Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with malware


  • This topic is locked This topic is locked
11 replies to this topic

#1 Malvo

Malvo

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 26 August 2012 - 06:13 PM

Hello,

A program called 1ClickDownloader got installed on my computer. Now also MBAM detected a Rootkit.Agent. Got rid of both but don't know if completely because I've been experiencing some weird stuff, like Teamspeak claiming not to be able to connect to server, also happens with games etc. and this started after the program mentioned above got on the computer. And today I got a BlueScreen and restart which has never happened before. Don't know if related but I'm very paranoid and don't know what to do.

Here's the DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by Hermanni II at 1:25:17 on 2012-08-27
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1035.18.8151.5384 [GMT 3:00]
.
AV: Elisa Tietoturvapalvelu Lapsilukolla 9.01 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Elisa Tietoturvapalvelu Lapsilukolla 9.01 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Elisa Tietoturvapalvelu Lapsilukolla 9.01 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
C:\Program Files (x86)\Cobian Backup 10\cbService.exe
C:\Program Files (x86)\Elisa\Avustaja\Service.exe
C:\Program Files (x86)\Elisa\ESUS\ESUS.exe
C:\Program Files (x86)\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files (x86)\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files (x86)\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Elisa Tietoturvapalvelu\Common\FSHDLL32.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Elisa Tietoturvapalvelu\Common\FSHDLL64.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Elisa Tietoturvapalvelu\ORSP Client\fsorsp.exe
C:\Program Files (x86)\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Users\Hermanni II\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files (x86)\Elisa\Avustaja\Elisa.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://hs.fi/
uWindow Title = Windows Internet Explorer - toimittaja MSN and Bing
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID -kirjautumisapuohjelma: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - C:\Program Files (x86)\Elisa Tietoturvapalvelu\NRS\iescript\baselitmus.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - C:\Program Files (x86)\Elisa Tietoturvapalvelu\NRS\iescript\baselitmus.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB: {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No File
uRun: [F.lux] "C:\Users\Hermanni II\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [Simp]
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [F-Secure Manager] "C:\Program Files (x86)\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "C:\Program Files (x86)\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Elisa Avustaja] "C:\Program Files (x86)\Elisa\Avustaja\Elisa.exe" -autorun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Läh&etä OneNoteen - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: V&ie Microsoft Exceliin - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Program Files (x86)\Elisa Tietoturvapalvelu\FSPS\program\FSLSP.DLL
Trusted Zone: fronter.com
Trusted Zone: microsoft.com\office
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
TCP: DhcpNameServer = 192.168.100.1
TCP: Interfaces\{320F7D61-5BDF-40C7-9B1B-D968B8A6E626} : DhcpNameServer = 192.168.100.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~2\sprote~1\sprote~1.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{53707962-6F74-2D53-2644-206D7942484F}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{C6867EB7-8350-4856-877F-93CF8AE3DC9C}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
{8dcb7100-df86-4384-8842-8fa844297b3f}
{265EEE8E-3228-44D3-AEA5-F7FDF5860049}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
TB-X64: {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [F-Secure Manager] "C:\Program Files (x86)\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
mRun-x64: [F-Secure TNB] "C:\Program Files (x86)\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun-x64: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Elisa Avustaja] "C:\Program Files (x86)\Elisa\Avustaja\Elisa.exe" -autorun
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: c:\progra~2\sprote~1\sprote~1.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hermanni II\AppData\Roaming\Mozilla\Firefox\Profiles\zhpz7fqd.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.hs.fi/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Elisa Tietoturvapalvelu\NRS\litmus-ff@f-secure.com\components\6litmus-ff.dll
FF - component: C:\Program Files (x86)\Elisa Tietoturvapalvelu\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - component: C:\Users\Hermanni II\AppData\Roaming\Mozilla\Firefox\Profiles\zhpz7fqd.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Hermanni II\AppData\Roaming\Mozilla\Firefox\Profiles\zhpz7fqd.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Hermanni II\AppData\Roaming\Mozilla\Firefox\Profiles\zhpz7fqd.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Hermanni II\AppData\Roaming\Mozilla\Firefox\Profiles\zhpz7fqd.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2010-10-9 42672]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Elisa Tietoturvapalvelu\HIPS\drivers\fshs.sys [2010-10-9 57920]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys --> C:\Windows\system32\drivers\fses.sys [?]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys --> C:\Windows\system32\drivers\fsdfw.sys [?]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsvista.sys [2010-10-9 14904]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/01/04 15:56:38];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-1-4 146928]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2011-12-2 67584]
R2 CobianBackup10;Cobian Backup 10;C:\Program Files (x86)\Cobian Backup 10\cbService.exe [2011-12-2 1125376]
R2 ElisaAvustajaSvc;Elisa Avustaja Service;C:\Program Files (x86)\Elisa\Avustaja\Service.exe [2011-3-16 463752]
R2 ESUSClient_ELS;Elisa Software Update Service;C:\Program Files (x86)\Elisa\ESUS\ESUS.exe [2011-5-4 358808]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe [2010-10-9 215648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-1-4 13336]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-5-10 386344]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-1-6 1153368]
R3 AVER_H193;AVerMedia H193 Video Capture;C:\Windows\system32\drivers\AVer888RC_64.sys --> C:\Windows\system32\drivers\AVer888RC_64.sys [?]
R3 CXCIR;AVerMedia Consumer Infrared Receiver;C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys --> C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys [?]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsgk.sys [2010-10-9 199848]
R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Elisa Tietoturvapalvelu\ORSP Client\fsorsp.exe [2010-10-9 61088]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 jakndisMP;jakndisMP;C:\Windows\system32\DRIVERS\jakndis.sys --> C:\Windows\system32\DRIVERS\jakndis.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google-päivityspalvelu (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-29 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 250056]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Päivitä-palvelu (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-29 136176]
S3 jakndis;Jaksta Service;C:\Windows\system32\DRIVERS\jakndis.sys --> C:\Windows\system32\DRIVERS\jakndis.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-16 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-26 19:12:46 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-08-26 11:13:23 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B2B094F7-9A20-41A6-9660-019B0D1D2356}\offreg.dll
2012-08-26 10:51:20 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{FA69A872-6922-4C02-AEE9-356CC370365F}
2012-08-26 08:28:13 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{ED6A143A-5FA0-4238-B96E-06E638CE2DCC}
