Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something is Deleting Registy Keys on Reboot


  • This topic is locked This topic is locked
16 replies to this topic

#1 EchoSRP

EchoSRP

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 31 August 2012 - 05:33 PM

I posted this thread yesterday when I first encountered the problems:
www.bleepingcomputer.com/forums/topic467041.html

Please review it, as it contains all the problems I'm having and solutions attempted as requested by another user here.

This thread (this one, not the one above) is my most recent post on this problem, you may find where I posted on other forums about the same issue, but they didn't solve my problems either.

I was referred to post in this forum after the posting of this screenshot from Eset Online Scanner: http://i840.photobucket.com/albums/zz328/PictureAccountPhotos/eset.png (I let the program remove this, but doesn't seem to be effective in solving my problem)

You see at the end my problems remain:

1. wuauserv and bits registry keys deleted upon every system reboot, even though I add them back.
2. Windows Update fails to check for updates with this error: Windows Update cannot currently check for updates, because the service is not running. You may need to restart your computer.
3. The Windows Update and BITS services are missing from the services list.

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.7.2
Run by Chalenor at 18:51:56 on 2012-08-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6255 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Fraps\fraps.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Synergy\synergys.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Fraps\fraps64.dat
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\notepad.exe
C:\$Recycle.Bin\S-1-5-18\$a20c8ad339a97e9dda1c833647729732\U
C:\Windows\system32\msiexec.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Synergy Server] "C:\Program Files\Synergy\synergys.exe" --no-daemon --debug WARNING --name 192.168.50.12 --address :24800
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: DhcpNameServer = 192.168.50.1
TCP: Interfaces\{035C81E8-9FA0-483E-B55D-0F366A6BB828} : DhcpNameServer = 192.168.50.1
TCP: Interfaces\{06FB7BD3-45A8-49EC-B92D-E58C46CE13EC} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chalenor\AppData\Roaming\Mozilla\Firefox\Profiles\3m4wapav.default\
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-16 2673064]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-4-10 164528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-14 250056]
S3 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;\??\C:\Windows\system32\drivers\massfilter_hs.sys --> C:\Windows\system32\drivers\massfilter_hs.sys [?]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-6 114144]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 RsFx0200;RsFx0200 Driver;C:\Windows\system32\DRIVERS\RsFx0200.sys --> C:\Windows\system32\DRIVERS\RsFx0200.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2012-2-11 597080]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-31 22:47:20 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-31 14:57:45 290304 ----a-w- C:\subinacl.exe
2012-08-31 14:57:10 -------- d-----w- C:\RegBackup
2012-08-31 14:50:49 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-08-31 05:13:25 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-08-31 01:26:27 -------- d-----w- C:\Users\Chalenor\AppData\Roaming\Malwarebytes
2012-08-31 01:26:18 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-30 23:53:17 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-08-29 05:04:05 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-28 21:38:55 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4A0D2A62-E38A-47BD-8C6B-170343110BD4}\mpengine.dll
2012-08-26 05:45:36 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.2
2012-08-22 18:52:37 -------- d-----w- C:\Users\Chalenor\AppData\Local\ElevatedDiagnostics
2012-08-21 06:28:30 -------- d-----w- C:\Program Files\Ventrilo
2012-08-21 06:28:25 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-08-18 17:53:11 -------- d-----w- C:\Users\Chalenor\.thumbnails
2012-08-15 17:27:22 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-13 17:49:52 -------- d---a-w- C:\Users\Chalenor\.android
2012-08-03 09:20:08 -------- d-----w- C:\Windows\pss
2012-08-03 04:17:18 -------- d-----w- C:\Users\Chalenor\AppData\Roaming\Nodus
2012-08-03 02:35:29 -------- d-----w- C:\Users\Chalenor\AppData\Roaming\.minecraft
.
==================== Find3M ====================
.
2012-08-31 22:47:18 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-31 22:47:18 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-14 23:44:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-14 23:44:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-22 05:26:58 121416 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-27 07:06:53 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-06-27 05:53:07 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-27 04:53:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-27 04:10:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-16 05:16:04 609792 ----a-w- C:\Windows\System32\vbscript.dll
2012-06-16 04:26:57 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-06-07 00:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
.
============= FINISH: 18:52:12.43 ===============


Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/15/2012 3:39:10 AM
System Uptime: 8/31/2012 6:11:51 PM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2AC2
Processor: Intel® Core™ i7-2600S CPU @ 2.80GHz | CPU 1 | 2801/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 920 GiB total, 857.404 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.372 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 1863 GiB total, 1831.468 GiB free.
K: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
ActiveCheck component for HP Active Support Library
Adobe Flash Player 11 Plugin
Audacity 2.0
Auslogics Disk Defrag
Cain & Abel v4.9.42
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cheat Engine 6.2
CL-Eye Driver
Crystal Reports for Visual Studio
D3DX10
DAEMON Tools Lite
Dotfuscator Software Services - Community Edition
Foxit Reader
Fraps (remove only)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2522890)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2635973)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
HP Customer Experience Enhancements
HP Odometer
HP Support Information
HPAsset component for HP Active Support Library
HydraVision
Java 7 Update 7
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
KeyTweak - Keyboard Remapper (remove only)
LabelPrint
LAME v3.99.3 (for Windows)
LogMeIn Hamachi
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Report Viewer 2012 Runtime
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server System CLR Types
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Shell (Isolated) - ENU
Microsoft Visual Studio Macro Tools
Microsoft Works 6-9 Converter
Microsoft WSE 3.0 Runtime
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Picasa 3
PlayReady PC Runtime x86
Power2Go
Rappelz_US
Realtek High Definition Audio Driver
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2644980)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2645410)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Skype™ 5.10
SQL Server Browser for SQL Server 2012
Synergy
TeamViewer 7
Tweaking.com - Windows Repair (All in One)
Update 4.0.2 for Microsoft .NET Framework 4 Client Profile (KB2544514)
Update 4.0.2 for Microsoft .NET Framework 4 Extended (KB2544514)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 2.0.1
WCF RIA Services V1.0 SP1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.2
.
==== Event Viewer Messages From Past Week ========
.
8/31/2012 5:36:51 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
8/31/2012 12:48:45 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
8/31/2012 12:45:25 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
8/31/2012 12:39:52 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/31/2012 12:20:09 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
8/31/2012 11:31:21 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
8/31/2012 1:13:49 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MICHAEL-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{159C6142-BF85-420A-9B40-A796ED3CCF34}. The master browser is stopping or an election is being forced.
8/31/2012 1:13:27 AM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/31/2012 1:13:27 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
8/31/2012 1:13:27 AM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/30/2012 11:22:06 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR44.
8/30/2012 11:18:04 PM, Error: Service Control Manager [7003] - The Windows Firewall service depends the following service: BFE. This service might not be installed.
8/30/2012 11:07:00 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/30/2012 11:06:57 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/30/2012 10:20:14 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Peer Networking Identity Manager service, but this action failed with the following error: An instance of the service is already running.
8/30/2012 10:15:14 PM, Error: Service Control Manager [7031] - The Peer Networking Identity Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/30/2012 10:15:14 PM, Error: Service Control Manager [7031] - The Peer Networking Grouping service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/30/2012 10:15:14 PM, Error: Service Control Manager [7031] - The Peer Name Resolution Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/30/2012 10:02:43 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR46.
8/29/2012 8:35:57 PM, Error: Service Control Manager [7000] - The NPPTNT2 service failed to start due to the following error: The system cannot find the file specified.
8/29/2012 8:35:56 PM, Error: Application Popup [1060] - \??\C:\gPotato\Rappelz\GameGuard\dump_wmimmc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/28/2012 6:54:43 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR42.
.
==== End Of File ===========================

I have closed the Post in Windows 7 titled Windows Registry Deletes Keys on Restart

If You need it reopened in the future Please PM a Moderator
Roger

Edited by rotor123, 31 August 2012 - 06:18 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:34 AM

Posted 31 August 2012 - 11:56 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 EchoSRP

EchoSRP
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 01 September 2012 - 01:46 AM

The programs you requested ran without problems.
However, Windows Update now returns this error after clicking to download new updates: Code 80246008 Windows Update encountered an unknown error.

