Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Antivirus 2012 (?)


  • This topic is locked This topic is locked
14 replies to this topic

#1 ganaffe

ganaffe

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 03 September 2012 - 03:45 AM

Hi,

Before anything else: thanks a lot for any help that you can provide. It is appreciated!

I'm on a Win7 laptop, with F-Secure for protection (antivirus, firewall, etc.). I use CCleaner now and then to get rid of the most obvious cluster etc. There is three things why I'm worried about an infection:

1. While browsing (Firefox), sometimes the browser opens up a new tab which turns grey, showing a popup with a message like: "Windows Antivirus 2012 has found a critical process on your PC and will perform fast scan of system files". The popup comes with on button prompting me to scan me system. I think i never did (although I'm not sure). I usually just close the browser when the grey tab with the popup turns up.
2. I often take this laptop to work and attach it to the network there. A few days ago I got a message from the IT department that my "system was transmitting a virus warning" and that I had to check it. I think this is a bit cryptic, but they must have had some reason to send me this message.
3. Lately my laptop sometimes hangs on shutdown, telling me that I have to wait for a program to close. It offers me the option to force a shutdown, which I never do. After 10 seconds or so, it shuts down by itself. Usually I wouldn't worry about this too much, but seeing the other two problems turning up, I thought it would be good to mention it.

I did a scan with F-Secure, which turned up clean. Then installed and updated MBAM. The quick scan turned up clean. I even did a full scan in safe mode, which also turned up clean, so I'm a bit confused now.

Any advice is welcome!
All the best,
Ganaffe.




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Jannes Eshuis at 10:26:34 on 2012-09-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.2991.1294 [GMT 2:00]
.
AV: Computer Security *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Computer Security *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Computer Security *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\F-Secure\fshoster32.exe
C:\Program Files\F-Secure\apps\CCF_Reputation\fsorsp.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\F-Secure\apps\ComputerSecurity\FWES\Program\fsdfwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files\F-Secure\fshoster32.exe
C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Users\Jannes Eshuis\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\f-secure\apps\onlinesafety\bpp\iescript\BaseLitmus.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\f-secure\apps\onlinesafety\bpp\iescript\BaseLitmus.dll
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [QLBController] c:\program files\hewlett-packard\hp hotkey support\QLBController.exe /start
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [F-Secure Hoster (54599)] "c:\program files\f-secure\fshoster32.exe" -app -hosterid:1
mRun: [F-Secure Manager] "c:\program files\f-secure\apps\computersecurity\common\FSM32.EXE" /splash
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\jannes~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jannes eshuis\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 145.20.33.73 145.20.33.74
TCP: Interfaces\{725B4ACC-53AF-41A2-82C3-09948D1D5EC9} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{725B4ACC-53AF-41A2-82C3-09948D1D5EC9}\3596475636F6D6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{725B4ACC-53AF-41A2-82C3-09948D1D5EC9}\46167737F6E6 : DhcpNameServer = 10.149.0.21 10.149.0.20
TCP: Interfaces\{725B4ACC-53AF-41A2-82C3-09948D1D5EC9}\F657D2D6564656775627B65627 : DhcpNameServer = 145.20.33.73 145.20.33.74
TCP: Interfaces\{FE9FB229-36B7-41BB-961C-38553EDA5EDD} : DhcpNameServer = 145.20.33.73 145.20.33.74
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jannes eshuis\appdata\roaming\mozilla\firefox\profiles\7h2qd1io.default\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\nitro pdf\reader\npdf.dll
FF - plugin: c:\program files\nitro pdf\reader\npnitroie.dll
FF - plugin: c:\program files\nitro pdf\reader\npnitromozilla.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2012-6-29 44240]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\f-secure\apps\computersecurity\hips\drivers\fshs.sys [2012-6-29 72976]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2012-6-29 38024]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-6-29 73640]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\f-secure\apps\computersecurity\anti-virus\minifilter\fsvista.sys [2012-6-29 14504]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-3-3 81920]
R2 fshoster;F-Secure Dll Hoster;c:\program files\f-secure\fshoster32.exe [2012-6-21 163536]
R2 FSORSPClient;F-Secure ORSP Client;c:\program files\f-secure\apps\ccf_reputation\fsorsp.exe [2012-3-15 62160]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-9-27 92216]
R2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\hewlett-packard\hp hotkey support\hpHotkeyMonitor.exe [2010-10-1 280120]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService2.exe [2012-6-25 184848]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2011-3-3 48640]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2011-3-3 47616]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2011-3-3 38912]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-1-23 92592]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-3-3 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-2-18 1664304]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-3-3 29472]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-3-3 224424]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\apps\computersecurity\anti-virus\minifilter\fsgk.sys [2012-6-29 144592]
R3 fsccsys1343167236;F-Secure Content Control Driver;c:\windows\system32\drivers\fsccsys.sys [2012-7-25 52280]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-26 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-6-21 246272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-2-16 80824]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 114144]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PL-40R;CASIO USB MIDI;c:\windows\system32\drivers\pl40rwdm.sys [2004-10-1 18048]
S3 RDID1061;UA-4FX;c:\windows\system32\drivers\Rdwm1061.sys [2011-10-17 147200]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-2-16 181432]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-3 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-3 1343400]
.
=============== Created Last 30 ================
.
2012-09-02 05:13:13 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 14:37:54 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-31 07:33:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 07:33:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-31 06:34:20 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-31 06:32:58 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-08-31 06:32:57 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-08-31 06:32:55 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-31 06:32:53 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-08-31 06:32:38 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-08-31 06:32:37 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-08-31 06:32:37 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-08-31 06:27:36 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-08-31 06:27:35 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-08-31 06:24:14 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-08-31 06:24:01 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-08-31 06:23:54 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-08-31 06:23:54 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-29 14:05:42 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
.
==================== Find3M ====================
.
2012-09-02 05:13:08 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-02 05:13:08 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-02 05:07:50 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-02 05:07:50 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 13:07:14 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
2012-07-02 15:57:08 52280 ----a-w- c:\windows\system32\drivers\fsccsys.sys
2012-06-28 11:56:04 18048 ----a-w- c:\windows\system32\drivers\pl40rwdm.sys
2012-06-25 12:58:44 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-06-25 12:58:42 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-06-06 06:49:52 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
.
============= FINISH: 10:26:51,75 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 PM

Posted 03 September 2012 - 09:32 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ganaffe

ganaffe
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 03 September 2012 - 10:58 AM

Hey Gringo,

Thank you so much for the very quick response.