2012-08-25 11:40:17 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-08-25 09:12:21 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{5F144C22-09F7-428C-BB4C-F868CCF3D0BF}
2012-08-24 06:27:49 9309624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B2B094F7-9A20-41A6-9660-019B0D1D2356}\mpengine.dll
2012-08-24 06:23:45 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{CE1B276B-4934-4D4B-BFCB-E90B0BA7B74F}
2012-08-23 06:28:46 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{61820FD9-ECC7-4E11-AF6A-D72CEA2DEC3B}
2012-08-22 18:57:39 -------- d-----w- C:\Program Files (x86)\smartdl
2012-08-22 18:54:40 -------- d-----w- C:\ProgramData\GBox
2012-08-22 18:54:35 -------- d-----w- C:\Program Files (x86)\SProtector
2012-08-22 05:55:49 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{64BFEE52-3E56-4FD0-A095-1B5FE5088A98}
2012-08-21 07:14:31 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{B819C3A9-BB84-4DEB-A35B-04D0305C8ADB}
2012-08-20 07:48:34 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{B934DB63-CB3D-42C7-B631-8EC7C2DA39D1}
2012-08-19 05:13:23 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{B7F1C2FA-B8E4-4CC2-A238-24BEABBCE745}
2012-08-18 08:22:54 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{FF6904C3-97E8-4121-B667-30F87E5EAFDF}
2012-08-18 08:22:39 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{1C22FE6A-937A-4381-A9A0-5E8D6BD29755}
2012-08-17 07:55:16 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{C3371805-CB02-4063-A2F3-326A06BD7394}
2012-08-17 07:54:48 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{3229766A-2C5F-4419-B3DC-4624D133CD76}
2012-08-16 15:09:02 184248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-08-16 15:09:02 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2012-08-16 15:09:02 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
2012-08-16 15:09:02 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2012-08-16 15:09:02 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2012-08-16 15:09:02 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2012-08-16 15:09:02 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2012-08-16 15:09:02 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2012-08-16 07:13:38 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{449B0AED-5F5E-404B-8438-A53FAF2261A2}
2012-08-16 07:13:35 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{ACBEC944-E152-469C-8E5B-DC8B8CF63F33}
2012-08-15 18:53:04 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{002B62A8-3A59-49ED-B39B-95170480678F}
2012-08-15 06:58:17 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 06:58:17 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 06:58:05 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 06:58:04 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 06:58:04 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 06:58:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 06:58:00 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 06:57:57 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 06:57:53 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 06:57:53 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 06:57:53 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 06:49:10 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{8B335DD8-3123-4A83-8993-8B19B57B305A}
2012-08-15 06:48:27 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{05688EE5-28B4-4202-A6A5-908E80D8968E}
2012-08-14 06:31:11 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{20570FF2-17FB-43E3-BB45-E4F743254107}
2012-08-14 06:29:15 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{2A02DF8C-F5BF-476C-9102-4D384CCCE91F}
2012-08-13 06:42:58 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{3BECEFA5-E452-4AFD-BC35-BAA3ABF58445}
2012-08-13 06:41:12 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{2BF05355-D80E-4C4A-8992-B1BB99C99E94}
2012-08-12 08:24:53 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{8A0F0ECA-6C15-4E5C-A8D0-E021AFEA6052}
2012-08-12 08:23:06 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{3E4459B6-3D18-4237-8258-52AC2FD4DF58}
2012-08-11 08:01:24 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{18DF413C-F2F7-4578-A581-CF273592C5CC}
2012-08-11 08:00:15 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{F0701A22-A798-4F11-96FC-20EA0A8971B7}
2012-08-10 06:55:15 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{EF552C24-81D7-456F-8B51-E939EB2BE1E2}
2012-08-10 06:53:29 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{D20762DE-2378-4308-BBBD-F3D98A061A0C}
2012-08-09 06:39:12 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{8D37BDBE-F4F2-42B7-AF47-920E1A06AABF}
2012-08-09 06:37:50 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{7CE421C9-FAE0-45F5-A4F6-15D9D7CFC9DE}
2012-08-08 05:15:18 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{FA6292DF-E583-4DFF-9882-9DE9272A87BB}
2012-08-08 05:13:41 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{E1DC9CD2-DCEE-4346-A5E0-78C563AAD673}
2012-08-07 05:53:09 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{1B85EE4C-AF18-4A0F-9AE3-A65368036AEC}
2012-08-07 05:52:02 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{EA327EF8-05E7-44B1-A983-1765D77391F3}
2012-08-05 19:53:13 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{6A88D15D-E119-4248-B20D-F12A10A77C1A}
2012-08-05 19:52:56 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{52AE1DB9-2C4F-4495-A700-DD47312BCD9F}
2012-08-05 09:23:55 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{DB430266-0557-4956-AAE1-B437A8A1A7D2}
2012-08-05 09:23:09 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{CCDD5862-8F08-426D-A0E4-EE8741AE8475}
2012-08-04 06:45:35 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{C6DCCBB4-C57B-4BFC-8593-44660B59F9D5}
2012-08-04 06:44:22 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{02E943B1-ECD0-43CE-83E1-594CD49770C2}
2012-08-03 07:05:45 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{9393FF5E-D146-4C2A-8639-374F4D368009}
2012-08-03 07:04:53 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{9D60F96C-61F5-4630-8C6D-873CBE4FC265}
2012-08-02 07:52:34 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{26DAD3B7-0BF4-462B-A76D-F85879270EA7}
2012-08-02 07:51:26 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{F64C2456-F7AA-43E6-8269-5EACD17F130A}
2012-08-01 06:37:12 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{EE3F61BF-B11B-44AD-A77E-97BD1887E933}
2012-07-31 07:45:05 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{F7C92377-2820-406E-A7F7-B761BD82CE18}
2012-07-31 07:44:04 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{36DD948A-DDF7-43C2-9AE2-FD4445B2506A}
2012-07-30 08:22:14 -------- d-----w- C:\Users\Hermanni II\AppData\Local\Matt_Chambers
2012-07-30 07:59:45 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{B871E3C4-2C9A-4CD3-81BF-CAB8EAA50D9B}
2012-07-30 07:58:45 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{A4448F2B-D90E-43A0-A194-17B12F9182E9}
2012-07-29 11:03:32 -------- d-----w- C:\Users\Hermanni II\AppData\Roaming\CrystalIdea Software
2012-07-29 07:05:39 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{7B385CA1-69C0-47DF-8686-B7806EBBB151}
2012-07-29 07:04:33 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{59856F1A-7142-4AFB-84C4-D771F20F1273}
2012-07-28 08:25:51 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{2D68DAB0-9D4A-4D38-816A-DBDF55C81405}
2012-07-28 08:24:42 -------- d-----w- C:\Users\Hermanni II\AppData\Local\{9023F4A3-9C19-4DD3-9111-5D1225B065C0}
.
==================== Find3M ====================
.
2012-08-15 13:39:50 56016 ----a-w- C:\Windows\System32\drivers\fsbts.sys
2012-08-14 19:21:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-14 19:21:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-21 10:31:43 233920 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-21 10:31:43 233920 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-03 10:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-23 21:23:45 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-06-23 21:23:45 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 12:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 09:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 1:27:46,76 ===============