I also have a new problem to report that I just noticed.
I am receiving data that is maxing out my bandwidth, even with no programs open that should be using the internet. Upon tracking down where the data was going to on my hard drive, I found files being written in this folder: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OCJ515KL

I see several files constantly being created in this folder, as if someone is browsing the internet on my computer to create temp files. I delete them, but more always come in. They are files like twitter pictures, random website images, txt files containing html, and some files have names of what appears to be searches or related content, like : Popular%20Salad%20Topings. The folder itself is being populated with these files live in front of me as I stare at it. At one point, it started being flooded with several random images of people like from facebook photos maybe. I don't open the pictures, I can just see the thumbnails. But it made the folder size like 200 MB before I deleted everything in it again.

No one but me is running a computer in the house, and my modem is not wireless. I have the only cable running from modem straight to my computer. So however I am receiving these files, it isn't from my LAN. How can someone browsing the internet be sending their temp files to me over the internet? I don't understand this or why someone would want to do this. Right now, I'm watching it, and I still see files flooding in like captcha images, images of the Olympics with file names like 4-great-ways-to-stay-fit.txt and files called auth(1).htm auth(2).htm and such.

The only way I get it to stop is by unplugging my network cable or turning off the modem. But then when I turn it back on, they start flooding in again.

I don't think they know that I can see any of this, since the websites they visit are so random. How is this even possible?

Checkup Log:
Results of screen317's Security Check version 0.99.49
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.3.300.271 Flash Player out of Date!
Mozilla Firefox (15.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



ComboFix log:
ComboFix 12-08-31.08 - Chalenor 09/01/2012 2:06.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6089 [GMT -4:00]
Running from: c:\users\Chalenor\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-18\$a20c8ad339a97e9dda1c833647729732\@
c:\$recycle.bin\S-1-5-18\$a20c8ad339a97e9dda1c833647729732\n
c:\$recycle.bin\S-1-5-18\$a20c8ad339a97e9dda1c833647729732\U\00000001.@
c:\$recycle.bin\S-1-5-18\$a20c8ad339a97e9dda1c833647729732\U\80000000.@
c:\$recycle.bin\S-1-5-18\$a20c8ad339a97e9dda1c833647729732\U\800000cb.@
c:\$recycle.bin\S-1-5-21-1409766954-897265469-4161670676-1001\$a20c8ad339a97e9dda1c833647729732\@
c:\$recycle.bin\S-1-5-21-1409766954-897265469-4161670676-1001\$a20c8ad339a97e9dda1c833647729732\n
c:\windows\security\Database\tmp.edb
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))
.
.
2012-09-01 06:09 . 2012-09-01 06:10 -------- d-----w- c:\users\Chalenor\AppData\Local\temp
2012-08-31 22:47 . 2012-08-31 22:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-31 22:47 . 2012-08-31 22:47 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-31 22:47 . 2012-08-31 22:47 -------- d-----w- c:\program files (x86)\Java
2012-08-31 14:57 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-08-31 14:57 . 2012-08-31 14:57 -------- d-----w- C:\RegBackup
2012-08-31 14:50 . 2012-08-31 14:58 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-08-31 07:58 . 2012-08-31 14:59 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-08-31 05:13 . 2012-08-31 05:13 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-08-31 02:03 . 2012-08-03 08:27 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-31 01:26 . 2012-08-31 01:26 -------- d-----w- c:\users\Chalenor\AppData\Roaming\Malwarebytes
2012-08-31 01:26 . 2012-08-31 01:26 -------- d-----w- c:\programdata\Malwarebytes
2012-08-30 23:53 . 2012-08-30 23:53 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-29 05:04 . 2012-08-29 05:04 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-28 21:38 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A0D2A62-E38A-47BD-8C6B-170343110BD4}\mpengine.dll
2012-08-26 05:45 . 2012-08-26 05:45 -------- d-----w- c:\program files (x86)\Cheat Engine 6.2
2012-08-22 18:52 . 2012-08-31 01:47 -------- d-----w- c:\users\Chalenor\AppData\Local\ElevatedDiagnostics
2012-08-21 06:29 . 2012-08-31 04:21 -------- d-----w- c:\users\Chalenor\AppData\Roaming\Ventrilo
2012-08-21 06:28 . 2012-08-21 06:28 -------- d-----w- c:\program files\Ventrilo
2012-08-21 06:28 . 2012-08-21 06:28 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-18 17:53 . 2012-08-18 17:53 -------- d-----w- c:\users\Chalenor\.thumbnails
2012-08-15 17:27 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-13 17:49 . 2012-08-13 17:49 -------- d---a-w- c:\users\Chalenor\.android
2012-08-03 04:17 . 2012-08-03 05:24 -------- d-----w- c:\users\Chalenor\AppData\Roaming\Nodus
2012-08-03 02:35 . 2012-08-03 02:36 -------- d-----w- c:\users\Chalenor\AppData\Roaming\.minecraft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 22:47 . 2012-05-15 05:28 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-31 22:47 . 2012-05-15 05:28 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-14 23:44 . 2012-05-15 06:53 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-14 23:44 . 2012-05-15 06:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-22 05:26 . 2012-05-15 06:00 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2012-07-18 13:51 . 2012-05-15 06:20 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-06-09 05:43 . 2012-07-10 18:37 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-10 18:37 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-10 18:37 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-10 18:37 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-10 18:37 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-10 18:37 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-10 18:37 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synergy Server"="c:\program files\Synergy\synergys.exe" [2011-06-18 982528]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-04-10 668944]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-01-14 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 ALSysIO;ALSysIO;c:\users\Chalenor\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato\Rappelz\GameGuard\dump_wmimmc.sys [x]
R3 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2011-07-07 18456]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-07-22 121416]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-29 114144]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-15 1255736]
R4 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys [2012-02-11 334936]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2012-02-11 597080]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-15 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-24 2735528]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-11-05 1041760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 23:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Chalenor\AppData\Roaming\Mozilla\Firefox\Profiles\3m4wapav.default\
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Tweaking.com - Windows Repair (All in One) - c:\program files (x86)\Tweaking.com\Windows Repair (All in One)\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\fraps\fraps.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Completion time: 2012-09-01 02:12:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-01 06:12
.
Pre-Run: 920,953,126,912 bytes free
Post-Run: 920,683,515,904 bytes free
.
- - End Of File - - 6C0962AEF04A27FB3A3A596419917B44

Edited by EchoSRP, 01 September 2012 - 02:08 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:34 AM

Posted 01 September 2012 - 01:49 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 EchoSRP

EchoSRP
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 01 September 2012 - 02:53 AM

The tdsskiller scan didn't find anything.
I let aswmbr download the definitions and then it scanned.

I stopped receiving the temp files from whoever was doing it. I think they got off their computer for the night.
Windows Update is still throwing error code 80246008