A warning up front. The IT guys at my work forced me to do their viruscheck. I told them I had posted here and wanted to wait for your instruction, but they wouldn't listen (they are not exactly the brightest bunch of IT 'specialists', although they seem to think so). Luckily I could talk them out of a complete reinstall, because that is what they really wanted to do...

Anyways, this means that, since my previous post, they did a Kaspersky check from CD. Hope this doesn't interfere with you helping me. On the bright side: they didn't find anything (but I don't know how old their Kaspersky disc is).

Otherwise nothing has changed. I didn't notice any change in behavior. The laptop still hangs a bit when shutting down. I haven't encountered any additional popups, but I have hardly been browsing today.

I did a complete back up and followed your instructions.

You'll find the log files below. I'm a bit surprised that my Java is out of date, because I thought I updated last week... but apparently I'm wrong.

Thanks again for your help!
Ganaffe.


====== Security Check Log ======


Results of screen317's Security Check version 0.99.49
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Computer Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Duplicate Cleaner 2.0.4b
JavaFX 2.1.1
Java™ 6 Update 31
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 9 Flash Player out of Date!
Adobe Flash Player 11.4.402.265
Adobe Reader X 10.1.0 Adobe Reader out of Date!
Mozilla Firefox (15.0)
````````Process Check: objlist.exe by Laurent````````
F-Secure apps ComputerSecurity Anti-Virus\FSGK32.EXE
F-Secure apps ComputerSecurity Anti-Virus\fssm32.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````



====== ComboFix Log ======

ComboFix 12-09-03.06 - Jannes Eshuis 03-09-2012 17:28:32.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.2991.1923 [GMT 2:00]
Gestart vanuit: c:\users\Jannes Eshuis\Desktop\ComboFix.exe
AV: Computer Security *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Computer Security *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Computer Security *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jannes Eshuis\AppData\Local\assembly\tmp
c:\users\Jannes Eshuis\AppData\Local\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll
c:\users\JANNES~1\AppData\Local\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll
c:\windows\Fonts\kixbrg__.ttf
c:\windows\IsUn0413.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-08-03 to 2012-09-03 ))))))))))))))))))))))))))))))
.
.
2012-09-03 15:33 . 2012-09-03 15:34 -------- d-----w- c:\users\Jannes Eshuis\AppData\Local\temp
2012-09-03 14:32 . 2012-09-03 16:53 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-09-02 05:13 . 2012-09-02 05:13 -------- d-----w- c:\program files\Common Files\Java
2012-09-02 05:13 . 2012-09-02 05:13 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 14:38 . 2012-08-31 14:38 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-08-31 14:37 . 2012-07-06 19:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-31 07:33 . 2012-08-31 07:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-31 07:33 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 06:34 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-31 06:32 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-08-31 06:32 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-08-31 06:32 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-31 06:32 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-08-31 06:32 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-08-31 06:32 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-08-31 06:32 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-08-31 06:27 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-08-31 06:27 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-08-31 06:24 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-31 06:24 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-08-31 06:24 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-31 06:24 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-08-31 06:24 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-08-31 06:24 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-08-31 06:24 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-08-31 06:23 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-31 06:23 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-08-29 14:05 . 2012-08-29 14:05 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-02 05:13 . 2012-06-27 07:25 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-02 05:13 . 2011-04-18 07:47 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-02 05:07 . 2012-04-05 07:22 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-02 05:07 . 2011-05-23 07:25 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 13:07 . 2012-06-29 07:41 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-07-18 02:11 . 2011-06-01 22:40 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-07-02 15:57 . 2012-07-24 22:00 52280 ----a-w- c:\windows\system32\drivers\fsccsys.sys
2012-06-28 11:56 . 2004-10-01 14:08 18048 ----a-w- c:\windows\system32\drivers\pl40rwdm.sys
2012-06-25 12:58 . 2012-07-11 10:26 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-06-25 12:58 . 2012-07-11 10:26 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-06-13 07:29 . 2011-06-01 22:40 856712 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-06 06:49 . 2012-06-06 06:49 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-08-29 14:05 . 2011-05-02 07:42 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 12:01 . 2011-03-13 19:56 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jannes Eshuis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jannes Eshuis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jannes Eshuis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-02-22 943504]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-02-22 3508624]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-27 21416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-07 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-19 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-19 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-19 170520]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-03-03 111640]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-10-01 256056]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"F-Secure Hoster (54599)"="c:\program files\F-Secure\fshoster32.exe" [2012-06-21 163536]
"F-Secure Manager"="c:\program files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" [2012-03-15 311976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Jannes Eshuis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jannes Eshuis\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 795936]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2011-3-14 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-01-23 04:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 PL-40R;CASIO USB MIDI;c:\windows\system32\Drivers\pl40rwdm.sys [x]