BC AdBot (Login to Remove)

 


#2 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 PM

Posted 29 August 2012 - 09:57 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. :)


Hello there, Malvo

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 PM

Posted 29 August 2012 - 09:58 AM

Hello,

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
aswMBR log
MBR.dat (attachment)
TDSS Killer log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#4 Malvo

Malvo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 31 August 2012 - 02:00 PM

Hello, Conspire

Thank you for helping and sorry I made you wait. Been busy lately but it's all right now.

I did as you told me, downloaded aswMBR and saved it to desktop etc. However, when I clicked scan and waited for a while, a message pops up saying: "avast! Antirootkit has stopped working." and I have to close it.

Will try again, meanwhile, here's the TDSSKiller log:

EDIT: aswMBR is still not working, same message comes up.

Anyway, the TDSSKiller log:

21:48:08.0702 1036 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:48:08.0844 1036 ============================================================
21:48:08.0844 1036 Current date / time: 2012/08/31 21:48:08.0844
21:48:08.0844 1036 SystemInfo:
21:48:08.0844 1036
21:48:08.0844 1036 OS Version: 6.1.7601 ServicePack: 1.0
21:48:08.0844 1036 Product type: Workstation
21:48:08.0844 1036 ComputerName: HERMANNI_II-PC
21:48:08.0844 1036 UserName: Hermanni II
21:48:08.0845 1036 Windows directory: C:\Windows
21:48:08.0845 1036 System windows directory: C:\Windows
21:48:08.0845 1036 Running under WOW64
21:48:08.0845 1036 Processor architecture: Intel x64
21:48:08.0845 1036 Number of processors: 8
21:48:08.0845 1036 Page size: 0x1000
21:48:08.0845 1036 Boot type: Normal boot
21:48:08.0845 1036 ============================================================
21:48:09.0298 1036 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:48:09.0311 1036 Drive \Device\Harddisk5\DR5 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:48:19.0390 1036 ============================================================
21:48:19.0390 1036 \Device\Harddisk0\DR0:
21:48:19.0391 1036 MBR partitions:
21:48:19.0391 1036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:48:19.0391 1036 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAD323800
21:48:19.0391 1036 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAD356000, BlocksNum 0x1731000
21:48:19.0391 1036 \Device\Harddisk5\DR5:
21:48:19.0391 1036 MBR partitions:
21:48:19.0391 1036 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
21:48:19.0391 1036 ============================================================
21:48:19.0424 1036 C: <-> \Device\Harddisk0\DR0\Partition2
21:48:19.0470 1036 D: <-> \Device\Harddisk0\DR0\Partition3
21:48:19.0470 1036 R: <-> \Device\Harddisk5\DR5\Partition1
21:48:19.0471 1036 ============================================================
21:48:19.0471 1036 Initialize success
21:48:19.0471 1036 ============================================================
21:48:40.0870 4652 ============================================================
21:48:40.0870 4652 Scan started
21:48:40.0870 4652 Mode: Manual;
21:48:40.0870 4652 ============================================================
21:48:41.0109 4652 ================ Scan system memory ========================
21:48:41.0109 4652 System memory - ok
21:48:41.0109 4652 ================ Scan services =============================
21:48:41.0240 4652 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:48:41.0242 4652 1394ohci - ok
21:48:41.0260 4652 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:48:41.0263 4652 ACPI - ok
21:48:41.0275 4652 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:48:41.0275 4652 AcpiPmi - ok
21:48:41.0383 4652 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:48:41.0384 4652 AdobeARMservice - ok
21:48:41.0497 4652 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:48:41.0500 4652 AdobeFlashPlayerUpdateSvc - ok
21:48:41.0528 4652 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:48:41.0535 4652 adp94xx - ok
21:48:41.0565 4652 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:48:41.0571 4652 adpahci - ok
21:48:41.0592 4652 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:48:41.0596 4652 adpu320 - ok
21:48:41.0618 4652 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:48:41.0620 4652 AeLookupSvc - ok
21:48:41.0668 4652 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:48:41.0673 4652 AFD - ok
21:48:41.0718 4652 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:48:41.0720 4652 agp440 - ok
21:48:41.0741 4652 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:48:41.0744 4652 ALG - ok
21:48:41.0757 4652 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:48:41.0759 4652 aliide - ok
21:48:41.0769 4652 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:48:41.0771 4652 amdide - ok
21:48:41.0791 4652 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:48:41.0793 4652 AmdK8 - ok
21:48:41.0804 4652 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:48:41.0806 4652 AmdPPM - ok
21:48:41.0834 4652 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:48:41.0837 4652 amdsata - ok
21:48:41.0872 4652 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:48:41.0876 4652 amdsbs - ok
21:48:41.0888 4652 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:48:41.0888 4652 amdxata - ok
21:48:41.0938 4652 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:48:41.0941 4652 AppID - ok
21:48:41.0990 4652 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:48:41.0991 4652 AppIDSvc - ok
21:48:42.0015 4652 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:48:42.0018 4652 Appinfo - ok
21:48:42.0083 4652 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:48:42.0085 4652 Apple Mobile Device - ok
21:48:42.0165 4652 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:48:42.0168 4652 AppMgmt - ok
21:48:42.0184 4652 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:48:42.0187 4652 arc - ok
21:48:42.0194 4652 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:48:42.0196 4652 arcsas - ok
21:48:42.0317 4652 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:48:42.0319 4652 aspnet_state - ok
21:48:42.0345 4652 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:48:42.0346 4652 AsyncMac - ok
21:48:42.0378 4652 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:48:42.0380 4652 atapi - ok
21:48:42.0419 4652 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:48:42.0429 4652 AudioEndpointBuilder - ok
21:48:42.0443 4652 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:48:42.0450 4652 AudioSrv - ok
21:48:42.0508 4652 [ 478644A6124DD71ADEB7BD6CB24B2F35 ] AVER_H193 C:\Windows\system32\drivers\AVer888RC_64.sys
21:48:42.0511 4652 AVER_H193 - ok
21:48:42.0558 4652 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:48:42.0560 4652 AxInstSV - ok
21:48:42.0601 4652 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:48:42.0607 4652 b06bdrv - ok
21:48:42.0637 4652 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:48:42.0639 4652 b57nd60a - ok
21:48:42.0715 4652 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:48:42.0719 4652 BBSvc - ok
21:48:42.0745 4652 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:48:42.0749 4652 BDESVC - ok
21:48:42.0764 4652 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:48:42.0765 4652 Beep - ok
21:48:42.0827 4652 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:48:42.0837 4652 BFE - ok
21:48:42.0866 4652 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:48:42.0880 4652 BITS - ok
21:48:42.0907 4652 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:48:42.0908 4652 blbdrive - ok
21:48:42.0982 4652 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:48:42.0987 4652 Bonjour Service - ok
21:48:43.0026 4652 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:48:43.0028 4652 bowser - ok
21:48:43.0059 4652 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:48:43.0060 4652 BrFiltLo - ok
21:48:43.0087 4652 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:48:43.0089 4652 BrFiltUp - ok
21:48:43.0119 4652 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:48:43.0122 4652 Browser - ok
21:48:43.0151 4652 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:48:43.0155 4652 Brserid - ok
21:48:43.0177 4652 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:48:43.0181 4652 BrSerWdm - ok
21:48:43.0207 4652 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:48:43.0208 4652 BrUsbMdm - ok
21:48:43.0227 4652 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:48:43.0229 4652 BrUsbSer - ok
21:48:43.0244 4652 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:48:43.0246 4652 BTHMODEM - ok
21:48:43.0270 4652 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:48:43.0273 4652 bthserv - ok
21:48:43.0309 4652 [ ED5411A69C5BAC78D245C893AF64352A ] cbVSCService C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
21:48:43.0312 4652 cbVSCService - ok
21:48:43.0339 4652 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:48:43.0342 4652 cdfs - ok
21:48:43.0385 4652 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:48:43.0386 4652 cdrom - ok
21:48:43.0418 4652 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:48:43.0421 4652 CertPropSvc - ok
21:48:43.0441 4652 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:48:43.0441 4652 circlass - ok
21:48:43.0460 4652 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:48:43.0465 4652 CLFS - ok
21:48:43.0515 4652 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:48:43.0518 4652 clr_optimization_v2.0.50727_32 - ok
21:48:43.0556 4652 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:48:43.0560 4652 clr_optimization_v2.0.50727_64 - ok
21:48:43.0659 4652 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:48:43.0664 4652 clr_optimization_v4.0.30319_32 - ok
21:48:43.0676 4652 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:48:43.0679 4652 clr_optimization_v4.0.30319_64 - ok
21:48:43.0707 4652 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:48:43.0708 4652 CmBatt - ok
21:48:43.0725 4652 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:48:43.0727 4652 cmdide - ok
21:48:43.0763 4652 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:48:43.0768 4652 CNG - ok
21:48:43.0842 4652 [ 06302EA7EDA9DCDD7F82CEC2A03D2015 ] CobianBackup10 C:\Program Files (x86)\Cobian Backup 10\cbService.exe