03:34:15.0131 0944 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
03:34:15.0755 0944 ============================================================
03:34:15.0755 0944 Current date / time: 2012/09/01 03:34:15.0755
03:34:15.0755 0944 SystemInfo:
03:34:15.0755 0944
03:34:15.0755 0944 OS Version: 6.1.7601 ServicePack: 1.0
03:34:15.0755 0944 Product type: Workstation
03:34:15.0755 0944 ComputerName: CHALENOR-PC
03:34:15.0755 0944 UserName: Chalenor
03:34:15.0755 0944 Windows directory: C:\Windows
03:34:15.0755 0944 System windows directory: C:\Windows
03:34:15.0755 0944 Running under WOW64
03:34:15.0755 0944 Processor architecture: Intel x64
03:34:15.0755 0944 Number of processors: 8
03:34:15.0755 0944 Page size: 0x1000
03:34:15.0755 0944 Boot type: Normal boot
03:34:15.0755 0944 ============================================================
03:34:16.0067 0944 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:34:16.0083 0944 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1115E00 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
03:34:24.0460 0944 ============================================================
03:34:24.0460 0944 \Device\Harddisk0\DR0:
03:34:24.0460 0944 MBR partitions:
03:34:24.0460 0944 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
03:34:24.0460 0944 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73056000
03:34:24.0460 0944 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x73088800, BlocksNum 0x167D800
03:34:24.0460 0944 \Device\Harddisk1\DR1:
03:34:24.0460 0944 MBR partitions:
03:34:24.0460 0944 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E074C1
03:34:24.0460 0944 ============================================================
03:34:24.0507 0944 C: <-> \Device\Harddisk0\DR0\Partition2
03:34:24.0569 0944 D: <-> \Device\Harddisk0\DR0\Partition3
03:34:24.0600 0944 J: <-> \Device\Harddisk1\DR1\Partition1
03:34:24.0600 0944 ============================================================
03:34:24.0600 0944 Initialize success
03:34:24.0600 0944 ============================================================
03:34:40.0887 0196 ============================================================
03:34:40.0887 0196 Scan started
03:34:40.0887 0196 Mode: Manual;
03:34:40.0887 0196 ============================================================
03:34:41.0043 0196 ================ Scan system memory ========================
03:34:41.0043 0196 System memory - ok
03:34:41.0043 0196 ================ Scan services =============================
03:34:41.0246 0196 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
03:34:41.0246 0196 1394ohci - ok
03:34:41.0277 0196 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
03:34:41.0277 0196 ACPI - ok
03:34:41.0292 0196 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
03:34:41.0292 0196 AcpiPmi - ok
03:34:41.0386 0196 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
03:34:41.0386 0196 AdobeFlashPlayerUpdateSvc - ok
03:34:41.0417 0196 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
03:34:41.0433 0196 adp94xx - ok
03:34:41.0448 0196 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
03:34:41.0448 0196 adpahci - ok
03:34:41.0464 0196 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
03:34:41.0464 0196 adpu320 - ok
03:34:41.0495 0196 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
03:34:41.0495 0196 AeLookupSvc - ok
03:34:41.0511 0196 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
03:34:41.0526 0196 AFD - ok
03:34:41.0542 0196 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
03:34:41.0542 0196 agp440 - ok
03:34:41.0558 0196 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
03:34:41.0558 0196 ALG - ok
03:34:41.0558 0196 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
03:34:41.0558 0196 aliide - ok
03:34:41.0636 0196 ALSysIO - ok
03:34:41.0667 0196 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
03:34:41.0667 0196 AMD External Events Utility - ok
03:34:41.0667 0196 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
03:34:41.0667 0196 amdide - ok
03:34:41.0667 0196 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
03:34:41.0682 0196 AmdK8 - ok
03:34:41.0807 0196 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
03:34:41.0901 0196 amdkmdag - ok
03:34:41.0916 0196 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
03:34:41.0916 0196 amdkmdap - ok
03:34:41.0932 0196 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
03:34:41.0932 0196 AmdPPM - ok
03:34:41.0963 0196 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
03:34:41.0963 0196 amdsata - ok
03:34:41.0979 0196 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
03:34:41.0994 0196 amdsbs - ok
03:34:41.0994 0196 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
03:34:41.0994 0196 amdxata - ok
03:34:42.0010 0196 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
03:34:42.0010 0196 AppID - ok
03:34:42.0026 0196 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
03:34:42.0026 0196 AppIDSvc - ok
03:34:42.0041 0196 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
03:34:42.0041 0196 Appinfo - ok
03:34:42.0072 0196 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
03:34:42.0072 0196 arc - ok
03:34:42.0072 0196 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
03:34:42.0072 0196 arcsas - ok
03:34:42.0135 0196 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
03:34:42.0135 0196 aspnet_state - ok
03:34:42.0166 0196 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
03:34:42.0166 0196 AsyncMac - ok
03:34:42.0182 0196 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
03:34:42.0182 0196 atapi - ok
03:34:42.0213 0196 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
03:34:42.0213 0196 AtiHDAudioService - ok
03:34:42.0244 0196 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
03:34:42.0244 0196 AudioEndpointBuilder - ok
03:34:42.0260 0196 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
03:34:42.0260 0196 AudioSrv - ok
03:34:42.0260 0196 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
03:34:42.0275 0196 AxInstSV - ok
03:34:42.0306 0196 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
03:34:42.0306 0196 b06bdrv - ok
03:34:42.0338 0196 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
03:34:42.0353 0196 b57nd60a - ok
03:34:42.0369 0196 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
03:34:42.0369 0196 BDESVC - ok
03:34:42.0369 0196 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
03:34:42.0369 0196 Beep - ok
03:34:42.0431 0196 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
03:34:42.0431 0196 BFE - ok
03:34:42.0462 0196 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
03:34:42.0462 0196 blbdrive - ok
03:34:42.0478 0196 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
03:34:42.0478 0196 bowser - ok
03:34:42.0494 0196 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
03:34:42.0494 0196 BrFiltLo - ok
03:34:42.0494 0196 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
03:34:42.0494 0196 BrFiltUp - ok
03:34:42.0494 0196 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
03:34:42.0509 0196 BridgeMP - ok
03:34:42.0525 0196 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
03:34:42.0540 0196 Browser - ok
03:34:42.0556 0196 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
03:34:42.0556 0196 Brserid - ok
03:34:42.0556 0196 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
03:34:42.0556 0196 BrSerWdm - ok
03:34:42.0572 0196 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
03:34:42.0572 0196 BrUsbMdm - ok
03:34:42.0572 0196 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
03:34:42.0572 0196 BrUsbSer - ok
03:34:42.0572 0196 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
03:34:42.0572 0196 BTHMODEM - ok
03:34:42.0587 0196 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
03:34:42.0587 0196 bthserv - ok
03:34:42.0603 0196 catchme - ok
03:34:42.0618 0196 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
03:34:42.0618 0196 cdfs - ok
03:34:42.0634 0196 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
03:34:42.0634 0196 cdrom - ok
03:34:42.0650 0196 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
03:34:42.0665 0196 CertPropSvc - ok
03:34:42.0665 0196 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
03:34:42.0665 0196 circlass - ok
03:34:42.0681 0196 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
03:34:42.0681 0196 CLFS - ok
03:34:42.0712 0196 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:34:42.0712 0196 clr_optimization_v2.0.50727_32 - ok
03:34:42.0743 0196 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:34:42.0743 0196 clr_optimization_v2.0.50727_64 - ok
03:34:42.0790 0196 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:34:42.0790 0196 clr_optimization_v4.0.30319_32 - ok
03:34:42.0806 0196 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:34:42.0806 0196 clr_optimization_v4.0.30319_64 - ok
03:34:42.0821 0196 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
03:34:42.0821 0196 CmBatt - ok
03:34:42.0821 0196 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
03:34:42.0821 0196 cmdide - ok
03:34:42.0852 0196 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
03:34:42.0852 0196 CNG - ok
03:34:42.0868 0196 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
03:34:42.0868 0196 Compbatt - ok
03:34:42.0899 0196 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
03:34:42.0899 0196 CompositeBus - ok
03:34:42.0899 0196 COMSysApp - ok
03:34:42.0915 0196 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
03:34:42.0915 0196 crcdisk - ok
03:34:42.0946 0196 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
03:34:42.0946 0196 CryptSvc - ok
03:34:42.0962 0196 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
03:34:42.0962 0196 DcomLaunch - ok
03:34:42.0977 0196 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
03:34:42.0993 0196 defragsvc - ok
03:34:42.0993 0196 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
03:34:42.0993 0196 DfsC - ok