R3 RDID1061;UA-4FX;c:\windows\system32\Drivers\rdwm1061.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [x]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [x]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 fshoster;F-Secure Dll Hoster;c:\program files\F-Secure\fshoster32.exe [x]
S2 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\apps\CCF_Reputation\fsorsp.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [x]
S3 fsccsys1343167236;F-Secure Content Control Driver;c:\windows\System32\drivers\fsccsys.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 145.20.33.73 145.20.33.74
FF - ProfilePath - c:\users\Jannes Eshuis\AppData\Roaming\Mozilla\Firefox\Profiles\7h2qd1io.default\
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-Van Dale Grote woordenboeken Engels - c:\windows\ISUN0413.EXE
AddRemove-vdegwn.exe - c:\windows\ISUN0413.EXE
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-26_VIA_driver2 - c:\program files\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fshoster]
"ImagePath"="\"c:\program files\F-Secure\fshoster32.exe\" -hosterid:0"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(1504)
c:\users\Jannes Eshuis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\F-Secure\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\taskhost.exe
c:\program files\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\conhost.exe
c:\program files\F-Secure\apps\ComputerSecurity\FWES\Program\fsdfwd.exe
c:\program files\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Voltooingstijd: 2012-09-03 17:39:36 - machine werd herstart
ComboFix-quarantined-files.txt 2012-09-03 15:39
.
Pre-Run: 2.235.228.160 bytes free
Post-Run: 2.010.577.920 bytes free
.
- - End Of File - - 0EE424F9C96BCAD8A3CD53101BB44DE7

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 PM

Posted 03 September 2012 - 11:12 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ganaffe

ganaffe
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 03 September 2012 - 12:30 PM

Hey Gringo,

Somehow Firefox didn't allow me to download both programs, clicking the links just opened a new tab, which then remained blank with the path to the .exe files in the address bar. This surprised me, because until this afternoon I had no problem with downloading .exe files.

With IE I had no problem downloading the files, although F-Secure gave me a frightening warning about both links being categorized as a security threat.

Otherwise no changes.

Here are the log files.


====== TDSS Log ======


18:30:17.0021 5856 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:30:18.0238 5856 ============================================================
18:30:18.0238 5856 Current date / time: 2012/09/03 18:30:18.0238
18:30:18.0238 5856 SystemInfo:
18:30:18.0238 5856
18:30:18.0238 5856 OS Version: 6.1.7601 ServicePack: 1.0
18:30:18.0238 5856 Product type: Workstation
18:30:18.0238 5856 ComputerName: ESH
18:30:18.0238 5856 UserName: Jannes Eshuis
18:30:18.0238 5856 Windows directory: C:\Windows
18:30:18.0238 5856 System windows directory: C:\Windows
18:30:18.0238 5856 Processor architecture: Intel x86
18:30:18.0238 5856 Number of processors: 4
18:30:18.0238 5856 Page size: 0x1000
18:30:18.0238 5856 Boot type: Normal boot
18:30:18.0238 5856 ============================================================
18:30:18.0847 5856 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:30:18.0847 5856 ============================================================
18:30:18.0847 5856 \Device\Harddisk0\DR0:
18:30:18.0847 5856 MBR partitions:
18:30:18.0847 5856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6400172
18:30:18.0847 5856 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6400800, BlocksNum 0x1EC29800
18:30:18.0847 5856 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x2502A000, BlocksNum 0x400000
18:30:18.0847 5856 ============================================================
18:30:18.0862 5856 C: <-> \Device\Harddisk0\DR0\Partition1
18:30:18.0893 5856 E: <-> \Device\Harddisk0\DR0\Partition3
18:30:18.0925 5856 D: <-> \Device\Harddisk0\DR0\Partition2
18:30:18.0925 5856 ============================================================
18:30:18.0925 5856 Initialize success
18:30:18.0925 5856 ============================================================
18:30:27.0442 4804 ============================================================
18:30:27.0442 4804 Scan started
18:30:27.0442 4804 Mode: Manual;
18:30:27.0442 4804 ============================================================
18:30:27.0848 4804 ================ Scan system memory ========================
18:30:27.0848 4804 System memory - ok
18:30:27.0848 4804 ================ Scan services =============================
18:30:28.0019 4804 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:30:28.0019 4804 1394ohci - ok
18:30:28.0066 4804 [ 465B6BAABA53A628F7252846D0E900EE ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
18:30:28.0066 4804 Accelerometer - ok
18:30:28.0113 4804 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:30:28.0113 4804 ACPI - ok
18:30:28.0160 4804 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:30:28.0160 4804 AcpiPmi - ok
18:30:28.0285 4804 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:30:28.0285 4804 AdobeARMservice - ok
18:30:28.0331 4804 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:30:28.0347 4804 adp94xx - ok
18:30:28.0347 4804 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:30:28.0363 4804 adpahci - ok
18:30:28.0378 4804 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:30:28.0378 4804 adpu320 - ok
18:30:28.0425 4804 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:30:28.0425 4804 AeLookupSvc - ok
18:30:28.0472 4804 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Program Files\IDT\WDM\aestsrv.exe
18:30:28.0472 4804 AESTFilters - ok
18:30:28.0534 4804 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
18:30:28.0534 4804 AFD - ok
18:30:28.0597 4804 [ 6416F9B6B220F0A890525C38235AFAD7 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
18:30:28.0597 4804 AgereModemAudio - ok
18:30:28.0628 4804 [ 7560F465F1CE69C53BF17559EE195548 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
18:30:28.0643 4804 AgereSoftModem - ok
18:30:28.0675 4804 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
18:30:28.0675 4804 agp440 - ok
18:30:28.0737 4804 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
18:30:28.0737 4804 aic78xx - ok
18:30:28.0768 4804 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
18:30:28.0784 4804 ALG - ok
18:30:28.0799 4804 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
18:30:28.0815 4804 aliide - ok
18:30:28.0846 4804 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:30:28.0846 4804 amdagp - ok