21:48:43.0853 4652 CobianBackup10 - ok
21:48:43.0881 4652 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:48:43.0882 4652 Compbatt - ok
21:48:43.0929 4652 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:48:43.0930 4652 CompositeBus - ok
21:48:43.0935 4652 COMSysApp - ok
21:48:43.0960 4652 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:48:43.0960 4652 crcdisk - ok
21:48:43.0993 4652 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:48:43.0996 4652 CryptSvc - ok
21:48:44.0038 4652 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
21:48:44.0046 4652 CSC - ok
21:48:44.0084 4652 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
21:48:44.0094 4652 CscService - ok
21:48:44.0131 4652 [ 7D8451566FE3D9332E79751E58EC2EE0 ] CXCIR C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys
21:48:44.0132 4652 CXCIR - ok
21:48:44.0153 4652 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:48:44.0163 4652 DcomLaunch - ok
21:48:44.0188 4652 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:48:44.0193 4652 defragsvc - ok
21:48:44.0232 4652 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:48:44.0233 4652 DfsC - ok
21:48:44.0254 4652 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:48:44.0260 4652 Dhcp - ok
21:48:44.0283 4652 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:48:44.0284 4652 discache - ok
21:48:44.0296 4652 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:48:44.0297 4652 Disk - ok
21:48:44.0332 4652 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:48:44.0336 4652 Dnscache - ok
21:48:44.0375 4652 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:48:44.0380 4652 dot3svc - ok
21:48:44.0414 4652 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:48:44.0417 4652 DPS - ok
21:48:44.0444 4652 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:48:44.0445 4652 drmkaud - ok
21:48:44.0475 4652 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:48:44.0484 4652 DXGKrnl - ok
21:48:44.0507 4652 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:48:44.0510 4652 EapHost - ok
21:48:44.0581 4652 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:48:44.0634 4652 ebdrv - ok
21:48:44.0667 4652 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:48:44.0668 4652 EFS - ok
21:48:44.0717 4652 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:48:44.0727 4652 ehRecvr - ok
21:48:44.0749 4652 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:48:44.0753 4652 ehSched - ok
21:48:44.0827 4652 [ 20F117315508C5D3E47D669950815F37 ] ElisaAvustajaSvc C:\Program Files (x86)\Elisa\Avustaja\Service.exe
21:48:44.0832 4652 ElisaAvustajaSvc - ok
21:48:44.0870 4652 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:48:44.0878 4652 elxstor - ok
21:48:44.0916 4652 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:48:44.0918 4652 ErrDev - ok
21:48:44.0953 4652 [ A81830F007638B23E5C46D2CEF78CD9C ] ESUSClient_ELS C:\Program Files (x86)\Elisa\ESUS\ESUS.exe
21:48:44.0956 4652 ESUSClient_ELS - ok
21:48:44.0981 4652 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:48:44.0989 4652 EventSystem - ok
21:48:45.0027 4652 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:48:45.0031 4652 exfat - ok
21:48:45.0155 4652 [ 169897DE484A79120AF8C201883EFDC4 ] F-Secure Gatekeeper C:\Program Files (x86)\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsgk.sys
21:48:45.0158 4652 F-Secure Gatekeeper - ok
21:48:45.0204 4652 [ A9BE66E05254B20DF82E0F7CDDECA7DD ] F-Secure Gatekeeper Handler Starter C:\Program Files (x86)\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
21:48:45.0207 4652 F-Secure Gatekeeper Handler Starter - ok
21:48:45.0245 4652 [ 564AF68FBEC406CBECD42BFCBE144EF3 ] F-Secure HIPS C:\Program Files (x86)\Elisa Tietoturvapalvelu\HIPS\drivers\fshs.sys
21:48:45.0246 4652 F-Secure HIPS - ok
21:48:45.0261 4652 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:48:45.0264 4652 fastfat - ok
21:48:45.0312 4652 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:48:45.0322 4652 Fax - ok
21:48:45.0350 4652 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:48:45.0352 4652 fdc - ok
21:48:45.0365 4652 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:48:45.0367 4652 fdPHost - ok
21:48:45.0383 4652 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:48:45.0386 4652 FDResPub - ok
21:48:45.0401 4652 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:48:45.0402 4652 FileInfo - ok
21:48:45.0418 4652 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:48:45.0421 4652 Filetrace - ok
21:48:45.0485 4652 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:48:45.0495 4652 FLEXnet Licensing Service - ok
21:48:45.0514 4652 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:48:45.0516 4652 flpydisk - ok
21:48:45.0538 4652 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:48:45.0542 4652 FltMgr - ok
21:48:45.0577 4652 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:48:45.0603 4652 FontCache - ok
21:48:45.0654 4652 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:48:45.0655 4652 FontCache3.0.0.0 - ok
21:48:45.0692 4652 [ F59F2C574AA5D84477EB89F87C938F16 ] fsbts C:\Windows\system32\Drivers\fsbts.sys
21:48:45.0693 4652 fsbts - ok
21:48:45.0707 4652 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:48:45.0709 4652 FsDepends - ok
21:48:45.0752 4652 [ 469222CB3227BC8A4661ABF3BCB14943 ] FSDFWD C:\Program Files (x86)\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
21:48:45.0760 4652 FSDFWD - ok
21:48:45.0783 4652 [ 740CCE07189F9833BF865844AC49C0B1 ] FSES C:\Windows\system32\drivers\fses.sys
21:48:45.0783 4652 FSES - ok
21:48:45.0802 4652 [ DEB4D284EBCD430C9F15C6624DC3382B ] FSFW C:\Windows\system32\drivers\fsdfw.sys
21:48:45.0804 4652 FSFW - ok
21:48:45.0855 4652 [ 392E85687A902239C01BADDF212B1A36 ] FSMA C:\Program Files (x86)\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
21:48:45.0857 4652 FSMA - ok
21:48:45.0879 4652 [ 42AEF6A385354ACA65FC210CE7CE4D7C ] FSORSPClient C:\Program Files (x86)\Elisa Tietoturvapalvelu\ORSP Client\fsorsp.exe
21:48:45.0880 4652 FSORSPClient - ok
21:48:45.0922 4652 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
21:48:45.0924 4652 fssfltr - ok
21:48:46.0036 4652 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:48:46.0069 4652 fsssvc - ok
21:48:46.0084 4652 [ 3FCBE4E9C764E05505D4E4B1D6F36786 ] fsvista C:\Program Files (x86)\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsvista.sys
21:48:46.0084 4652 fsvista - ok
21:48:46.0128 4652 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:48:46.0129 4652 Fs_Rec - ok
21:48:46.0170 4652 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:48:46.0173 4652 fvevol - ok
21:48:46.0200 4652 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:48:46.0201 4652 gagp30kx - ok
21:48:46.0248 4652 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
21:48:46.0252 4652 GameConsoleService - ok
21:48:46.0284 4652 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:48:46.0284 4652 GEARAspiWDM - ok
21:48:46.0333 4652 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:48:46.0345 4652 gpsvc - ok
21:48:46.0425 4652 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:48:46.0426 4652 gupdate - ok
21:48:46.0433 4652 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:48:46.0435 4652 gupdatem - ok
21:48:46.0465 4652 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:48:46.0469 4652 gusvc - ok
21:48:46.0487 4652 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:48:46.0490 4652 hcw85cir - ok
21:48:46.0532 4652 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:48:46.0534 4652 HDAudBus - ok
21:48:46.0550 4652 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:48:46.0551 4652 HECIx64 - ok
21:48:46.0567 4652 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:48:46.0569 4652 HidBatt - ok
21:48:46.0588 4652 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:48:46.0591 4652 HidBth - ok
21:48:46.0618 4652 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:48:46.0619 4652 HidIr - ok
21:48:46.0641 4652 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:48:46.0645 4652 hidserv - ok
21:48:46.0654 4652 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:48:46.0655 4652 HidUsb - ok
21:48:46.0686 4652 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:48:46.0690 4652 hkmsvc - ok
21:48:46.0728 4652 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:48:46.0733 4652 HomeGroupListener - ok
21:48:46.0766 4652 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:48:46.0771 4652 HomeGroupProvider - ok
21:48:46.0790 4652 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:48:46.0793 4652 HpSAMD - ok
21:48:46.0830 4652 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:48:46.0837 4652 HTTP - ok
21:48:46.0865 4652 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:48:46.0866 4652 hwpolicy - ok
21:48:46.0902 4652 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:48:46.0905 4652 i8042prt - ok
21:48:46.0930 4652 [ 631FA8935163B01FC0C02966CB3ADB92 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:48:46.0935 4652 iaStor - ok
21:48:46.0988 4652 [ 7493EA4DE41348F7D3EDBF9DB298F56A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
21:48:46.0990 4652 IAStorDataMgrSvc - ok
21:48:47.0031 4652 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:48:47.0035 4652 iaStorV - ok
21:48:47.0124 4652 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:48:47.0128 4652 IDriverT - ok
21:48:47.0161 4652 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:48:47.0178 4652 idsvc - ok
21:48:47.0205 4652 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:48:47.0206 4652 iirsp - ok
21:48:47.0238 4652 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:48:47.0251 4652 IKEEXT - ok
21:48:47.0340 4652 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:48:47.0362 4652 IntcAzAudAddService - ok
21:48:47.0387 4652 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:48:47.0388 4652 intelide - ok
21:48:47.0404 4652 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:48:47.0404 4652 intelppm - ok
21:48:47.0422 4652 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:48:47.0425 4652 IPBusEnum - ok
21:48:47.0465 4652 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:48:47.0468 4652 IpFilterDriver - ok
21:48:47.0493 4652 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:48:47.0500 4652 iphlpsvc - ok
21:48:47.0517 4652 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:48:47.0519 4652 IPMIDRV - ok