03:34:43.0008 0196 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
03:34:43.0008 0196 Dhcp - ok
03:34:43.0024 0196 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
03:34:43.0024 0196 discache - ok
03:34:43.0024 0196 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
03:34:43.0024 0196 Disk - ok
03:34:43.0040 0196 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
03:34:43.0055 0196 Dnscache - ok
03:34:43.0071 0196 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
03:34:43.0071 0196 dot3svc - ok
03:34:43.0086 0196 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
03:34:43.0086 0196 DPS - ok
03:34:43.0102 0196 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
03:34:43.0102 0196 drmkaud - ok
03:34:43.0133 0196 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
03:34:43.0133 0196 dtsoftbus01 - ok
03:34:43.0196 0196 dump_wmimmc - ok
03:34:43.0227 0196 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
03:34:43.0227 0196 DXGKrnl - ok
03:34:43.0258 0196 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
03:34:43.0258 0196 EapHost - ok
03:34:43.0305 0196 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
03:34:43.0320 0196 ebdrv - ok
03:34:43.0352 0196 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
03:34:43.0352 0196 EFS - ok
03:34:43.0398 0196 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
03:34:43.0414 0196 ehRecvr - ok
03:34:43.0414 0196 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
03:34:43.0414 0196 ehSched - ok
03:34:43.0445 0196 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
03:34:43.0461 0196 elxstor - ok
03:34:43.0461 0196 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
03:34:43.0461 0196 ErrDev - ok
03:34:43.0461 0196 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
03:34:43.0476 0196 EventSystem - ok
03:34:43.0476 0196 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
03:34:43.0476 0196 exfat - ok
03:34:43.0492 0196 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
03:34:43.0492 0196 fastfat - ok
03:34:43.0508 0196 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
03:34:43.0523 0196 Fax - ok
03:34:43.0523 0196 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
03:34:43.0523 0196 fdc - ok
03:34:43.0539 0196 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
03:34:43.0539 0196 fdPHost - ok
03:34:43.0539 0196 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
03:34:43.0539 0196 FDResPub - ok
03:34:43.0554 0196 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
03:34:43.0554 0196 FileInfo - ok
03:34:43.0570 0196 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
03:34:43.0570 0196 Filetrace - ok
03:34:43.0570 0196 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
03:34:43.0570 0196 flpydisk - ok
03:34:43.0586 0196 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
03:34:43.0586 0196 FltMgr - ok
03:34:43.0601 0196 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
03:34:43.0617 0196 FontCache - ok
03:34:43.0664 0196 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:34:43.0664 0196 FontCache3.0.0.0 - ok
03:34:43.0679 0196 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
03:34:43.0679 0196 FsDepends - ok
03:34:43.0695 0196 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
03:34:43.0695 0196 Fs_Rec - ok
03:34:43.0710 0196 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
03:34:43.0710 0196 fvevol - ok
03:34:43.0726 0196 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
03:34:43.0742 0196 gagp30kx - ok
03:34:43.0757 0196 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
03:34:43.0757 0196 gpsvc - ok
03:34:43.0820 0196 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
03:34:43.0820 0196 gusvc - ok
03:34:43.0835 0196 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
03:34:43.0851 0196 hamachi - ok
03:34:43.0913 0196 [ F10C3F2E002100BF8B797DCF283FEA7D ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
03:34:43.0944 0196 Hamachi2Svc - ok
03:34:43.0944 0196 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
03:34:43.0944 0196 hcw85cir - ok
03:34:43.0960 0196 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
03:34:43.0976 0196 HdAudAddService - ok
03:34:44.0007 0196 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
03:34:44.0007 0196 HDAudBus - ok
03:34:44.0007 0196 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
03:34:44.0007 0196 HidBatt - ok
03:34:44.0022 0196 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
03:34:44.0022 0196 HidBth - ok
03:34:44.0022 0196 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
03:34:44.0022 0196 HidIr - ok
03:34:44.0038 0196 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
03:34:44.0054 0196 hidserv - ok
03:34:44.0054 0196 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
03:34:44.0054 0196 HidUsb - ok
03:34:44.0069 0196 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
03:34:44.0069 0196 hkmsvc - ok
03:34:44.0069 0196 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
03:34:44.0085 0196 HomeGroupListener - ok
03:34:44.0085 0196 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
03:34:44.0085 0196 HomeGroupProvider - ok
03:34:44.0147 0196 [ 7B8C1B09C11E8DB7C4480ABD7D17E821 ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
03:34:44.0147 0196 HPAuto - ok
03:34:44.0163 0196 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
03:34:44.0178 0196 HPClientSvc - ok
03:34:44.0194 0196 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
03:34:44.0194 0196 HpSAMD - ok
03:34:44.0210 0196 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
03:34:44.0225 0196 HTTP - ok
03:34:44.0225 0196 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
03:34:44.0225 0196 hwpolicy - ok
03:34:44.0256 0196 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
03:34:44.0272 0196 i8042prt - ok
03:34:44.0288 0196 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\drivers\iaStor.sys
03:34:44.0288 0196 iaStor - ok
03:34:44.0303 0196 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
03:34:44.0319 0196 iaStorV - ok
03:34:44.0350 0196 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:34:44.0350 0196 idsvc - ok
03:34:44.0428 0196 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
03:34:44.0475 0196 igfx - ok
03:34:44.0475 0196 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
03:34:44.0475 0196 iirsp - ok
03:34:44.0522 0196 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
03:34:44.0522 0196 IKEEXT - ok
03:34:44.0584 0196 [ 392D5C87F282E8E36DF5154418A7BB20 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
03:34:44.0584 0196 IntcAzAudAddService - ok
03:34:44.0600 0196 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
03:34:44.0600 0196 intelide - ok
03:34:44.0631 0196 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
03:34:44.0631 0196 intelppm - ok
03:34:44.0646 0196 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
03:34:44.0646 0196 IPBusEnum - ok
03:34:44.0662 0196 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:34:44.0662 0196 IpFilterDriver - ok
03:34:44.0709 0196 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
03:34:44.0724 0196 iphlpsvc - ok
03:34:44.0724 0196 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
03:34:44.0724 0196 IPMIDRV - ok
03:34:44.0740 0196 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
03:34:44.0740 0196 IPNAT - ok
03:34:44.0756 0196 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
03:34:44.0756 0196 IRENUM - ok
03:34:44.0771 0196 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
03:34:44.0771 0196 isapnp - ok
03:34:44.0771 0196 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
03:34:44.0787 0196 iScsiPrt - ok
03:34:44.0787 0196 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
03:34:44.0787 0196 kbdclass - ok
03:34:44.0818 0196 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
03:34:44.0818 0196 kbdhid - ok
03:34:44.0818 0196 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
03:34:44.0818 0196 KeyIso - ok
03:34:44.0849 0196 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
03:34:44.0849 0196 KSecDD - ok
03:34:44.0849 0196 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
03:34:44.0849 0196 KSecPkg - ok
03:34:44.0865 0196 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
03:34:44.0865 0196 ksthunk - ok
03:34:44.0880 0196 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
03:34:44.0896 0196 KtmRm - ok
03:34:44.0912 0196 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
03:34:44.0927 0196 LanmanServer - ok
03:34:44.0943 0196 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
03:34:44.0943 0196 LanmanWorkstation - ok
03:34:44.0958 0196 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
03:34:44.0974 0196 lltdio - ok
03:34:44.0990 0196 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
03:34:44.0990 0196 lltdsvc - ok
03:34:45.0005 0196 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
03:34:45.0005 0196 lmhosts - ok
03:34:45.0021 0196 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
03:34:45.0021 0196 LSI_FC - ok
03:34:45.0036 0196 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
03:34:45.0036 0196 LSI_SAS - ok
03:34:45.0036 0196 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
03:34:45.0036 0196 LSI_SAS2 - ok
03:34:45.0052 0196 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
03:34:45.0052 0196 LSI_SCSI - ok
03:34:45.0068 0196 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
03:34:45.0068 0196 luafv - ok
03:34:45.0099 0196 [ 9B4B4838A6C8DC97416581C13CB6482C ] massfilter_hs C:\Windows\system32\drivers\massfilter_hs.sys
03:34:45.0099 0196 massfilter_hs - ok
03:34:45.0114 0196 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
03:34:45.0114 0196 Mcx2Svc - ok
03:34:45.0130 0196 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
03:34:45.0130 0196 megasas - ok
03:34:45.0130 0196 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
03:34:45.0130 0196 MegaSR - ok
03:34:45.0161 0196 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
03:34:45.0161 0196 MEIx64 - ok