18:30:28.0862 4804 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
18:30:28.0862 4804 amdide - ok
18:30:28.0893 4804 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:30:28.0893 4804 AmdK8 - ok
18:30:28.0909 4804 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:30:28.0909 4804 AmdPPM - ok
18:30:28.0940 4804 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:30:28.0940 4804 amdsata - ok
18:30:28.0955 4804 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:30:28.0955 4804 amdsbs - ok
18:30:28.0971 4804 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:30:28.0971 4804 amdxata - ok
18:30:29.0018 4804 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
18:30:29.0018 4804 AppID - ok
18:30:29.0049 4804 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:30:29.0049 4804 AppIDSvc - ok
18:30:29.0080 4804 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
18:30:29.0080 4804 Appinfo - ok
18:30:29.0127 4804 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
18:30:29.0143 4804 AppMgmt - ok
18:30:29.0174 4804 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
18:30:29.0189 4804 arc - ok
18:30:29.0189 4804 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:30:29.0205 4804 arcsas - ok
18:30:29.0221 4804 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:30:29.0221 4804 AsyncMac - ok
18:30:29.0252 4804 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
18:30:29.0252 4804 atapi - ok
18:30:29.0299 4804 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:30:29.0314 4804 AudioEndpointBuilder - ok
18:30:29.0314 4804 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:30:29.0314 4804 Audiosrv - ok
18:30:29.0361 4804 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:30:29.0361 4804 AxInstSV - ok
18:30:29.0408 4804 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
18:30:29.0423 4804 b06bdrv - ok
18:30:29.0455 4804 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:30:29.0455 4804 b57nd60x - ok
18:30:29.0907 4804 [ 36A47E6AB1F0967C97722183E21ADB1A ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
18:30:29.0954 4804 BCM43XX - ok
18:30:29.0985 4804 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
18:30:30.0001 4804 BDESVC - ok
18:30:30.0032 4804 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
18:30:30.0032 4804 Beep - ok
18:30:30.0079 4804 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
18:30:30.0079 4804 BFE - ok
18:30:30.0125 4804 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
18:30:30.0141 4804 BITS - ok
18:30:30.0157 4804 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:30:30.0157 4804 blbdrive - ok
18:30:30.0219 4804 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:30:30.0219 4804 Bonjour Service - ok
18:30:30.0250 4804 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:30:30.0250 4804 bowser - ok
18:30:30.0266 4804 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:30:30.0266 4804 BrFiltLo - ok
18:30:30.0281 4804 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:30:30.0281 4804 BrFiltUp - ok
18:30:30.0313 4804 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:30:30.0313 4804 BridgeMP - ok
18:30:30.0344 4804 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
18:30:30.0344 4804 Browser - ok
18:30:30.0359 4804 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:30:30.0359 4804 Brserid - ok
18:30:30.0391 4804 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:30:30.0406 4804 BrSerWdm - ok
18:30:30.0406 4804 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:30:30.0406 4804 BrUsbMdm - ok
18:30:30.0422 4804 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:30:30.0422 4804 BrUsbSer - ok
18:30:30.0469 4804 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
18:30:30.0469 4804 BthEnum - ok
18:30:30.0484 4804 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:30:30.0484 4804 BTHMODEM - ok
18:30:30.0515 4804 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:30:30.0531 4804 BthPan - ok
18:30:30.0562 4804 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
18:30:30.0562 4804 BTHPORT - ok
18:30:30.0609 4804 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
18:30:30.0609 4804 bthserv - ok
18:30:30.0625 4804 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
18:30:30.0625 4804 BTHUSB - ok
18:30:30.0671 4804 [ 7E826BE3B3558208D5C9B00034E51BE5 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
18:30:30.0671 4804 btwaudio - ok
18:30:30.0687 4804 [ AF9148C3E844131AC954CB53FF43D971 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
18:30:30.0687 4804 btwavdt - ok
18:30:30.0749 4804 [ E2ACED92A998E339DC5964C94E3DDB55 ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
18:30:30.0749 4804 btwdins - ok
18:30:30.0796 4804 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
18:30:30.0796 4804 btwl2cap - ok
18:30:30.0796 4804 [ 480B3D195854B2E55299CDDDDC50BCF9 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
18:30:30.0796 4804 btwrchid - ok
18:30:30.0843 4804 catchme - ok
18:30:30.0874 4804 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:30:30.0874 4804 cdfs - ok
18:30:30.0921 4804 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:30:30.0937 4804 cdrom - ok
18:30:30.0983 4804 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
18:30:30.0983 4804 CertPropSvc - ok
18:30:31.0015 4804 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:30:31.0015 4804 circlass - ok
18:30:31.0046 4804 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
18:30:31.0061 4804 CLFS - ok
18:30:31.0155 4804 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:30:31.0155 4804 clr_optimization_v2.0.50727_32 - ok
18:30:31.0233 4804 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:30:31.0233 4804 clr_optimization_v4.0.30319_32 - ok
18:30:31.0249 4804 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:30:31.0249 4804 CmBatt - ok
18:30:31.0280 4804 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:30:31.0280 4804 cmdide - ok
18:30:31.0327 4804 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
18:30:31.0327 4804 CNG - ok
18:30:31.0342 4804 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:30:31.0358 4804 Compbatt - ok
18:30:31.0389 4804 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:30:31.0389 4804 CompositeBus - ok
18:30:31.0389 4804 COMSysApp - ok
18:30:31.0420 4804 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:30:31.0420 4804 crcdisk - ok
18:30:31.0467 4804 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:30:31.0467 4804 CryptSvc - ok
18:30:31.0498 4804 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
18:30:31.0514 4804 CSC - ok
18:30:31.0545 4804 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
18:30:31.0545 4804 CscService - ok
18:30:31.0576 4804 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
18:30:31.0576 4804 CVirtA - ok
18:30:31.0639 4804 [ 08D8FA119F2AD6AC0377FB667523482E ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
18:30:31.0670 4804 CVPND - ok
