:17:30.0388 2328 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
02:17:30.0435 2328 WinRM - ok
02:17:32.0369 2328 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
02:17:32.0416 2328 Wlansvc - ok
02:17:32.0416 2328 wltrysvc - ok
02:17:33.0009 2328 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
02:17:33.0024 2328 WmiAcpi - ok
02:17:34.0413 2328 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
02:17:34.0413 2328 wmiApSrv - ok
02:17:35.0380 2328 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
02:17:35.0442 2328 WMPNetworkSvc - ok
02:17:35.0910 2328 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
02:17:35.0910 2328 WPDBusEnum - ok
02:17:35.0941 2328 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
02:17:35.0941 2328 WpdUsb - ok
02:17:36.0269 2328 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:17:36.0300 2328 WPFFontCache_v0400 - ok
02:17:36.0331 2328 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
02:17:36.0331 2328 ws2ifsl - ok
02:17:36.0409 2328 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
02:17:36.0409 2328 WsAudio_DeviceS(1) - ok
02:17:36.0441 2328 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
02:17:36.0456 2328 WsAudio_DeviceS(2) - ok
02:17:36.0503 2328 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
02:17:36.0503 2328 WsAudio_DeviceS(3) - ok
02:17:36.0550 2328 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
02:17:36.0550 2328 WsAudio_DeviceS(4) - ok
02:17:36.0597 2328 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
02:17:36.0597 2328 WsAudio_DeviceS(5) - ok
02:17:36.0659 2328 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
02:17:36.0675 2328 wscsvc - ok
02:17:36.0675 2328 WSearch - ok
02:17:36.0815 2328 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
02:17:36.0924 2328 wuauserv - ok
02:17:37.0969 2328 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:17:37.0969 2328 WUDFRd - ok
02:17:38.0001 2328 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
02:17:38.0001 2328 wudfsvc - ok
02:17:38.0047 2328 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
02:17:39.0935 2328 \Device\Harddisk0\DR0 - ok
02:17:40.0403 2328 MBR (0x1B8) (0792f22bcc85cfd3b28324561fffcabb) \Device\Harddisk1\DR1
02:17:43.0819 2328 \Device\Harddisk1\DR1 - ok
02:17:43.0882 2328 Boot (0x1200) (479cee948e50620ea624a2cdfda9a813) \Device\Harddisk0\DR0\Partition0
02:17:43.0897 2328 \Device\Harddisk0\DR0\Partition0 - ok
02:17:43.0913 2328 Boot (0x1200) (cca6cae3bed8bd52e338fe0c2d2ea446) \Device\Harddisk1\DR1\Partition0
02:17:43.0913 2328 \Device\Harddisk1\DR1\Partition0 - ok
02:17:43.0913 2328 ============================================================
02:17:43.0913 2328 Scan finished
02:17:43.0913 2328 ============================================================
02:17:43.0929 0612 Detected object count: 1
02:17:43.0929 0612 Actual detected object count: 1
02:18:22.0897 0612 c:\program files\common files\akamai/netsession_win_4f7fccd.dll - copied to quarantine
02:18:22.0897 0612 HKLM\SYSTEM\ControlSet001\services\Akamai - will be deleted on reboot
02:18:23.0085 0612 HKLM\SYSTEM\ControlSet003\services\Akamai - will be deleted on reboot
02:18:23.0100 0612 c:\program files\common files\akamai/netsession_win_4f7fccd.dll - will be deleted on reboot
02:18:23.0100 0612 Akamai ( HiddenFile.Multi.Generic ) - User select action: Delete
02:18:36.0204 0232 Deinitialize success