03:34:45.0177 0196 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
03:34:45.0177 0196 MMCSS - ok
03:34:45.0177 0196 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
03:34:45.0177 0196 Modem - ok
03:34:45.0208 0196 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
03:34:45.0208 0196 monitor - ok
03:34:45.0224 0196 [ C030F9E822A057C1A7A9BB4EA3E8877E ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
03:34:45.0224 0196 MotioninJoyXFilter - ok
03:34:45.0239 0196 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
03:34:45.0239 0196 mouclass - ok
03:34:45.0255 0196 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
03:34:45.0270 0196 mouhid - ok
03:34:45.0286 0196 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
03:34:45.0286 0196 mountmgr - ok
03:34:45.0302 0196 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
03:34:45.0302 0196 MozillaMaintenance - ok
03:34:45.0317 0196 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
03:34:45.0317 0196 mpio - ok
03:34:45.0333 0196 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
03:34:45.0333 0196 mpsdrv - ok
03:34:45.0364 0196 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
03:34:45.0364 0196 MpsSvc - ok
03:34:45.0364 0196 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
03:34:45.0364 0196 MRxDAV - ok
03:34:45.0395 0196 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
03:34:45.0395 0196 mrxsmb - ok
03:34:45.0411 0196 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:34:45.0411 0196 mrxsmb10 - ok
03:34:45.0411 0196 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:34:45.0411 0196 mrxsmb20 - ok
03:34:45.0426 0196 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
03:34:45.0426 0196 msahci - ok
03:34:45.0426 0196 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
03:34:45.0442 0196 msdsm - ok
03:34:45.0442 0196 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
03:34:45.0458 0196 MSDTC - ok
03:34:45.0473 0196 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
03:34:45.0473 0196 Msfs - ok
03:34:45.0489 0196 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
03:34:45.0489 0196 mshidkmdf - ok
03:34:45.0489 0196 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
03:34:45.0489 0196 msisadrv - ok
03:34:45.0520 0196 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
03:34:45.0520 0196 MSiSCSI - ok
03:34:45.0520 0196 msiserver - ok
03:34:45.0536 0196 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
03:34:45.0536 0196 MSKSSRV - ok
03:34:45.0551 0196 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
03:34:45.0551 0196 MSPCLOCK - ok
03:34:45.0551 0196 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
03:34:45.0551 0196 MSPQM - ok
03:34:45.0567 0196 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
03:34:45.0567 0196 MsRPC - ok
03:34:45.0567 0196 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
03:34:45.0567 0196 mssmbios - ok
03:34:45.0660 0196 [ 3AE13C9869B7CE1135BCF21C0AAA68ED ] MSSQL$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
03:34:45.0660 0196 MSSQL$SQLEXPRESS - ok
03:34:45.0660 0196 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
03:34:45.0660 0196 MSTEE - ok
03:34:45.0676 0196 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
03:34:45.0692 0196 MTConfig - ok
03:34:45.0692 0196 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
03:34:45.0692 0196 Mup - ok
03:34:45.0707 0196 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
03:34:45.0707 0196 napagent - ok
03:34:45.0738 0196 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
03:34:45.0754 0196 NativeWifiP - ok
03:34:45.0770 0196 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
03:34:45.0785 0196 NDIS - ok
03:34:45.0785 0196 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
03:34:45.0785 0196 NdisCap - ok
03:34:45.0801 0196 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
03:34:45.0801 0196 NdisTapi - ok
03:34:45.0801 0196 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
03:34:45.0801 0196 Ndisuio - ok
03:34:45.0816 0196 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
03:34:45.0816 0196 NdisWan - ok
03:34:45.0816 0196 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
03:34:45.0816 0196 NDProxy - ok
03:34:45.0816 0196 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
03:34:45.0816 0196 NetBIOS - ok
03:34:45.0816 0196 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
03:34:45.0832 0196 NetBT - ok
03:34:45.0832 0196 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
03:34:45.0832 0196 Netlogon - ok
03:34:45.0848 0196 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
03:34:45.0848 0196 Netman - ok
03:34:45.0863 0196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:34:45.0863 0196 NetMsmqActivator - ok
03:34:45.0863 0196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:34:45.0879 0196 NetPipeActivator - ok
03:34:45.0879 0196 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
03:34:45.0879 0196 netprofm - ok
03:34:45.0926 0196 [ 24CF1304D899124336F67F88F3C15E21 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
03:34:45.0926 0196 netr28x - ok
03:34:45.0926 0196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:34:45.0926 0196 NetTcpActivator - ok
03:34:45.0926 0196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:34:45.0926 0196 NetTcpPortSharing - ok
03:34:45.0957 0196 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
03:34:45.0957 0196 nfrd960 - ok
03:34:45.0972 0196 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
03:34:45.0972 0196 NlaSvc - ok
03:34:46.0004 0196 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
03:34:46.0004 0196 NPF - ok
03:34:46.0019 0196 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
03:34:46.0019 0196 Npfs - ok
03:34:46.0019 0196 npggsvc - ok
03:34:46.0019 0196 NPPTNT2 - ok
03:34:46.0035 0196 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
03:34:46.0050 0196 nsi - ok
03:34:46.0050 0196 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
03:34:46.0050 0196 nsiproxy - ok
03:34:46.0082 0196 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
03:34:46.0097 0196 Ntfs - ok
03:34:46.0144 0196 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
03:34:46.0144 0196 Null - ok
03:34:46.0206 0196 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
03:34:46.0206 0196 nvraid - ok
03:34:46.0222 0196 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
03:34:46.0222 0196 nvstor - ok
03:34:46.0238 0196 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
03:34:46.0238 0196 nv_agp - ok
03:34:46.0362 0196 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
03:34:46.0378 0196 odserv - ok
03:34:46.0378 0196 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
03:34:46.0394 0196 ohci1394 - ok
03:34:46.0425 0196 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:34:46.0425 0196 ose - ok
03:34:46.0440 0196 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
03:34:46.0456 0196 p2pimsvc - ok
03:34:46.0472 0196 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
03:34:46.0472 0196 p2psvc - ok
03:34:46.0487 0196 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
03:34:46.0487 0196 Parport - ok
03:34:46.0503 0196 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
03:34:46.0503 0196 partmgr - ok
03:34:46.0518 0196 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
03:34:46.0534 0196 PcaSvc - ok
03:34:46.0534 0196 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
03:34:46.0534 0196 pci - ok
03:34:46.0550 0196 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
03:34:46.0550 0196 pciide - ok
03:34:46.0565 0196 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
03:34:46.0565 0196 pcmcia - ok
03:34:46.0565 0196 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
03:34:46.0565 0196 pcw - ok
03:34:46.0581 0196 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
03:34:46.0596 0196 PEAUTH - ok
03:34:46.0659 0196 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
03:34:46.0674 0196 PerfHost - ok
03:34:46.0706 0196 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
03:34:46.0706 0196 pla - ok
03:34:46.0737 0196 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
03:34:46.0737 0196 PlugPlay - ok
03:34:46.0752 0196 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
03:34:46.0752 0196 PNRPAutoReg - ok
03:34:46.0768 0196 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
03:34:46.0768 0196 PNRPsvc - ok
03:34:46.0768 0196 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
03:34:46.0784 0196 PolicyAgent - ok
03:34:46.0815 0196 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
03:34:46.0815 0196 Power - ok
03:34:46.0830 0196 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
03:34:46.0830 0196 PptpMiniport - ok
03:34:46.0846 0196 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
03:34:46.0846 0196 Processor - ok
03:34:46.0877 0196 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
03:34:46.0877 0196 ProfSvc - ok
03:34:46.0893 0196 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
03:34:46.0893 0196 ProtectedStorage - ok
03:34:46.0908 0196 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
03:34:46.0908 0196 Psched - ok
03:34:46.0940 0196 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
03:34:46.0955 0196 ql2300 - ok
03:34:46.0971 0196 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
03:34:46.0971 0196 ql40xx - ok
03:34:46.0986 0196 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
03:34:46.0986 0196 QWAVE - ok
03:34:46.0986 0196 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
03:34:47.0002 0196 QWAVEdrv - ok
03:34:47.0002 0196 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
03:34:47.0002 0196 RasAcd - ok
03:34:47.0018 0196 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
03:34:47.0033 0196 RasAgileVpn - ok
03:34:47.0049 0196 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
03:34:47.0049 0196 RasAuto - ok
03:34:47.0064 0196 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
03:34:47.0064 0196 Rasl2tp - ok