18:30:31.0701 4804 [ 1C2999966F0F36AA44EAECBEE70CF770 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
18:30:31.0732 4804 CVPNDRVA - ok
18:30:31.0748 4804 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
18:30:31.0763 4804 DcomLaunch - ok
18:30:31.0795 4804 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:30:31.0795 4804 defragsvc - ok
18:30:31.0826 4804 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:30:31.0826 4804 DfsC - ok
18:30:31.0873 4804 [ 73FC5BC52572084EC1241514CF6230A0 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
18:30:31.0888 4804 dg_ssudbus - ok
18:30:31.0935 4804 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:30:31.0951 4804 Dhcp - ok
18:30:31.0966 4804 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
18:30:31.0966 4804 discache - ok
18:30:31.0997 4804 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:30:31.0997 4804 Disk - ok
18:30:32.0044 4804 [ 7B4FDFBE97C047175E613AA96F3DE987 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
18:30:32.0044 4804 DNE - ok
18:30:32.0075 4804 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:30:32.0091 4804 Dnscache - ok
18:30:32.0122 4804 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
18:30:32.0122 4804 dot3svc - ok
18:30:32.0153 4804 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
18:30:32.0169 4804 DPS - ok
18:30:32.0200 4804 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:30:32.0200 4804 drmkaud - ok
18:30:32.0231 4804 [ E6B6DD5A355C432045219FAD8512FB70 ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
18:30:32.0231 4804 dsNcAdpt - ok
18:30:32.0341 4804 [ 299172F56F1ADA804473A3A523FFD84E ] dsNcService C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
18:30:32.0356 4804 dsNcService - ok
18:30:32.0403 4804 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:30:32.0419 4804 DXGKrnl - ok
18:30:32.0450 4804 [ 19E30C3C80D8CE29944B3F30FF9C8B76 ] e1kexpress C:\Windows\system32\DRIVERS\e1k6232.sys
18:30:32.0450 4804 e1kexpress - ok
18:30:32.0497 4804 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
18:30:32.0497 4804 EapHost - ok
18:30:32.0543 4804 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
18:30:32.0590 4804 ebdrv - ok
18:30:32.0621 4804 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
18:30:32.0621 4804 EFS - ok
18:30:32.0684 4804 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:30:32.0699 4804 ehRecvr - ok
18:30:32.0746 4804 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
18:30:32.0746 4804 ehSched - ok
18:30:32.0777 4804 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:30:32.0793 4804 elxstor - ok
18:30:32.0824 4804 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:30:32.0824 4804 ErrDev - ok
18:30:32.0855 4804 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
18:30:32.0871 4804 EventSystem - ok
18:30:32.0887 4804 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
18:30:32.0887 4804 exfat - ok
18:30:33.0074 4804 [ DC2FFA1CE9841C12DBC038B24FF17FF0 ] F-Secure Gatekeeper C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys
18:30:33.0074 4804 F-Secure Gatekeeper - ok
18:30:33.0136 4804 [ 7C93D27D27D3AEA2FD9E6E46ABC4766E ] F-Secure HIPS C:\Program Files\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys
18:30:33.0136 4804 F-Secure HIPS - ok
18:30:33.0167 4804 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:30:33.0167 4804 fastfat - ok
18:30:33.0214 4804 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
18:30:33.0214 4804 Fax - ok
18:30:33.0230 4804 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:30:33.0230 4804 fdc - ok
18:30:33.0230 4804 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
18:30:33.0245 4804 fdPHost - ok
18:30:33.0245 4804 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
18:30:33.0245 4804 FDResPub - ok
18:30:33.0245 4804 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:30:33.0261 4804 FileInfo - ok
18:30:33.0261 4804 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:30:33.0261 4804 Filetrace - ok
18:30:33.0339 4804 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:30:33.0355 4804 FLEXnet Licensing Service - ok
18:30:33.0355 4804 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:30:33.0355 4804 flpydisk - ok
18:30:33.0386 4804 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:30:33.0386 4804 FltMgr - ok
18:30:33.0417 4804 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
18:30:33.0433 4804 FontCache - ok
18:30:33.0495 4804 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:30:33.0495 4804 FontCache3.0.0.0 - ok
18:30:33.0526 4804 [ 18DA737DD5122A475DA4948ED4643675 ] fsbts C:\Windows\system32\Drivers\fsbts.sys
18:30:33.0542 4804 fsbts - ok
18:30:33.0620 4804 [ 2261F3BF4AFBEAE176B2818B2CEB31FB ] fsccsys1343167236 C:\Windows\System32\drivers\fsccsys.sys
18:30:33.0620 4804 fsccsys1343167236 - ok
18:30:33.0635 4804 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:30:33.0635 4804 FsDepends - ok
18:30:33.0729 4804 [ EE0D13C7CF71E9AD2BC18C5932573D1B ] FSDFWD C:\Program Files\F-Secure\apps\ComputerSecurity\FWES\Program\fsdfwd.exe
18:30:33.0729 4804 FSDFWD - ok
18:30:33.0760 4804 [ A87006C1C4015CE286E4DE7D6F8B5B0C ] FSES C:\Windows\system32\drivers\fses.sys
18:30:33.0760 4804 FSES - ok
18:30:33.0776 4804 [ A272D270CEF837FB95D963D4671C5603 ] FSFW C:\Windows\system32\drivers\fsdfw.sys
18:30:33.0776 4804 FSFW - ok
18:30:33.0838 4804 [ 17BE4BAEC3D4FE887BC5F446FEF4FD97 ] fshoster C:\Program Files\F-Secure\fshoster32.exe
18:30:33.0854 4804 fshoster - ok
18:30:33.0901 4804 [ C2251C602EDFC49E71D13D660AB7F625 ] FSMA C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
18:30:33.0916 4804 FSMA - ok
18:30:33.0979 4804 [ B50C3AD8A850FA494D87AF943C011F2F ] FSORSPClient C:\Program Files\F-Secure\apps\CCF_Reputation\fsorsp.exe
18:30:33.0979 4804 FSORSPClient - ok
18:30:34.0010 4804 [ F95FFCF662786DAE8B79F0BA32FA8ADD ] fsvista C:\Program Files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
18:30:34.0010 4804 fsvista - ok
18:30:34.0025 4804 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:30:34.0041 4804 Fs_Rec - ok
18:30:34.0057 4804 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:30:34.0072 4804 fvevol - ok
18:30:34.0103 4804 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:30:34.0103 4804 gagp30kx - ok
18:30:34.0150 4804 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
18:30:34.0150 4804 gpsvc - ok
18:30:34.0181 4804 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:30:34.0181 4804 hcw85cir - ok
18:30:34.0228 4804 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:30:34.0244 4804 HdAudAddService - ok
18:30:34.0259 4804 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:30:34.0259 4804 HDAudBus - ok
18:30:34.0306 4804 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
18:30:34.0306 4804 HECI - ok
18:30:34.0322 4804 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:30:34.0322 4804 HidBatt - ok
18:30:34.0337 4804 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:30:34.0337 4804 HidBth - ok