21:48:47.0548 4652 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:48:47.0551 4652 IPNAT - ok
21:48:47.0623 4652 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:48:47.0632 4652 iPod Service - ok
21:48:47.0654 4652 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:48:47.0656 4652 IRENUM - ok
21:48:47.0674 4652 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:48:47.0674 4652 isapnp - ok
21:48:47.0692 4652 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:48:47.0696 4652 iScsiPrt - ok
21:48:47.0731 4652 [ 44353CA620C4C679F0FAF41D6623EDDA ] jakndis C:\Windows\system32\DRIVERS\jakndis.sys
21:48:47.0731 4652 jakndis - ok
21:48:47.0738 4652 [ 44353CA620C4C679F0FAF41D6623EDDA ] jakndisMP C:\Windows\system32\DRIVERS\jakndis.sys
21:48:47.0739 4652 jakndisMP - ok
21:48:47.0755 4652 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:48:47.0756 4652 kbdclass - ok
21:48:47.0770 4652 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:48:47.0771 4652 kbdhid - ok
21:48:47.0790 4652 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:48:47.0791 4652 KeyIso - ok
21:48:47.0823 4652 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:48:47.0824 4652 KSecDD - ok
21:48:47.0852 4652 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:48:47.0854 4652 KSecPkg - ok
21:48:47.0867 4652 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:48:47.0868 4652 ksthunk - ok
21:48:47.0899 4652 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:48:47.0905 4652 KtmRm - ok
21:48:47.0949 4652 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:48:47.0954 4652 LanmanServer - ok
21:48:47.0990 4652 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:48:47.0995 4652 LanmanWorkstation - ok
21:48:48.0039 4652 [ 0EE66BDF485C6828AA65C0EF5D591133 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:48:48.0040 4652 LightScribeService - ok
21:48:48.0070 4652 lirsgt - ok
21:48:48.0086 4652 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:48:48.0087 4652 lltdio - ok
21:48:48.0112 4652 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:48:48.0116 4652 lltdsvc - ok
21:48:48.0133 4652 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:48:48.0136 4652 lmhosts - ok
21:48:48.0170 4652 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:48:48.0172 4652 LSI_FC - ok
21:48:48.0195 4652 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:48:48.0197 4652 LSI_SAS - ok
21:48:48.0210 4652 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:48:48.0213 4652 LSI_SAS2 - ok
21:48:48.0226 4652 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:48:48.0227 4652 LSI_SCSI - ok
21:48:48.0243 4652 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:48:48.0244 4652 luafv - ok
21:48:48.0281 4652 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:48:48.0284 4652 Mcx2Svc - ok
21:48:48.0308 4652 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:48:48.0310 4652 megasas - ok
21:48:48.0338 4652 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:48:48.0342 4652 MegaSR - ok
21:48:48.0368 4652 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:48:48.0372 4652 MMCSS - ok
21:48:48.0384 4652 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:48:48.0387 4652 Modem - ok
21:48:48.0409 4652 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:48:48.0410 4652 monitor - ok
21:48:48.0419 4652 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
21:48:48.0420 4652 mouclass - ok
21:48:48.0450 4652 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:48:48.0451 4652 mouhid - ok
21:48:48.0483 4652 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:48:48.0484 4652 mountmgr - ok
21:48:48.0557 4652 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:48:48.0561 4652 MozillaMaintenance - ok
21:48:48.0594 4652 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:48:48.0596 4652 mpio - ok
21:48:48.0610 4652 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:48:48.0612 4652 mpsdrv - ok
21:48:48.0652 4652 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:48:48.0665 4652 MpsSvc - ok
21:48:48.0721 4652 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:48:48.0724 4652 MRxDAV - ok
21:48:48.0768 4652 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:48:48.0770 4652 mrxsmb - ok
21:48:48.0800 4652 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:48:48.0802 4652 mrxsmb10 - ok
21:48:48.0817 4652 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:48:48.0820 4652 mrxsmb20 - ok
21:48:48.0829 4652 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:48:48.0831 4652 msahci - ok
21:48:48.0846 4652 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:48:48.0848 4652 msdsm - ok
21:48:48.0873 4652 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:48:48.0876 4652 MSDTC - ok
21:48:48.0893 4652 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:48:48.0894 4652 Msfs - ok
21:48:48.0923 4652 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:48:48.0924 4652 mshidkmdf - ok
21:48:48.0939 4652 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:48:48.0939 4652 msisadrv - ok
21:48:48.0980 4652 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:48:48.0983 4652 MSiSCSI - ok
21:48:48.0985 4652 msiserver - ok
21:48:49.0010 4652 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:48:49.0012 4652 MSKSSRV - ok
21:48:49.0023 4652 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:48:49.0023 4652 MSPCLOCK - ok
21:48:49.0031 4652 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:48:49.0033 4652 MSPQM - ok
21:48:49.0047 4652 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:48:49.0050 4652 MsRPC - ok
21:48:49.0064 4652 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:48:49.0064 4652 mssmbios - ok
21:48:49.0077 4652 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:48:49.0079 4652 MSTEE - ok
21:48:49.0133 4652 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:48:49.0134 4652 MTConfig - ok
21:48:49.0164 4652 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:48:49.0165 4652 Mup - ok
21:48:49.0185 4652 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:48:49.0194 4652 napagent - ok
21:48:49.0232 4652 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:48:49.0234 4652 NativeWifiP - ok
21:48:49.0273 4652 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
21:48:49.0282 4652 NDIS - ok
21:48:49.0301 4652 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:48:49.0303 4652 NdisCap - ok
21:48:49.0329 4652 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:48:49.0330 4652 NdisTapi - ok
21:48:49.0361 4652 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:48:49.0362 4652 Ndisuio - ok
21:48:49.0402 4652 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:48:49.0404 4652 NdisWan - ok
21:48:49.0415 4652 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:48:49.0417 4652 NDProxy - ok
21:48:49.0428 4652 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:48:49.0429 4652 NetBIOS - ok
21:48:49.0448 4652 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:48:49.0451 4652 NetBT - ok
21:48:49.0464 4652 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:48:49.0466 4652 Netlogon - ok
21:48:49.0509 4652 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:48:49.0516 4652 Netman - ok
21:48:49.0567 4652 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:48:49.0570 4652 NetMsmqActivator - ok
21:48:49.0576 4652 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:48:49.0578 4652 NetPipeActivator - ok
21:48:49.0615 4652 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:48:49.0622 4652 netprofm - ok
21:48:49.0655 4652 [ 44D4BD55191624C82A2745296BA42814 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
21:48:49.0661 4652 netr28x - ok
21:48:49.0666 4652 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:48:49.0668 4652 NetTcpActivator - ok
21:48:49.0673 4652 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:48:49.0675 4652 NetTcpPortSharing - ok
21:48:49.0706 4652 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:48:49.0707 4652 nfrd960 - ok
21:48:49.0741 4652 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:48:49.0747 4652 NlaSvc - ok
21:48:49.0782 4652 [ C31FA031335EFF434B2D94278E74BCCE ] npf C:\Windows\system32\drivers\npf.sys
21:48:49.0783 4652 npf - ok
21:48:49.0799 4652 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:48:49.0800 4652 Npfs - ok
21:48:49.0820 4652 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:48:49.0823 4652 nsi - ok
21:48:49.0850 4652 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:48:49.0851 4652 nsiproxy - ok
21:48:49.0901 4652 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:48:49.0911 4652 Ntfs - ok
21:48:49.0947 4652 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:48:49.0948 4652 Null - ok
21:48:50.0157 4652 [ F0FBFE1E29FF233B0E000054C1FB968A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:48:50.0202 4652 nvlddmkm - ok
21:48:50.0266 4652 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:48:50.0284 4652 nvraid - ok
21:48:50.0304 4652 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:48:50.0308 4652 nvstor - ok
21:48:50.0347 4652 [ 4E70B5247914426722621180B8764514 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:48:50.0351 4652 nvsvc - ok
21:48:50.0412 4652 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:48:50.0415 4652 nv_agp - ok
21:48:50.0478 4652 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:48:50.0481 4652 ohci1394 - ok
21:48:50.0535 4652 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:48:50.0538 4652 ose - ok
21:48:50.0673 4652 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:48:50.0734 4652 osppsvc - ok
21:48:50.0770 4652 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:48:50.0774 4652 p2pimsvc - ok
21:48:50.0803 4652 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:48:50.0809 4652 p2psvc - ok
21:48:50.0832 4652 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:48:50.0835 4652 Parport - ok
21:48:50.0868 4652 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:48:50.0869 4652 partmgr - ok
21:48:50.0881 4652 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:48:50.0886 4652 PcaSvc - ok
21:48:50.0896 4652 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:48:50.0898 4652 pci - ok
21:48:50.0907 4652 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:48:50.0907 4652 pciide - ok
21:48:50.0925 4652 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:48:50.0927 4652 pcmcia - ok