03:34:47.0080 0196 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
03:34:47.0080 0196 RasMan - ok
03:34:47.0096 0196 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
03:34:47.0096 0196 RasPppoe - ok
03:34:47.0096 0196 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
03:34:47.0111 0196 RasSstp - ok
03:34:47.0127 0196 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
03:34:47.0127 0196 rdbss - ok
03:34:47.0142 0196 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
03:34:47.0142 0196 rdpbus - ok
03:34:47.0142 0196 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
03:34:47.0142 0196 RDPCDD - ok
03:34:47.0158 0196 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
03:34:47.0158 0196 RDPENCDD - ok
03:34:47.0158 0196 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
03:34:47.0158 0196 RDPREFMP - ok
03:34:47.0174 0196 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
03:34:47.0189 0196 RDPWD - ok
03:34:47.0189 0196 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
03:34:47.0189 0196 rdyboost - ok
03:34:47.0220 0196 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
03:34:47.0220 0196 RemoteAccess - ok
03:34:47.0220 0196 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
03:34:47.0220 0196 RemoteRegistry - ok
03:34:47.0236 0196 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
03:34:47.0236 0196 rpcapd - ok
03:34:47.0236 0196 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
03:34:47.0236 0196 RpcEptMapper - ok
03:34:47.0252 0196 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
03:34:47.0252 0196 RpcLocator - ok
03:34:47.0267 0196 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
03:34:47.0267 0196 RpcSs - ok
03:34:47.0314 0196 [ 5AA85332CB1694871B2F0704E0FC9113 ] RsFx0200 C:\Windows\system32\DRIVERS\RsFx0200.sys
03:34:47.0314 0196 RsFx0200 - ok
03:34:47.0330 0196 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
03:34:47.0345 0196 rspndr - ok
03:34:47.0376 0196 [ AFC12DFA4C7B089673AD67402CA19EDB ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
03:34:47.0376 0196 RTL8167 - ok
03:34:47.0376 0196 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
03:34:47.0376 0196 SamSs - ok
03:34:47.0423 0196 [ 0FE05DD9BBF0782E2BBF0977F2034616 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
03:34:47.0423 0196 SbieDrv - ok
03:34:47.0423 0196 [ C970C7B2FD2E811525D4578D50B535F5 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
03:34:47.0423 0196 SbieSvc - ok
03:34:47.0439 0196 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
03:34:47.0439 0196 sbp2port - ok
03:34:47.0454 0196 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
03:34:47.0470 0196 SCardSvr - ok
03:34:47.0470 0196 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
03:34:47.0470 0196 scfilter - ok
03:34:47.0486 0196 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
03:34:47.0501 0196 Schedule - ok
03:34:47.0517 0196 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
03:34:47.0517 0196 SCPolicySvc - ok
03:34:47.0532 0196 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
03:34:47.0532 0196 SDRSVC - ok
03:34:47.0548 0196 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
03:34:47.0548 0196 secdrv - ok
03:34:47.0548 0196 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
03:34:47.0548 0196 seclogon - ok
03:34:47.0564 0196 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
03:34:47.0564 0196 SENS - ok
03:34:47.0579 0196 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
03:34:47.0579 0196 SensrSvc - ok
03:34:47.0595 0196 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
03:34:47.0595 0196 Serenum - ok
03:34:47.0626 0196 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
03:34:47.0626 0196 Serial - ok
03:34:47.0626 0196 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
03:34:47.0642 0196 sermouse - ok
03:34:47.0642 0196 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
03:34:47.0657 0196 SessionEnv - ok
03:34:47.0657 0196 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
03:34:47.0657 0196 sffdisk - ok
03:34:47.0657 0196 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
03:34:47.0657 0196 sffp_mmc - ok
03:34:47.0673 0196 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
03:34:47.0673 0196 sffp_sd - ok
03:34:47.0688 0196 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
03:34:47.0688 0196 sfloppy - ok
03:34:47.0720 0196 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
03:34:47.0720 0196 SharedAccess - ok
03:34:47.0735 0196 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
03:34:47.0735 0196 ShellHWDetection - ok
03:34:47.0751 0196 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
03:34:47.0751 0196 SiSRaid2 - ok
03:34:47.0751 0196 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
03:34:47.0751 0196 SiSRaid4 - ok
03:34:47.0782 0196 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
03:34:47.0782 0196 SkypeUpdate - ok
03:34:47.0798 0196 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
03:34:47.0798 0196 Smb - ok
03:34:47.0829 0196 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
03:34:47.0829 0196 SNMPTRAP - ok
03:34:47.0844 0196 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
03:34:47.0844 0196 spldr - ok
03:34:47.0891 0196 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
03:34:47.0891 0196 Spooler - ok
03:34:47.0922 0196 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
03:34:47.0954 0196 sppsvc - ok
03:34:47.0969 0196 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
03:34:47.0969 0196 sppuinotify - ok
03:34:48.0016 0196 [ B70FAF0C7C5737AA6973E14B45477730 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
03:34:48.0016 0196 SQLAgent$SQLEXPRESS - ok
03:34:48.0094 0196 [ E9254892A2D74E537BAD3092F0F8EE40 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
03:34:48.0110 0196 SQLBrowser - ok
03:34:48.0110 0196 [ EAD5300C93946B0250A309E2BF2BE4CF ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
03:34:48.0110 0196 SQLWriter - ok
03:34:48.0141 0196 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
03:34:48.0141 0196 srv - ok
03:34:48.0156 0196 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
03:34:48.0156 0196 srv2 - ok
03:34:48.0172 0196 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
03:34:48.0172 0196 srvnet - ok
03:34:48.0203 0196 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
03:34:48.0203 0196 SSDPSRV - ok
03:34:48.0203 0196 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
03:34:48.0203 0196 SstpSvc - ok
03:34:48.0219 0196 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
03:34:48.0219 0196 stexstor - ok
03:34:48.0250 0196 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
03:34:48.0266 0196 stisvc - ok
03:34:48.0281 0196 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
03:34:48.0281 0196 swenum - ok
03:34:48.0297 0196 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
03:34:48.0312 0196 swprv - ok
03:34:48.0344 0196 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
03:34:48.0359 0196 SysMain - ok
03:34:48.0359 0196 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
03:34:48.0359 0196 TabletInputService - ok
03:34:48.0375 0196 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
03:34:48.0375 0196 TapiSrv - ok
03:34:48.0375 0196 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
03:34:48.0390 0196 TBS - ok
03:34:48.0406 0196 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
03:34:48.0422 0196 Tcpip - ok
03:34:48.0437 0196 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
03:34:48.0453 0196 TCPIP6 - ok
03:34:48.0468 0196 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
03:34:48.0468 0196 tcpipreg - ok
03:34:48.0468 0196 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
03:34:48.0468 0196 TDPIPE - ok
03:34:48.0484 0196 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
03:34:48.0484 0196 TDTCP - ok
03:34:48.0500 0196 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
03:34:48.0500 0196 tdx - ok
03:34:48.0656 0196 [ 9C1F776825207C203CB44CA3C63B5A6E ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
03:34:48.0671 0196 TeamViewer7 - ok
03:34:48.0687 0196 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
03:34:48.0687 0196 TermDD - ok
03:34:48.0718 0196 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
03:34:48.0718 0196 TermService - ok
03:34:48.0734 0196 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
03:34:48.0734 0196 Themes - ok
03:34:48.0749 0196 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
03:34:48.0749 0196 THREADORDER - ok
03:34:48.0749 0196 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
03:34:48.0749 0196 TrkWks - ok
03:34:48.0781 0196 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
03:34:48.0781 0196 TrustedInstaller - ok
03:34:48.0812 0196 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
03:34:48.0812 0196 tssecsrv - ok
03:34:48.0827 0196 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
03:34:48.0827 0196 TsUsbFlt - ok
03:34:48.0827 0196 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
03:34:48.0827 0196 TsUsbGD - ok
03:34:48.0859 0196 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
03:34:48.0859 0196 tunnel - ok
03:34:48.0859 0196 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
03:34:48.0859 0196 uagp35 - ok
03:34:48.0874 0196 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
03:34:48.0890 0196 udfs - ok
03:34:48.0890 0196 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
03:34:48.0890 0196 UI0Detect - ok
03:34:48.0921 0196 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
03:34:48.0921 0196 uliagpkx - ok
03:34:48.0937 0196 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
03:34:48.0937 0196 umbus - ok
03:34:48.0937 0196 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
03:34:48.0937 0196 UmPass - ok
03:34:48.0952 0196 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
03:34:48.0968 0196 upnphost - ok
03:34:48.0983 0196 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
03:34:48.0999 0196 usbaudio - ok
03:34:49.0015 0196 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