18:30:34.0353 4804 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:30:34.0353 4804 HidIr - ok
18:30:34.0369 4804 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
18:30:34.0384 4804 hidserv - ok
18:30:34.0415 4804 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:30:34.0415 4804 HidUsb - ok
18:30:34.0462 4804 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:30:34.0462 4804 hkmsvc - ok
18:30:34.0493 4804 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:30:34.0493 4804 HomeGroupListener - ok
18:30:34.0525 4804 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:30:34.0525 4804 HomeGroupProvider - ok
18:30:34.0587 4804 [ 68EBC244E60795C9C11F30963A39A35E ] HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
18:30:34.0587 4804 HPDrvMntSvc.exe - ok
18:30:34.0603 4804 [ D5C35E6416A379C445CDA826B9FE452F ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
18:30:34.0618 4804 hpdskflt - ok
18:30:34.0649 4804 [ 120C1CEB5E45DB0A04416242BD6C1E3E ] hpHotkeyMonitor C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
18:30:34.0665 4804 hpHotkeyMonitor - ok
18:30:34.0681 4804 [ EE9F88368739554DCCA142AE0214BCB1 ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:30:34.0681 4804 HpqKbFiltr - ok
18:30:34.0712 4804 [ 615586C9A6D065D1FBA098168D1748B4 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
18:30:34.0712 4804 hpqwmiex - ok
18:30:34.0759 4804 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:30:34.0774 4804 HpSAMD - ok
18:30:34.0774 4804 [ 00DC55481FAD2841284ED09E7D69CD11 ] hpsrv C:\Windows\system32\Hpservice.exe
18:30:34.0774 4804 hpsrv - ok
18:30:34.0821 4804 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:30:34.0821 4804 HTTP - ok
18:30:34.0852 4804 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:30:34.0852 4804 hwpolicy - ok
18:30:34.0899 4804 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:30:34.0899 4804 i8042prt - ok
18:30:34.0993 4804 [ D782F0C741EE2D50AC8D38774597FB2B ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:30:34.0993 4804 IAANTMON - ok
18:30:35.0024 4804 [ D9D3F168A2FD4C2380D98821A3FF3357 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:30:35.0024 4804 iaStor - ok
18:30:35.0071 4804 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:30:35.0071 4804 iaStorV - ok
18:30:35.0149 4804 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:30:35.0164 4804 idsvc - ok
18:30:35.0305 4804 [ DB7413CF09D74231720F78737DCF4188 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:30:35.0461 4804 igfx - ok
18:30:35.0523 4804 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:30:35.0523 4804 iirsp - ok
18:30:35.0554 4804 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
18:30:35.0570 4804 IKEEXT - ok
18:30:35.0617 4804 [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
18:30:35.0617 4804 Impcd - ok
18:30:35.0663 4804 [ AF6D1E38BCE11DABA4C01D6A6DE94410 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
18:30:35.0663 4804 IntcDAud - ok
18:30:35.0679 4804 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
18:30:35.0679 4804 intelide - ok
18:30:35.0695 4804 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:30:35.0695 4804 intelppm - ok
18:30:35.0726 4804 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:30:35.0726 4804 IPBusEnum - ok
18:30:35.0741 4804 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:30:35.0741 4804 IpFilterDriver - ok
18:30:35.0788 4804 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:30:35.0804 4804 iphlpsvc - ok
18:30:35.0835 4804 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:30:35.0835 4804 IPMIDRV - ok
18:30:35.0851 4804 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:30:35.0851 4804 IPNAT - ok
18:30:35.0866 4804 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:30:35.0882 4804 IRENUM - ok
18:30:35.0882 4804 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:30:35.0897 4804 isapnp - ok
18:30:35.0929 4804 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:30:35.0929 4804 iScsiPrt - ok
18:30:35.0960 4804 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:30:35.0960 4804 kbdclass - ok
18:30:35.0975 4804 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:30:35.0991 4804 kbdhid - ok
18:30:35.0991 4804 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
18:30:35.0991 4804 KeyIso - ok
18:30:36.0022 4804 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:30:36.0022 4804 KSecDD - ok
18:30:36.0022 4804 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:30:36.0038 4804 KSecPkg - ok
18:30:36.0069 4804 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
18:30:36.0069 4804 KtmRm - ok
18:30:36.0085 4804 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
18:30:36.0085 4804 LanmanServer - ok
18:30:36.0100 4804 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:30:36.0100 4804 LanmanWorkstation - ok
18:30:36.0131 4804 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:30:36.0131 4804 lltdio - ok
18:30:36.0163 4804 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:30:36.0178 4804 lltdsvc - ok
18:30:36.0178 4804 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
18:30:36.0178 4804 lmhosts - ok
18:30:36.0225 4804 [ 271F79326CD571BD271D45C47148ED78 ] LMS C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:30:36.0225 4804 LMS - ok
18:30:36.0256 4804 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:30:36.0272 4804 LSI_FC - ok
18:30:36.0272 4804 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:30:36.0287 4804 LSI_SAS - ok
18:30:36.0287 4804 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:30:36.0303 4804 LSI_SAS2 - ok
18:30:36.0303 4804 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:30:36.0319 4804 LSI_SCSI - ok
18:30:36.0319 4804 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
18:30:36.0334 4804 luafv - ok
18:30:36.0350 4804 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:30:36.0350 4804 Mcx2Svc - ok
18:30:36.0365 4804 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:30:36.0381 4804 megasas - ok
18:30:36.0397 4804 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:30:36.0397 4804 MegaSR - ok
18:30:36.0475 4804 Microsoft SharePoint Workspace Audit Service - ok
18:30:36.0490 4804 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
18:30:36.0490 4804 MMCSS - ok
18:30:36.0506 4804 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
18:30:36.0506 4804 Modem - ok
18:30:36.0537 4804 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:30:36.0537 4804 monitor - ok
18:30:36.0568 4804 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:30:36.0568 4804 mouclass - ok
18:30:36.0584 4804 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:30:36.0584 4804 mouhid - ok
18:30:36.0631 4804 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:30:36.0631 4804 mountmgr - ok
18:30:36.0693 4804 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:30:36.0693 4804 MozillaMaintenance - ok