And here's the log for aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-13 02:26:22
-----------------------------
02:26:22.503 OS Version: Windows 6.0.6002 Service Pack 2
02:26:22.503 Number of processors: 1 586 0x7C02
02:26:22.503 ComputerName: NYAA UserName:
02:26:23.689 Initialize success
02:27:26.968 AVAST engine defs: 12081300
02:27:56.623 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:27:56.623 Disk 0 Vendor: ST980811AS 3.CDE Size: 76319MB BusType: 3
02:27:56.717 Disk 0 MBR read successfully
02:27:56.717 Disk 0 MBR scan
02:27:56.764 Disk 0 Windows VISTA default MBR code
02:27:56.795 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63
02:27:56.842 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76230 MB offset 176715
02:27:56.842 Disk 0 scanning sectors +156296385
02:27:57.060 Disk 0 scanning C:\Windows\system32\drivers
02:28:47.511 Service scanning
02:29:25.809 Modules scanning
02:30:16.275 Disk 0 trace - called modules:
02:30:16.306 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys
02:30:16.321 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858eb968]
02:30:16.321 3 CLASSPNP.SYS[82d168b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x847a0b98]
02:30:16.945 AVAST engine scan C:\Windows
02:30:29.020 AVAST engine scan C:\Windows\system32
02:38:21.066 AVAST engine scan C:\Windows\system32\drivers
02:38:40.675 AVAST engine scan C:\Users\Anastassia
02:59:02.685 AVAST engine scan C:\ProgramData
03:07:16.339 Scan finished successfully
03:08:14.059 Disk 0 MBR has been saved successfully to "C:\Users\Anastassia\Desktop\MBR.dat"
03:08:14.059 The log file has been saved successfully to "C:\Users\Anastassia\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 PM

Posted 13 August 2012 - 04:24 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 psychedelicpiper9

psychedelicpiper9
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 13 August 2012 - 05:48 AM

Here's the ComboFix log using CFScript:

ComboFix 12-08-10.02 - Anastassia 08/13/2012 5:03.2.1 - x86
MicrosoftÆ Windows Vistaô Business 6.0.6002.2.1252.1.1033.18.1917.1174 [GMT -5:00]
Running from: c:\users\Anastassia\Desktop\ComboFix.exe
Command switches used :: c:\users\Anastassia\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 05:52 . 2012-08-13 05:52 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1C6BB3B-9CBE-4208-A319-3DF6F473FD33}\offreg.dll
2012-08-13 05:49 . 2012-08-13 05:52 -------- d-----w- c:\users\Anastassia\AppData\Local\temp
2012-08-13 05:49 . 2012-08-13 05:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-08 14:33 . 2012-08-08 14:33 -------- d-----w- C:\FRST
2012-08-08 10:59 . 2012-08-08 10:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-08-08 10:08 . 2012-08-08 10:08 -------- d-----w- c:\users\Anastassia\AppData\Roaming\Malwarebytes
2012-08-08 10:07 . 2012-08-08 10:07 -------- d-----w- c:\programdata\Malwarebytes
2012-08-08 10:07 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-08 10:07 . 2012-08-08 10:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-07 05:08 . 2012-02-09 19:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E1ED39AA-8EF9-4359-A357-C1F2EC7495E0}\gapaengine.dll
2012-08-07 05:07 . 2012-07-16 07:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1C6BB3B-9CBE-4208-A319-3DF6F473FD33}\mpengine.dll
2012-08-07 05:04 . 2012-08-07 05:05 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-05 10:55 . 2012-08-05 10:55 -------- d-sh--w- c:\windows\system32\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 23:26 . 2012-04-08 12:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 23:26 . 2011-05-17 21:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:40 . 2012-07-12 16:37 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-11 18:46 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 18:46 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 18:45 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-19 11:25 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 11:25 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 11:25 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 11:25 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 11:25 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 11:25 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 11:25 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-19 11:24 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12 . 2012-06-19 11:24 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-12 16:21 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 16:21 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 16:21 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 16:21 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 16:21 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04 . 2012-07-11 18:45 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 18:45 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-18 07:53 . 2012-05-30 05:20 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-10-10 3906656]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-10 20:51 3906656 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-10-10 20:51 3906656 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-10-10 3906656]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-10 3906656]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-10-10 3906656]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Anastassia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Anastassia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Anastassia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Akamai NetSession Interface"="c:\users\Anastassia\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\Anastassia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Anastassia\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-2-17 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2012-02-23 16:38 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2009-01-20 20:36 3563520 ----a-w- c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Getting started with MacDrive 8]
2009-03-31 22:21 141312 ----a-w- c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 23:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacDrive 8 application]
2009-06-15 17:08 202328 ----a-w- c:\program files\Mediafour\MacDrive 8\MacDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 22:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 20:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 17:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-12-17 20:05 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 19:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-10-26 19:39 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 33392158
*NewlyCreated* - ASWMBR
*Deregistered* - 33392158
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 23:26]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc24697ddf3580.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 11:32]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 11:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Anastassia\AppData\Roaming\Mozilla\Firefox\Profiles\fpmsyxuv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aimright-chromesbox-en-us&tb_uuid=20110629034605816&tb_oid=29-06-2011&tb_mrud=13-06-2012
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aimright-ab-en-us&tb_uuid=20110629034605816&tb_oid=29-06-2011&tb_mrud=13-06-2012&query=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-33392158.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-13 05:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2436)
c:\users\Anastassia\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
Completion time: 2012-08-13 05:18:41
ComboFix-quarantined-files.txt 2012-08-13 10:18
ComboFix2.txt 2012-08-13 06:05
.
Pre-Run: 4,124,303,360 bytes free
Post-Run: 4,240,080,896 bytes free
.
- - End Of File - - 3AA2CA93BF5A33D5D0108EB4E341ECCA