03:34:49.0015 0196 usbccgp - ok
03:34:49.0030 0196 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
03:34:49.0030 0196 usbcir - ok
03:34:49.0046 0196 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
03:34:49.0046 0196 usbehci - ok
03:34:49.0061 0196 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
03:34:49.0061 0196 usbhub - ok
03:34:49.0077 0196 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
03:34:49.0077 0196 usbohci - ok
03:34:49.0093 0196 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
03:34:49.0093 0196 usbprint - ok
03:34:49.0108 0196 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
03:34:49.0108 0196 usbscan - ok
03:34:49.0124 0196 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:34:49.0124 0196 USBSTOR - ok
03:34:49.0139 0196 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
03:34:49.0139 0196 usbuhci - ok
03:34:49.0139 0196 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
03:34:49.0139 0196 UxSms - ok
03:34:49.0155 0196 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
03:34:49.0155 0196 VaultSvc - ok
03:34:49.0155 0196 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
03:34:49.0155 0196 vdrvroot - ok
03:34:49.0171 0196 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
03:34:49.0186 0196 vds - ok
03:34:49.0202 0196 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
03:34:49.0202 0196 vga - ok
03:34:49.0202 0196 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
03:34:49.0217 0196 VgaSave - ok
03:34:49.0217 0196 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
03:34:49.0217 0196 vhdmp - ok
03:34:49.0233 0196 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
03:34:49.0233 0196 viaide - ok
03:34:49.0264 0196 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
03:34:49.0264 0196 volmgr - ok
03:34:49.0280 0196 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
03:34:49.0280 0196 volmgrx - ok
03:34:49.0280 0196 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
03:34:49.0280 0196 volsnap - ok
03:34:49.0311 0196 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
03:34:49.0311 0196 vsmraid - ok
03:34:49.0342 0196 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
03:34:49.0358 0196 VSS - ok
03:34:49.0373 0196 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
03:34:49.0373 0196 vwifibus - ok
03:34:49.0373 0196 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
03:34:49.0373 0196 vwififlt - ok
03:34:49.0389 0196 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
03:34:49.0389 0196 W32Time - ok
03:34:49.0405 0196 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
03:34:49.0405 0196 WacomPen - ok
03:34:49.0405 0196 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
03:34:49.0405 0196 WANARP - ok
03:34:49.0420 0196 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
03:34:49.0420 0196 Wanarpv6 - ok
03:34:49.0467 0196 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
03:34:49.0483 0196 WatAdminSvc - ok
03:34:49.0498 0196 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
03:34:49.0498 0196 wbengine - ok
03:34:49.0514 0196 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
03:34:49.0514 0196 WbioSrvc - ok
03:34:49.0529 0196 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
03:34:49.0529 0196 wcncsvc - ok
03:34:49.0545 0196 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
03:34:49.0545 0196 WcsPlugInService - ok
03:34:49.0561 0196 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
03:34:49.0561 0196 Wd - ok
03:34:49.0592 0196 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
03:34:49.0592 0196 Wdf01000 - ok
03:34:49.0607 0196 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
03:34:49.0607 0196 WdiServiceHost - ok
03:34:49.0607 0196 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
03:34:49.0607 0196 WdiSystemHost - ok
03:34:49.0623 0196 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
03:34:49.0623 0196 WebClient - ok
03:34:49.0639 0196 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
03:34:49.0639 0196 Wecsvc - ok
03:34:49.0639 0196 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
03:34:49.0639 0196 wercplsupport - ok
03:34:49.0654 0196 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
03:34:49.0654 0196 WerSvc - ok
03:34:49.0670 0196 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
03:34:49.0670 0196 WfpLwf - ok
03:34:49.0685 0196 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
03:34:49.0685 0196 WIMMount - ok
03:34:49.0701 0196 WinDefend - ok
03:34:49.0717 0196 WinHttpAutoProxySvc - ok
03:34:49.0748 0196 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
03:34:49.0763 0196 Winmgmt - ok
03:34:49.0795 0196 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
03:34:49.0810 0196 WinRM - ok
03:34:49.0857 0196 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
03:34:49.0857 0196 WinUSB - ok
03:34:49.0873 0196 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
03:34:49.0888 0196 Wlansvc - ok
03:34:49.0919 0196 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
03:34:49.0919 0196 wlcrasvc - ok
03:34:49.0966 0196 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:34:49.0997 0196 wlidsvc - ok
03:34:50.0013 0196 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
03:34:50.0013 0196 WmiAcpi - ok
03:34:50.0029 0196 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
03:34:50.0044 0196 wmiApSrv - ok
03:34:50.0060 0196 WMPNetworkSvc - ok
03:34:50.0075 0196 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
03:34:50.0075 0196 WPCSvc - ok
03:34:50.0091 0196 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
03:34:50.0091 0196 WPDBusEnum - ok
03:34:50.0091 0196 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
03:34:50.0091 0196 ws2ifsl - ok
03:34:50.0122 0196 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
03:34:50.0122 0196 wscsvc - ok
03:34:50.0122 0196 WSearch - ok
03:34:50.0185 0196 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
03:34:50.0200 0196 wuauserv - ok
03:34:50.0216 0196 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
03:34:50.0216 0196 WudfPf - ok
03:34:50.0231 0196 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
03:34:50.0231 0196 WUDFRd - ok
03:34:50.0247 0196 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
03:34:50.0247 0196 wudfsvc - ok
03:34:50.0247 0196 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
03:34:50.0247 0196 WwanSvc - ok
03:34:50.0294 0196 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
03:34:50.0294 0196 xusb21 - ok
03:34:50.0309 0196 ================ Scan global ===============================
03:34:50.0341 0196 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
03:34:50.0341 0196 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
03:34:50.0356 0196 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
03:34:50.0372 0196 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
03:34:50.0403 0196 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
03:34:50.0403 0196 [Global] - ok
03:34:50.0403 0196 ================ Scan MBR ==================================
03:34:50.0403 0196 [ 3FEAD76F3D20C588DB026FBE08C091B1 ] \Device\Harddisk0\DR0
03:34:50.0684 0196 \Device\Harddisk0\DR0 - ok
03:34:50.0684 0196 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
03:34:50.0684 0196 \Device\Harddisk1\DR1 - ok
03:34:50.0684 0196 ================ Scan VBR ==================================
03:34:50.0684 0196 [ 4D2CD017915DF7E308328F2401EBA190 ] \Device\Harddisk0\DR0\Partition1
03:34:50.0684 0196 \Device\Harddisk0\DR0\Partition1 - ok
03:34:50.0699 0196 [ DD39C45FD3386D0DFFF9E2465B18E469 ] \Device\Harddisk0\DR0\Partition2
03:34:50.0699 0196 \Device\Harddisk0\DR0\Partition2 - ok
03:34:50.0731 0196 [ 56358526786B7D722EB9D2EF909AE09B ] \Device\Harddisk0\DR0\Partition3
03:34:50.0746 0196 \Device\Harddisk0\DR0\Partition3 - ok
03:34:50.0746 0196 [ D238097F83AE717677AE316B85654E81 ] \Device\Harddisk1\DR1\Partition1
03:34:50.0746 0196 \Device\Harddisk1\DR1\Partition1 - ok
03:34:50.0746 0196 ============================================================
03:34:50.0746 0196 Scan finished
03:34:50.0746 0196 ============================================================
03:34:50.0746 4260 Detected object count: 0
03:34:50.0746 4260 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-01 03:36:40
-----------------------------
03:36:40.496 OS Version: Windows x64 6.1.7601 Service Pack 1
03:36:40.496 Number of processors: 8 586 0x2A07
03:36:40.496 ComputerName: CHALENOR-PC UserName: Chalenor
03:36:42.243 Initialize success
03:44:03.944 AVAST engine defs: 12083102
03:44:41.743 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
03:44:41.743 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3
03:44:41.759 Disk 0 MBR read successfully
03:44:41.759 Disk 0 MBR scan
03:44:41.759 Disk 0 unknown MBR code
03:44:41.759 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
03:44:41.774 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942252 MB offset 206848
03:44:41.806 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11515 MB offset 1929938944
03:44:41.852 Disk 0 scanning C:\Windows\system32\drivers
03:44:46.158 Service scanning
03:44:59.059 Modules scanning
03:44:59.059 Disk 0 trace - called modules:
03:44:59.075 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
03:44:59.075 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800960a790]
03:44:59.075 3 CLASSPNP.SYS[fffff88001b8b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80077bf050]
03:45:00.806 AVAST engine scan C:\Windows
03:45:03.443 AVAST engine scan C:\Windows\system32
03:47:03.828 AVAST engine scan C:\Windows\system32\drivers
03:47:10.645 AVAST engine scan C:\Users\Chalenor
03:48:07.305 AVAST engine scan C:\ProgramData
03:48:16.774 Scan finished successfully
03:48:34.776 Disk 0 MBR has been saved successfully to "C:\Users\Chalenor\Desktop\MBR.dat"
03:48:34.776 The log file has been saved successfully to "C:\Users\Chalenor\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:34 AM