18:30:36.0724 4804 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
18:30:36.0724 4804 mpio - ok
18:30:36.0740 4804 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:30:36.0740 4804 mpsdrv - ok
18:30:36.0771 4804 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:30:36.0787 4804 MpsSvc - ok
18:30:36.0833 4804 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:30:36.0833 4804 MRxDAV - ok
18:30:36.0865 4804 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:30:36.0865 4804 mrxsmb - ok
18:30:36.0896 4804 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:30:36.0911 4804 mrxsmb10 - ok
18:30:36.0927 4804 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:30:36.0927 4804 mrxsmb20 - ok
18:30:36.0943 4804 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
18:30:36.0943 4804 msahci - ok
18:30:36.0974 4804 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:30:36.0974 4804 msdsm - ok
18:30:36.0974 4804 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
18:30:36.0989 4804 MSDTC - ok
18:30:37.0005 4804 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:30:37.0005 4804 Msfs - ok
18:30:37.0021 4804 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:30:37.0021 4804 mshidkmdf - ok
18:30:37.0036 4804 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:30:37.0036 4804 msisadrv - ok
18:30:37.0083 4804 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:30:37.0083 4804 MSiSCSI - ok
18:30:37.0083 4804 msiserver - ok
18:30:37.0099 4804 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:30:37.0099 4804 MSKSSRV - ok
18:30:37.0114 4804 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:30:37.0114 4804 MSPCLOCK - ok
18:30:37.0114 4804 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:30:37.0114 4804 MSPQM - ok
18:30:37.0130 4804 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:30:37.0130 4804 MsRPC - ok
18:30:37.0145 4804 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:30:37.0145 4804 mssmbios - ok
18:30:37.0145 4804 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:30:37.0145 4804 MSTEE - ok
18:30:37.0161 4804 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:30:37.0161 4804 MTConfig - ok
18:30:37.0177 4804 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
18:30:37.0177 4804 Mup - ok
18:30:37.0208 4804 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
18:30:37.0223 4804 napagent - ok
18:30:37.0255 4804 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:30:37.0255 4804 NativeWifiP - ok
18:30:37.0286 4804 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:30:37.0286 4804 NDIS - ok
18:30:37.0301 4804 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:30:37.0301 4804 NdisCap - ok
18:30:37.0317 4804 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:30:37.0317 4804 NdisTapi - ok
18:30:37.0348 4804 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:30:37.0348 4804 Ndisuio - ok
18:30:37.0379 4804 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:30:37.0379 4804 NdisWan - ok
18:30:37.0411 4804 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:30:37.0411 4804 NDProxy - ok
18:30:37.0426 4804 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:30:37.0442 4804 NetBIOS - ok
18:30:37.0489 4804 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:30:37.0489 4804 NetBT - ok
18:30:37.0504 4804 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
18:30:37.0504 4804 Netlogon - ok
18:30:37.0535 4804 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
18:30:37.0551 4804 Netman - ok
18:30:37.0567 4804 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
18:30:37.0567 4804 netprofm - ok
18:30:37.0598 4804 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:30:37.0598 4804 NetTcpPortSharing - ok
18:30:37.0629 4804 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:30:37.0629 4804 nfrd960 - ok
18:30:37.0738 4804 [ 54FCEA3A63C9A75FDCCF1EE512E29E93 ] NitroReaderDriverReadSpool2 C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
18:30:37.0738 4804 NitroReaderDriverReadSpool2 - ok
18:30:37.0769 4804 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:30:37.0769 4804 NlaSvc - ok
18:30:37.0785 4804 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:30:37.0785 4804 Npfs - ok
18:30:37.0801 4804 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
18:30:37.0816 4804 nsi - ok
18:30:37.0816 4804 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:30:37.0816 4804 nsiproxy - ok
18:30:37.0863 4804 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:30:37.0879 4804 Ntfs - ok
18:30:37.0894 4804 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
18:30:37.0894 4804 Null - ok
18:30:37.0910 4804 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:30:37.0925 4804 nvraid - ok
18:30:37.0957 4804 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:30:37.0957 4804 nvstor - ok
18:30:37.0988 4804 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:30:37.0988 4804 nv_agp - ok
18:30:38.0019 4804 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:30:38.0019 4804 ohci1394 - ok
18:30:38.0097 4804 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:30:38.0097 4804 ose - ok
18:30:38.0206 4804 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:30:38.0315 4804 osppsvc - ok
18:30:38.0362 4804 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:30:38.0362 4804 p2pimsvc - ok
18:30:38.0425 4804 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
18:30:38.0425 4804 p2psvc - ok
18:30:38.0440 4804 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:30:38.0440 4804 Parport - ok
18:30:38.0471 4804 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:30:38.0471 4804 partmgr - ok
18:30:38.0487 4804 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:30:38.0487 4804 Parvdm - ok
18:30:38.0503 4804 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:30:38.0503 4804 PcaSvc - ok
18:30:38.0518 4804 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
18:30:38.0518 4804 pci - ok
18:30:38.0534 4804 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
18:30:38.0549 4804 pciide - ok
18:30:38.0549 4804 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:30:38.0565 4804 pcmcia - ok
18:30:38.0565 4804 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
18:30:38.0565 4804 pcw - ok
18:30:38.0596 4804 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:30:38.0596 4804 PEAUTH - ok
18:30:38.0659 4804 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:30:38.0690 4804 PeerDistSvc - ok
18:30:38.0752 4804 [ E27087ED87311DC130E55A63E890615D ] PL-40R C:\Windows\system32\Drivers\pl40rwdm.sys
18:30:38.0768 4804 PL-40R - ok
18:30:38.0830 4804 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
18:30:38.0861 4804 pla - ok
18:30:38.0908 4804 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:30:38.0908 4804 PlugPlay - ok
18:30:38.0924 4804 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:30:38.0924 4804 PNRPAutoReg - ok
18:30:38.0939 4804 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:30:38.0939 4804 PNRPsvc - ok