21:48:50.0948 4652 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:48:50.0949 4652 pcw - ok
21:48:50.0967 4652 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:48:50.0975 4652 PEAUTH - ok
21:48:51.0021 4652 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:48:51.0047 4652 PeerDistSvc - ok
21:48:51.0140 4652 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:48:51.0144 4652 PerfHost - ok
21:48:51.0212 4652 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:48:51.0237 4652 pla - ok
21:48:51.0283 4652 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:48:51.0291 4652 PlugPlay - ok
21:48:51.0313 4652 PnkBstrA - ok
21:48:51.0325 4652 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:48:51.0328 4652 PNRPAutoReg - ok
21:48:51.0355 4652 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:48:51.0360 4652 PNRPsvc - ok
21:48:51.0383 4652 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:48:51.0390 4652 PolicyAgent - ok
21:48:51.0410 4652 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:48:51.0415 4652 Power - ok
21:48:51.0426 4652 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:48:51.0428 4652 PptpMiniport - ok
21:48:51.0447 4652 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:48:51.0450 4652 Processor - ok
21:48:51.0485 4652 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:48:51.0490 4652 ProfSvc - ok
21:48:51.0497 4652 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:48:51.0499 4652 ProtectedStorage - ok
21:48:51.0538 4652 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:48:51.0539 4652 Psched - ok
21:48:51.0591 4652 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:48:51.0617 4652 ql2300 - ok
21:48:51.0638 4652 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:48:51.0639 4652 ql40xx - ok
21:48:51.0653 4652 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:48:51.0656 4652 QWAVE - ok
21:48:51.0674 4652 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:48:51.0675 4652 QWAVEdrv - ok
21:48:51.0686 4652 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:48:51.0688 4652 RasAcd - ok
21:48:51.0704 4652 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:48:51.0705 4652 RasAgileVpn - ok
21:48:51.0722 4652 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:48:51.0726 4652 RasAuto - ok
21:48:51.0739 4652 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:48:51.0740 4652 Rasl2tp - ok
21:48:51.0777 4652 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:48:51.0783 4652 RasMan - ok
21:48:51.0798 4652 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:48:51.0799 4652 RasPppoe - ok
21:48:51.0809 4652 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:48:51.0810 4652 RasSstp - ok
21:48:51.0827 4652 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:48:51.0829 4652 rdbss - ok
21:48:51.0841 4652 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:48:51.0841 4652 rdpbus - ok
21:48:51.0852 4652 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:48:51.0853 4652 RDPCDD - ok
21:48:51.0887 4652 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:48:51.0889 4652 RDPDR - ok
21:48:51.0906 4652 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:48:51.0907 4652 RDPENCDD - ok
21:48:51.0919 4652 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:48:51.0920 4652 RDPREFMP - ok
21:48:51.0982 4652 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:48:51.0986 4652 RdpVideoMiniport - ok
21:48:52.0025 4652 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:48:52.0029 4652 RDPWD - ok
21:48:52.0063 4652 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:48:52.0065 4652 rdyboost - ok
21:48:52.0084 4652 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:48:52.0088 4652 RemoteAccess - ok
21:48:52.0103 4652 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:48:52.0106 4652 RemoteRegistry - ok
21:48:52.0210 4652 [ 0B169FE016039571ECC6DB70073F8979 ] RichVideo64 C:\Program Files\CyberLink\Shared files\RichVideo64.exe
21:48:52.0214 4652 RichVideo64 - ok
21:48:52.0253 4652 [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
21:48:52.0255 4652 RMCAST - ok
21:48:52.0264 4652 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:48:52.0269 4652 RpcEptMapper - ok
21:48:52.0285 4652 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:48:52.0288 4652 RpcLocator - ok
21:48:52.0325 4652 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:48:52.0332 4652 RpcSs - ok
21:48:52.0351 4652 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:48:52.0352 4652 rspndr - ok
21:48:52.0391 4652 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:48:52.0393 4652 RTL8167 - ok
21:48:52.0405 4652 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:48:52.0408 4652 SamSs - ok
21:48:52.0441 4652 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:48:52.0445 4652 sbp2port - ok
21:48:52.0504 4652 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
21:48:52.0515 4652 SBSDWSCService - ok
21:48:52.0551 4652 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:48:52.0556 4652 SCardSvr - ok
21:48:52.0606 4652 [ 07237C66E05DA6778E9F3CB67FA00736 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
21:48:52.0607 4652 SCDEmu - ok
21:48:52.0650 4652 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:48:52.0653 4652 scfilter - ok
21:48:52.0698 4652 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:48:52.0724 4652 Schedule - ok
21:48:52.0755 4652 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:48:52.0756 4652 SCPolicySvc - ok
21:48:52.0773 4652 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:48:52.0778 4652 SDRSVC - ok
21:48:52.0853 4652 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:48:52.0856 4652 SeaPort - ok
21:48:52.0887 4652 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:48:52.0889 4652 secdrv - ok
21:48:52.0923 4652 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:48:52.0924 4652 seclogon - ok
21:48:52.0950 4652 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:48:52.0953 4652 SENS - ok
21:48:52.0968 4652 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:48:52.0969 4652 SensrSvc - ok
21:48:52.0986 4652 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:48:52.0988 4652 Serenum - ok
21:48:52.0999 4652 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:48:53.0000 4652 Serial - ok
21:48:53.0040 4652 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:48:53.0041 4652 sermouse - ok
21:48:53.0095 4652 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:48:53.0099 4652 SessionEnv - ok
21:48:53.0112 4652 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:48:53.0113 4652 sffdisk - ok
21:48:53.0121 4652 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:48:53.0124 4652 sffp_mmc - ok
21:48:53.0135 4652 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:48:53.0135 4652 sffp_sd - ok
21:48:53.0147 4652 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:48:53.0148 4652 sfloppy - ok
21:48:53.0213 4652 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:48:53.0219 4652 SharedAccess - ok
21:48:53.0257 4652 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:48:53.0265 4652 ShellHWDetection - ok
21:48:53.0299 4652 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:48:53.0301 4652 SiSRaid2 - ok
21:48:53.0322 4652 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:48:53.0325 4652 SiSRaid4 - ok
21:48:53.0348 4652 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:48:53.0350 4652 Smb - ok
21:48:53.0385 4652 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:48:53.0388 4652 SNMPTRAP - ok
21:48:53.0399 4652 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:48:53.0400 4652 spldr - ok
21:48:53.0436 4652 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:48:53.0444 4652 Spooler - ok
21:48:53.0530 4652 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:48:53.0555 4652 sppsvc - ok
21:48:53.0571 4652 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:48:53.0573 4652 sppuinotify - ok
21:48:53.0625 4652 [ 9AB59CF736981ED1F83C6AB5FAA8BA5C ] sptd C:\Windows\system32\Drivers\sptd.sys
21:48:53.0637 4652 sptd - ok
21:48:53.0676 4652 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:48:53.0684 4652 srv - ok
21:48:53.0704 4652 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:48:53.0710 4652 srv2 - ok
21:48:53.0722 4652 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:48:53.0725 4652 srvnet - ok
21:48:53.0752 4652 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:48:53.0756 4652 SSDPSRV - ok
21:48:53.0764 4652 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:48:53.0767 4652 SstpSvc - ok
21:48:53.0806 4652 Steam Client Service - ok
21:48:53.0831 4652 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:48:53.0833 4652 stexstor - ok
21:48:53.0869 4652 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:48:53.0880 4652 stisvc - ok
21:48:53.0905 4652 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:48:53.0907 4652 swenum - ok
21:48:53.0924 4652 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:48:53.0934 4652 swprv - ok
21:48:53.0945 4652 Synth3dVsc - ok
21:48:54.0060 4652 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:48:54.0112 4652 SysMain - ok
21:48:54.0126 4652 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:48:54.0128 4652 TabletInputService - ok
21:48:54.0256 4652 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:48:54.0522 4652 TapiSrv - ok
21:48:54.0579 4652 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:48:54.0582 4652 TBS - ok
21:48:54.0747 4652 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:48:54.0800 4652 Tcpip - ok
21:48:54.0856 4652 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:48:54.0872 4652 TCPIP6 - ok
21:48:54.0904 4652 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:48:54.0906 4652 tcpipreg - ok
21:48:54.0926 4652 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:48:54.0928 4652 TDPIPE - ok
21:48:54.0956 4652 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:48:54.0956 4652 TDTCP - ok
21:48:54.0983 4652 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:48:54.0985 4652 tdx - ok
21:48:55.0023 4652 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:48:55.0024 4652 TermDD - ok
21:48:55.0055 4652 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:48:55.0065 4652 TermService - ok
21:48:55.0071 4652 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:48:55.0074 4652 Themes - ok
21:48:55.0107 4652 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:48:55.0109 4652 THREADORDER - ok