Posted 01 September 2012 - 03:02 AM

I want you to run this file and if asked to merge please allow

restart the computer and check updates

Attached Files


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 EchoSRP

EchoSRP
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 01 September 2012 - 03:10 AM

Merged reg file and rebooted. Windows Update is now working properly, I just downloaded the latest Windows Defender update. Nice!

I'm still curious about the temp files that were being downloaded to my computer a while ago.
How was that happening, and how would I know it won't start doing it again tomorrow?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:34 AM

Posted 01 September 2012 - 03:29 AM

Greetings

Most likely caused by the virus that was onboard

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 EchoSRP

EchoSRP
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 01 September 2012 - 12:39 PM

I got some sleep since this site went down last night, apparently. When I got up today, first thing I did was check the folder that was receiving the files. I haven't got anymore since 2:05 am EST.
Windows Update is still working fine.

Was it ComboFix that got rid of the thing that the other programs couldn't, so that my registry keys wouldn't be deleted? It seemed like any other programs never completely solved it.
Thanks!

ComboFix ran with ClearJavaCache:

ComboFix 12-08-31.08 - Chalenor 09/01/2012 13:21:16.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6321 [GMT -4:00]
Running from: c:\users\Chalenor\Desktop\ComboFix.exe
Command switches used :: c:\users\Chalenor\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))
.
.
2012-09-01 17:23 . 2012-09-01 17:23 -------- d-----w- c:\users\MSSQL$SQLEXPRESS\AppData\Local\temp
2012-09-01 17:23 . 2012-09-01 17:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-01 08:05 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A1CDC24-1B37-4319-8318-FE06D73CD303}\mpengine.dll
2012-09-01 06:09 . 2012-09-01 17:24 -------- d-----w- c:\users\Chalenor\AppData\Local\temp
2012-08-31 22:47 . 2012-08-31 22:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-31 22:47 . 2012-08-31 22:47 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-31 22:47 . 2012-08-31 22:47 -------- d-----w- c:\program files (x86)\Java
2012-08-31 14:57 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-08-31 14:57 . 2012-08-31 14:57 -------- d-----w- C:\RegBackup
2012-08-31 07:58 . 2012-08-31 14:59 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-08-31 05:13 . 2012-08-31 05:13 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-08-31 02:03 . 2012-08-03 08:27 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-31 01:26 . 2012-08-31 01:26 -------- d-----w- c:\users\Chalenor\AppData\Roaming\Malwarebytes
2012-08-31 01:26 . 2012-08-31 01:26 -------- d-----w- c:\programdata\Malwarebytes
2012-08-30 23:53 . 2012-08-30 23:53 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-29 05:04 . 2012-08-29 05:04 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-26 05:45 . 2012-08-26 05:45 -------- d-----w- c:\program files (x86)\Cheat Engine 6.2
2012-08-22 18:52 . 2012-08-31 01:47 -------- d-----w- c:\users\Chalenor\AppData\Local\ElevatedDiagnostics
2012-08-21 06:29 . 2012-08-31 04:21 -------- d-----w- c:\users\Chalenor\AppData\Roaming\Ventrilo
2012-08-21 06:28 . 2012-08-21 06:28 -------- d-----w- c:\program files\Ventrilo
2012-08-21 06:28 . 2012-08-21 06:28 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-18 17:53 . 2012-08-18 17:53 -------- d-----w- c:\users\Chalenor\.thumbnails
2012-08-15 17:27 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-13 17:49 . 2012-08-13 17:49 -------- d---a-w- c:\users\Chalenor\.android
2012-08-03 04:17 . 2012-08-03 05:24 -------- d-----w- c:\users\Chalenor\AppData\Roaming\Nodus
2012-08-03 02:35 . 2012-08-03 02:36 -------- d-----w- c:\users\Chalenor\AppData\Roaming\.minecraft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 22:47 . 2012-05-15 05:28 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-31 22:47 . 2012-05-15 05:28 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-14 23:44 . 2012-05-15 06:53 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-14 23:44 . 2012-05-15 06:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-22 05:26 . 2012-05-15 06:00 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2012-07-18 13:51 . 2012-05-15 06:20 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-06-09 05:43 . 2012-07-10 18:37 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-10 18:37 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-10 18:37 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-10 18:37 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-10 18:37 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-10 18:37 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-10 18:37 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-01_06.10.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-09-01 08:05 30458 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-01 08:05 30194 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-05-15 05:09 . 2012-09-01 06:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-15 05:09 . 2012-09-01 17:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-15 05:09 . 2012-09-01 17:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-15 05:09 . 2012-09-01 06:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-15 05:09 . 2012-09-01 08:05 6812 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1409766954-897265469-4161670676-1001_UserData.bin
+ 2012-09-01 17:24 . 2012-09-01 17:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-01 06:10 . 2012-09-01 06:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-01 06:10 . 2012-09-01 06:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-01 17:24 . 2012-09-01 17:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-09-01 03:20 747042 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-01 17:17 747042 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-01 17:17 155848 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-09-01 03:20 155848 c:\windows\system32\perfc009.dat
- 2012-05-15 07:36 . 2012-09-01 05:55 278528 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-15 07:36 . 2012-09-01 06:11 278528 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-09-01 06:09 275836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-01 17:23 275836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-09-01 05:04 . 2012-09-01 05:55 1572864 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-09-01 05:04 . 2012-09-01 06:11 1572864 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-01 05:55 1228800 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-01 06:11 1228800 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-04 20:03 . 2012-09-01 17:23 1775232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-07-04 20:03 . 2012-09-01 06:09 1775232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-05-15 05:07 . 2012-09-01 06:09 52812440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1409766954-897265469-4161670676-1001-12288.dat
+ 2012-05-15 05:07 . 2012-09-01 17:23 52812440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1409766954-897265469-4161670676-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synergy Server"="c:\program files\Synergy\synergys.exe" [2011-06-18 982528]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-04-10 668944]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 ALSysIO;ALSysIO;c:\users\Chalenor\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato\Rappelz\GameGuard\dump_wmimmc.sys [x]
R3 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2011-07-07 18456]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-07-22 121416]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-29 114144]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-15 1255736]
R4 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys [2012-02-11 334936]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2012-02-11 597080]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-15 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-24 2735528]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-11-05 1041760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 23:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Chalenor\AppData\Roaming\Mozilla\Firefox\Profiles\3m4wapav.default\
FF - user.js: general.useragent.extra.brc -
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\fraps\fraps.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Completion time: 2012-09-01 13:26:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-01 17:26
.
Pre-Run: 920,736,849,920 bytes free
Post-Run: 920,743,804,928 bytes free
.
- - End Of File - - 25A7DE6C5F0DB45394656DF94BDF5A46

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:34 AM

Posted 01 September 2012 - 12:54 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 EchoSRP

EchoSRP
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 01 September 2012 - 03:31 PM

The computer is still functioning as it was before the problems occurred.
ccleaner didn't delete anything in the temp directory where I was receiving the files though: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
So I deleted them myself. Nothing new was in that folder since the problem with Windows Update was fixed, still.


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.01.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Chalenor :: CHALENOR-PC [administrator]

9/1/2012 4:16:29 PM
mbam-log-2012-09-01 (16-16-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216560
Time elapsed: 1 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:20:36 PM, on 9/1/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Fraps\fraps.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Chalenor\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Synergy Server] "C:\Program Files\Synergy\synergys.exe" --no-daemon --debug WARNING --name 192.168.50.12 --address :24800
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'MSSQL$SQLEXPRESS')
O4 - HKUS\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'MSSQL$SQLEXPRESS')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8483 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:34 AM

Posted 01 September 2012 - 03:33 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Synergy Server] "C:\Program Files\Synergy\synergys.exe" --no-daemon --debug WARNING --name 192.168.50.12 --address :24800
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
      O4 - HKUS\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'MSSQL$SQLEXPRESS')
      O4 - HKUS\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'MSSQL$SQLEXPRESS')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 EchoSRP

EchoSRP
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 01 September 2012 - 04:40 PM

I took out the entries I didn't care for in HiJack this.
Eset detected things with the following log:

C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-18\$a20c8ad339a97e9dda1c833647729732\n.vir Win64/Sirefef.AP trojan
C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-18\$a20c8ad339a97e9dda1c833647729732\U\80000000.@.vir Win64/Sirefef.AL trojan
C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-18\$a20c8ad339a97e9dda1c833647729732\U\800000cb.@.vir Win64/Sirefef.AH trojan
C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-21-1409766954-897265469-4161670676-1001\$a20c8ad339a97e9dda1c833647729732\n.vir Win64/Sirefef.AP trojan
J:\PC backup Files\FreeMp3WmaOggConverter.exe Win32/Adware.OneStep application

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:34 AM

Posted 01 September 2012 - 05:52 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "J:\PC backup Files\FreeMp3WmaOggConverter.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 EchoSRP

EchoSRP
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 02 September 2012 - 12:42 PM

The files/programs were deleted without any problems. Everything seems fine for the moment.
I'll send you a pm if anything turns back up again.

Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users