I had no problems, and my Windows laptop is running superbly right now! :)

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 PM

Posted 13 August 2012 - 12:58 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 psychedelicpiper9

psychedelicpiper9
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 13 August 2012 - 08:35 PM

Here's the extra report:


Update for Microsoft Office 2007 (KB2508958)
µTorrent
7-Zip 4.65
Ableton Live 8
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.3)
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 7
Akamai NetSession Interface
Akamai NetSession Interface Service
American McGee's Alice™
AOL Messaging Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Audacity 2.0
Auslogics Disk Defrag
Bonjour
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
ccc-core-static
ccc-utility
CCC Help English
CCleaner
CDBurnerXP
Conduit Engine
Dell Touchpad
Dell Wireless WLAN Card Utility
Download Updater (AOL LLC)
Dropbox
F.E.A.R.
Fences
FileZilla Client 3.3.4.1
Final Fantasy VII - Ultima Edition
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
iTunes
Java Auto Updater
Java™ 6 Update 24
MacDrive 8
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MKVToolNix 5.7.0
MobileMe Control Panel
Monkey Island 2: Special Edition
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
PDF Settings
QuickTime
RocketDock 1.3.5
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skins
Skype Toolbars
Skypeô 5.3
Steam
The Secret of Monkey Island: Special Edition
Tyrian 2000
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.2
Vuze
Vuze Remote Toolbar
Windows Media Player Firefox Plugin
World of Warcraft
Yahoo! Detect

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:13 PM

Posted 14 August 2012 - 12:42 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Conduit Engine
Java™ 6 Update 24
Vuze
Vuze Remote Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 psychedelicpiper9

psychedelicpiper9
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 14 August 2012 - 01:29 PM

I removed both Vuze and the Vuze toolbar since that program was bloated anyway, but I refuse to remove uTorrent. While I am aware of the concerns involving P2P programs, the torrent protocol is a more secure way of sharing than others. I also don't use public torrent sites like The Pirate Bay either, which is obviously an easy target for trojans and malware. I am always certain about the content I'm obtaining, and I won't name sites, but the sites I use run on secure connections and have firm rules.

I think I got the sirefef virus by visiting some less than savory websites instead, to be honest ... plus, my Firewall was off. It's definitely on now, though.

I did everything else as you instructed. I removed the Conduit Engine and Vuze, of course. I also removed Java, and then reinstalled it from that link you provided. And I used CCleaner.


Here's the log from MBAM:


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.14.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Anastassia :: NYAA [administrator]

8/14/2012 12:37:44 PM
mbam-log-2012-08-14 (12-37-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195027
Time elapsed: 8 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Here's the log from HijackThis:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:57:01 PM, on 8/14/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Anastassia\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Anastassia\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOL Messaging Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: AOL Messaging Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
O3 - Toolbar: AOL Messaging Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - Startup: Dropbox.lnk = C:\Users\Anastassia\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDrive 8 service (MacDrive8Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 7109 bytes


My computer is running fine, by the way.

Edited by psychedelicpiper9, 14 August 2012 - 01:37 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users