21:48:55.0120 4652 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:48:55.0125 4652 TrkWks - ok
21:48:55.0182 4652 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:48:55.0186 4652 TrustedInstaller - ok
21:48:55.0230 4652 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:48:55.0233 4652 tssecsrv - ok
21:48:55.0260 4652 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:48:55.0261 4652 TsUsbFlt - ok
21:48:55.0266 4652 tsusbhub - ok
21:48:55.0309 4652 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:48:55.0311 4652 tunnel - ok
21:48:55.0330 4652 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:48:55.0334 4652 uagp35 - ok
21:48:55.0349 4652 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:48:55.0352 4652 udfs - ok
21:48:55.0374 4652 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:48:55.0378 4652 UI0Detect - ok
21:48:55.0399 4652 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:48:55.0401 4652 uliagpkx - ok
21:48:55.0430 4652 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:48:55.0431 4652 umbus - ok
21:48:55.0452 4652 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:48:55.0454 4652 UmPass - ok
21:48:55.0484 4652 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
21:48:55.0489 4652 UmRdpService - ok
21:48:55.0512 4652 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:48:55.0519 4652 upnphost - ok
21:48:55.0556 4652 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:48:55.0558 4652 USBAAPL64 - ok
21:48:55.0579 4652 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:48:55.0581 4652 usbccgp - ok
21:48:55.0595 4652 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
21:48:55.0598 4652 usbcir - ok
21:48:55.0616 4652 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:48:55.0616 4652 usbehci - ok
21:48:55.0636 4652 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:48:55.0639 4652 usbhub - ok
21:48:55.0657 4652 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:48:55.0659 4652 usbohci - ok
21:48:55.0687 4652 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:48:55.0688 4652 usbprint - ok
21:48:55.0730 4652 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:48:55.0732 4652 usbscan - ok
21:48:55.0754 4652 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:48:55.0756 4652 USBSTOR - ok
21:48:55.0771 4652 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:48:55.0774 4652 usbuhci - ok
21:48:55.0790 4652 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:48:55.0795 4652 UxSms - ok
21:48:55.0803 4652 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:48:55.0805 4652 VaultSvc - ok
21:48:55.0839 4652 [ 8ACF22B86CE4E85C23E3E9513BF45C37 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
21:48:55.0841 4652 VBoxNetAdp - ok
21:48:55.0848 4652 VBoxNetFlt - ok
21:48:55.0862 4652 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:48:55.0863 4652 vdrvroot - ok
21:48:55.0884 4652 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:48:55.0893 4652 vds - ok
21:48:55.0913 4652 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:48:55.0915 4652 vga - ok
21:48:55.0927 4652 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:48:55.0928 4652 VgaSave - ok
21:48:55.0932 4652 VGPU - ok
21:48:55.0983 4652 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:48:55.0989 4652 vhdmp - ok
21:48:56.0004 4652 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:48:56.0005 4652 viaide - ok
21:48:56.0087 4652 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:48:56.0088 4652 volmgr - ok
21:48:56.0130 4652 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:48:56.0134 4652 volmgrx - ok
21:48:56.0151 4652 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:48:56.0155 4652 volsnap - ok
21:48:56.0181 4652 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
21:48:56.0184 4652 vpcbus - ok
21:48:56.0214 4652 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
21:48:56.0216 4652 vpcnfltr - ok
21:48:56.0231 4652 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
21:48:56.0233 4652 vpcusb - ok
21:48:56.0305 4652 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
21:48:56.0309 4652 vpcvmm - ok
21:48:56.0341 4652 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:48:56.0344 4652 vsmraid - ok
21:48:56.0399 4652 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:48:56.0416 4652 VSS - ok
21:48:56.0449 4652 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:48:56.0450 4652 vwifibus - ok
21:48:56.0468 4652 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:48:56.0469 4652 vwififlt - ok
21:48:56.0489 4652 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:48:56.0490 4652 vwifimp - ok
21:48:56.0527 4652 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:48:56.0534 4652 W32Time - ok
21:48:56.0544 4652 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:48:56.0545 4652 WacomPen - ok
21:48:56.0561 4652 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:48:56.0562 4652 WANARP - ok
21:48:56.0576 4652 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:48:56.0577 4652 Wanarpv6 - ok
21:48:56.0638 4652 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:48:56.0661 4652 WatAdminSvc - ok
21:48:56.0712 4652 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:48:56.0747 4652 wbengine - ok
21:48:56.0775 4652 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:48:56.0780 4652 WbioSrvc - ok
21:48:56.0799 4652 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:48:56.0807 4652 wcncsvc - ok
21:48:56.0820 4652 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:48:56.0823 4652 WcsPlugInService - ok
21:48:56.0845 4652 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:48:56.0847 4652 Wd - ok
21:48:56.0870 4652 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:48:56.0877 4652 Wdf01000 - ok
21:48:56.0894 4652 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:48:56.0899 4652 WdiServiceHost - ok
21:48:56.0904 4652 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:48:56.0908 4652 WdiSystemHost - ok
21:48:56.0928 4652 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:48:56.0935 4652 WebClient - ok
21:48:56.0958 4652 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:48:56.0964 4652 Wecsvc - ok
21:48:56.0978 4652 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:48:56.0984 4652 wercplsupport - ok
21:48:57.0001 4652 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:48:57.0006 4652 WerSvc - ok
21:48:57.0021 4652 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:48:57.0022 4652 WfpLwf - ok
21:48:57.0032 4652 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:48:57.0035 4652 WIMMount - ok
21:48:57.0058 4652 WinDefend - ok
21:48:57.0067 4652 WinHttpAutoProxySvc - ok
21:48:57.0119 4652 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:48:57.0124 4652 Winmgmt - ok
21:48:57.0167 4652 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:48:57.0202 4652 WinRM - ok
21:48:57.0272 4652 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:48:57.0274 4652 WinUsb - ok
21:48:57.0303 4652 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:48:57.0324 4652 Wlansvc - ok
21:48:57.0384 4652 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:48:57.0387 4652 wlcrasvc - ok
21:48:57.0482 4652 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:48:57.0500 4652 wlidsvc - ok
21:48:57.0535 4652 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:48:57.0537 4652 WmiAcpi - ok
21:48:57.0570 4652 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:48:57.0573 4652 wmiApSrv - ok
21:48:57.0584 4652 WMPNetworkSvc - ok
21:48:57.0604 4652 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:48:57.0608 4652 WPCSvc - ok
21:48:57.0625 4652 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:48:57.0630 4652 WPDBusEnum - ok
21:48:57.0652 4652 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:48:57.0655 4652 ws2ifsl - ok
21:48:57.0668 4652 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:48:57.0674 4652 wscsvc - ok
21:48:57.0677 4652 WSearch - ok
21:48:57.0757 4652 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:48:57.0818 4652 wuauserv - ok
21:48:57.0830 4652 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:48:57.0832 4652 WudfPf - ok
21:48:57.0877 4652 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:48:57.0883 4652 WUDFRd - ok
21:48:57.0920 4652 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:48:57.0925 4652 wudfsvc - ok
21:48:57.0958 4652 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:48:57.0963 4652 WwanSvc - ok
21:48:58.0022 4652 [ 74983ADDCA2D9618512C088D856D6615 ] {55662437-DA8C-40c0-AADA-2C816A897A49} c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
21:48:58.0023 4652 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
21:48:58.0024 4652 ================ Scan global ===============================
21:48:58.0046 4652 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:48:58.0088 4652 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:48:58.0099 4652 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:48:58.0114 4652 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:48:58.0141 4652 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:48:58.0146 4652 [Global] - ok
21:48:58.0147 4652 ================ Scan MBR ==================================
21:48:58.0155 4652 [ C9EFEC2236DD4A70638BE3ABDC3BADBB ] \Device\Harddisk0\DR0
21:48:58.0369 4652 \Device\Harddisk0\DR0 - ok
21:48:58.0374 4652 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR5
21:48:58.0420 4652 \Device\Harddisk5\DR5 - ok
21:48:58.0420 4652 ================ Scan VBR ==================================
21:48:58.0428 4652 [ 2F97B9F9E677D4E25BB0B205BFDA1E7F ] \Device\Harddisk0\DR0\Partition1
21:48:58.0432 4652 \Device\Harddisk0\DR0\Partition1 - ok
21:48:58.0441 4652 [ F04A1C520D50240F493B55651271FCEF ] \Device\Harddisk0\DR0\Partition2
21:48:58.0445 4652 \Device\Harddisk0\DR0\Partition2 - ok
21:48:58.0469 4652 [ 09F65ECD5BADEF2E9BF73C5EBBA94D57 ] \Device\Harddisk0\DR0\Partition3
21:48:58.0472 4652 \Device\Harddisk0\DR0\Partition3 - ok
21:48:58.0475 4652 [ CC1CE86467AE08736D93556F308BCA34 ] \Device\Harddisk5\DR5\Partition1
21:48:58.0476 4652 \Device\Harddisk5\DR5\Partition1 - ok
21:48:58.0476 4652 ============================================================
21:48:58.0476 4652 Scan finished
21:48:58.0476 4652 ============================================================
21:48:58.0486 5496 Detected object count: 0
21:48:58.0486 5496 Actual detected object count: 0

Edited by Malvo, 31 August 2012 - 02:12 PM.


#5 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 PM

Posted 31 August 2012 - 10:09 PM

Hi,

We will just skip aswMBR for the moment. Meanwhile, please run the following tool.

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#6 Malvo

Malvo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 02 September 2012 - 08:24 AM

Hello again,

I ran ComboFix and the log is below. But it seems that I forgot to disable Windows Defender. Is this a problem? I also just realized that I have two anti-spyware programs running at the same time. Oh well...

ComboFix 12-08-31.08 - Hermanni II 02.09.2012 15:26:14.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1035.18.8151.6267 [GMT 3:00]
Running from: c:\users\Hermanni II\Desktop\ComboFix.exe
AV: Elisa Tietoturvapalvelu Lapsilukolla 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Elisa Tietoturvapalvelu Lapsilukolla 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Elisa Tietoturvapalvelu Lapsilukolla 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\intellidownload\gunzip.exe
c:\programdata\100
c:\programdata\Bcool
c:\programdata\Bcool\background.html
c:\programdata\Bcool\content.js
c:\programdata\Bcool\data\content.js
c:\programdata\Bcool\data\jsondb.js
c:\programdata\Bcool\mpdjmknphagbghgopcadpammpkmjphgc.crx
c:\programdata\Bcool\settings.ini
c:\windows\7Loader.TAG
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-09-02 12:32 . 2012-09-02 12:32 -------- d-----w- c:\users\Test Account\AppData\Local\temp
2012-09-02 12:32 . 2012-09-02 12:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-01 13:46 . 2012-09-01 13:49 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2012-08-31 19:17 . 2012-08-31 19:17 -------- d-----w- c:\program files (x86)\SopCast
2012-08-31 08:21 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80ABED20-E6B5-4FEE-A541-6D0261ADFB65}\mpengine.dll
2012-08-26 19:12 . 2012-08-26 19:12 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-08-25 11:40 . 2012-08-25 11:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-22 18:57 . 2012-08-22 18:57 -------- d-----w- c:\program files (x86)\smartdl
2012-08-22 18:54 . 2012-08-24 12:16 -------- d-----w- c:\programdata\GBox
2012-08-22 18:54 . 2012-08-22 18:54 -------- d-----w- c:\program files (x86)\SProtector
2012-08-16 15:14 . 2012-08-16 15:14 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-08-15 06:58 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 06:58 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 06:58 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 06:58 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 06:58 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 06:58 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 06:58 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 06:57 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 06:57 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 06:57 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 06:57 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 06:57 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 17:24 . 2012-06-23 21:23 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-28 17:24 . 2012-02-28 15:23 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-15 20:45 . 2010-10-09 04:43 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-15 13:39 . 2011-03-01 11:57 56016 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-08-14 19:21 . 2012-04-02 06:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 19:21 . 2011-06-09 08:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-21 10:31 . 2010-10-14 17:33 233920 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-21 10:31 . 2010-10-14 17:33 233920 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-03 10:46 . 2012-07-14 10:39 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 05:43 . 2012-07-11 06:20 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 06:20 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 06:20 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 06:19 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:49 . 2012-06-06 05:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 05:05 . 2012-07-11 06:20 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 06:20 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 06:19 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Hermanni II\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-03 385024]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"F-Secure Manager"="c:\program files (x86)\Elisa Tietoturvapalvelu\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files (x86)\Elisa Tietoturvapalvelu\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Elisa Avustaja"="c:\program files (x86)\Elisa\Avustaja\Elisa.exe" [2011-04-07 208384]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Cobian Backup 11 interface"="c:\program files (x86)\Cobian Backup 11\cbInterface.exe" [2012-07-31 4407808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"wave"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-08 868848]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google-päivityspalvelu (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-29 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Päivitä-palvelu (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-29 136176]
R3 jakndis;Jaksta Service;c:\windows\system32\DRIVERS\jakndis.sys [2011-07-21 35648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub; [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-07 1255736]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU; [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-08-15 56016]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Elisa Tietoturvapalvelu\HIPS\drivers\fshs.sys [2009-08-05 57920]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-12-16 45624]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-12-16 94280]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsvista.sys [2009-08-05 14904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/01/04 15:56];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-09-17 16:41 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-07-31 67584]
S2 CobianBackup11;Cobian Backup 11 Gravity;c:\program files (x86)\Cobian Backup 11\cbService.exe [2012-07-31 1131008]
S2 ElisaAvustajaSvc;Elisa Avustaja Service;c:\program files (x86)\Elisa\Avustaja\Service.exe [2011-03-16 463752]
S2 ESUSClient_ELS;Elisa Software Update Service;c:\program files (x86)\Elisa\ESUS\ESUS.exe [2011-05-04 358808]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AVER_H193;AVerMedia H193 Video Capture;c:\windows\system32\drivers\AVer888RC_64.sys [2009-11-13 543616]
S3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR_64.sys [2009-11-13 39936]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Elisa Tietoturvapalvelu\Anti-Virus\minifilter\fsgk.sys [2012-05-29 199848]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Elisa Tietoturvapalvelu\ORSP Client\fsorsp.exe [2011-05-23 61088]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 jakndisMP;jakndisMP;c:\windows\system32\DRIVERS\jakndis.sys [2011-07-21 35648]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-05-19 702976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 19:21]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-29 08:55]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-29 08:55]
.
2012-05-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
2012-09-02 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~2\ELISAT~1\ANTI-V~1\fsav.exe [2010-10-09 15:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"combofix"="c:\combofix\CF24804.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hs.fi/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Läh&etä OneNoteen - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: V&ie Microsoft Exceliin - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Elisa Tietoturvapalvelu\FSPS\program\FSLSP.DLL
Trusted Zone: fronter.com
Trusted Zone: microsoft.com\office
TCP: DhcpNameServer = 192.168.100.1
FF - ProfilePath - c:\users\Hermanni II\AppData\Roaming\Mozilla\Firefox\Profiles\zhpz7fqd.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.hs.fi/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{e8de9422-3b2c-4243-bf6f-235da84d8ef8} - (no file)
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
URLSearchHooks-{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Wow6432Node-HKCU-Run-Simp - (no file)
WebBrowser-{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Mount&Blade Warband - c:\program files (x86)\Mount&Blade Warband\uninstall.exe
AddRemove-{20E7BC40-33F6-4A81-9D52-B58349326206} - c:\programdata\Bcool\uninstall.exe
AddRemove-{3DD1486D-A480-4BF8-85C6-4455EC781497}_is1 - c:\program files (x86)\steam\steamapps\common\mountblade warband\Modules\mm russia\unins000.exe
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_…\00\00…\00\00\00\00\07\00JKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~…\00\00…\00\00\00\00…\00\00\00\00\00\00\00‘’“"
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4034016594-1618501320-529027764-1000\Software\SecuROM\License information*]
"datasecu"=hex:dd,c6,c5,1a,75,fb,d1,23,73,85,b4,b0,f2,d8,1c,21,9f,f1,75,c5,8d,
9f,dd,92,05,a2,43,64,e4,9e,a7,5e,73,bd,dd,38,6f,5c,2a,b6,62,0c,cc,15,e7,5b,\
"rkeysecu"=hex:e8,11,8b,28,5f,06,e2,c9,d0,f5,8d,9c,1b,0f,8e,f0
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
c:\program files (x86)\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
c:\program files (x86)\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Elisa Tietoturvapalvelu\Common\FSHDLL32.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Completion time: 2012-09-02 15:41:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-02 12:41
.
Pre-Run: 898 130 350 080 tavua vapaana
Post-Run: 898 102 812 672 tavua vapaana
.
- - End Of File - - 2A6B6C64198A4502D3875EA7A1B5D6CD

#7 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 PM

Posted 02 September 2012 - 08:32 AM

It's ok, we will just carry on from here. Nothing to be worried about. :)

Are you able to connect to TeamSpeak and experiencing BSOD?

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#8 Malvo

Malvo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 02 September 2012 - 03:46 PM

Yes, TeamSpeak and the others are working now as they should be so something has definitely been fixed. Haven't experienced BSOD anymore either.

Here's the FSS log:

Farbar Service Scanner Version: 06-08-2012
Ran by Hermanni II (administrator) on 02-09-2012 at 23:31:56
Running from "C:\Users\Hermanni II\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#9 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 PM

Posted 02 September 2012 - 09:46 PM

Hi,

That's good to hear. We will do a final followup before wrapping up. Please stay with me on this.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
===================================================

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Make sure you saved the log somewhere else. Select Uninstall application on close check box and push Posted Image
===================================================

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


===================================================

On your next reply please post :
ESET log
MBAM log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#10 Malvo

Malvo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 05 September 2012 - 10:19 AM

Hello and sorry it took so long with the reply.

This is what ESET online scan found:

C:\torrent.exe Win32/BundleInstaller.A application

I didn't do anything to it yet.


And here's the MBAM log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.05.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Hermanni II :: HERMANNI_II-PC [administrator]

5.9.2012 18:05:19
mbam-log-2012-09-05 (18-05-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226614
Time elapsed: 3 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 PM

Posted 06 September 2012 - 03:55 AM

Seems like you're good to go. :)

Follow these steps to uninstall Combofix
  • Click START then RUN
  • Now copy/paste the code into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix /Uninstall
Posted Image

===================================================

Now to remove most of the tools that we have used in fixing your machine:
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
===================================================

Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred.

--------------------------------------------------------------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.


Passwords
It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe.


SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:
To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an add-on available for both Firefox and IE.

  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
  • Download Host.zip and Save it to your Desktop.
  • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
  • Follow the prompts and click 'Finish'.
  • This will open the newly created hosts folder on your Desktop.
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  • Once updated you should see another prompt that the task was completed.
Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.

Hopefully this should take care of your problems! Good luck.

Do you have any questions or problems to ask? Please do not hesitate to do so.

**Please respond this one more time to ensure it is resolved and close this topic.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#12 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 PM

Posted 07 September 2012 - 10:50 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users