18:30:38.0955 4804 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:30:38.0955 4804 PolicyAgent - ok
18:30:38.0986 4804 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
18:30:39.0002 4804 Power - ok
18:30:39.0033 4804 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:30:39.0033 4804 PptpMiniport - ok
18:30:39.0033 4804 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:30:39.0049 4804 Processor - ok
18:30:39.0095 4804 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
18:30:39.0095 4804 ProfSvc - ok
18:30:39.0095 4804 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:30:39.0095 4804 ProtectedStorage - ok
18:30:39.0127 4804 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:30:39.0127 4804 Psched - ok
18:30:39.0158 4804 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:30:39.0205 4804 ql2300 - ok
18:30:39.0205 4804 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:30:39.0220 4804 ql40xx - ok
18:30:39.0251 4804 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
18:30:39.0251 4804 QWAVE - ok
18:30:39.0267 4804 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:30:39.0267 4804 QWAVEdrv - ok
18:30:39.0283 4804 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:30:39.0283 4804 RasAcd - ok
18:30:39.0314 4804 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:30:39.0314 4804 RasAgileVpn - ok
18:30:39.0329 4804 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
18:30:39.0329 4804 RasAuto - ok
18:30:39.0345 4804 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:30:39.0345 4804 Rasl2tp - ok
18:30:39.0376 4804 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
18:30:39.0392 4804 RasMan - ok
18:30:39.0407 4804 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:30:39.0407 4804 RasPppoe - ok
18:30:39.0423 4804 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:30:39.0423 4804 RasSstp - ok
18:30:39.0439 4804 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:30:39.0439 4804 rdbss - ok
18:30:39.0517 4804 [ 3A2B2181A337C27AED74B08E3A3BDEB8 ] RDID1061 C:\Windows\system32\Drivers\rdwm1061.sys
18:30:39.0548 4804 RDID1061 - ok
18:30:39.0548 4804 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:30:39.0563 4804 rdpbus - ok
18:30:39.0579 4804 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:30:39.0579 4804 RDPCDD - ok
18:30:39.0595 4804 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:30:39.0610 4804 RDPDR - ok
18:30:39.0626 4804 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:30:39.0626 4804 RDPENCDD - ok
18:30:39.0626 4804 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:30:39.0641 4804 RDPREFMP - ok
18:30:39.0657 4804 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:30:39.0657 4804 RDPWD - ok
18:30:39.0688 4804 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:30:39.0704 4804 rdyboost - ok
18:30:39.0719 4804 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
18:30:39.0735 4804 RemoteAccess - ok
18:30:39.0751 4804 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:30:39.0751 4804 RemoteRegistry - ok
18:30:39.0797 4804 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:30:39.0797 4804 RFCOMM - ok
18:30:39.0829 4804 [ E891F07815AF88075705EF6A248711F6 ] rimspci C:\Windows\system32\DRIVERS\rimspe86.sys
18:30:39.0829 4804 rimspci - ok
18:30:39.0844 4804 [ D853D35F792A3A44726A794BF9A0BBC3 ] risdpcie C:\Windows\system32\DRIVERS\risdpe86.sys
18:30:39.0844 4804 risdpcie - ok
18:30:39.0860 4804 [ CF2DE2365FD99E5B8E38C9F3467DCDB8 ] rixdpcie C:\Windows\system32\DRIVERS\rixdpe86.sys
18:30:39.0875 4804 rixdpcie - ok
18:30:39.0891 4804 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:30:39.0891 4804 RpcEptMapper - ok
18:30:39.0907 4804 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
18:30:39.0907 4804 RpcLocator - ok
18:30:39.0938 4804 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
18:30:39.0938 4804 RpcSs - ok
18:30:39.0969 4804 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:30:39.0969 4804 rspndr - ok
18:30:40.0000 4804 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:30:40.0000 4804 s3cap - ok
18:30:40.0016 4804 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
18:30:40.0016 4804 SamSs - ok
18:30:40.0047 4804 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:30:40.0047 4804 sbp2port - ok
18:30:40.0078 4804 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:30:40.0078 4804 SCardSvr - ok
18:30:40.0109 4804 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:30:40.0109 4804 scfilter - ok
18:30:40.0156 4804 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
18:30:40.0156 4804 Schedule - ok
18:30:40.0203 4804 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:30:40.0203 4804 SCPolicySvc - ok
18:30:40.0234 4804 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
18:30:40.0250 4804 sdbus - ok
18:30:40.0281 4804 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:30:40.0281 4804 SDRSVC - ok
18:30:40.0312 4804 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:30:40.0312 4804 secdrv - ok
18:30:40.0328 4804 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
18:30:40.0328 4804 seclogon - ok
18:30:40.0359 4804 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
18:30:40.0359 4804 SENS - ok
18:30:40.0390 4804 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:30:40.0390 4804 SensrSvc - ok
18:30:40.0421 4804 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:30:40.0421 4804 Serenum - ok
18:30:40.0421 4804 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:30:40.0421 4804 Serial - ok
18:30:40.0453 4804 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:30:40.0453 4804 sermouse - ok
18:30:40.0468 4804 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
18:30:40.0468 4804 SessionEnv - ok
18:30:40.0499 4804 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:30:40.0499 4804 sffdisk - ok
18:30:40.0515 4804 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:30:40.0515 4804 sffp_mmc - ok
18:30:40.0515 4804 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:30:40.0515 4804 sffp_sd - ok
18:30:40.0515 4804 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:30:40.0531 4804 sfloppy - ok
18:30:40.0562 4804 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:30:40.0577 4804 SharedAccess - ok
18:30:40.0624 4804 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:30:40.0624 4804 ShellHWDetection - ok
18:30:40.0640 4804 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:30:40.0655 4804 sisagp - ok
18:30:40.0655 4804 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:30:40.0655 4804 SiSRaid2 - ok
18:30:40.0671 4804 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:30:40.0687 4804 SiSRaid4 - ok
18:30:40.0702 4804 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:30:40.0702 4804 Smb - ok
18:30:40.0733 4804 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:30:40.0733 4804 SNMPTRAP - ok
18:30:40.0811 4804 [ C2A90604B7F85CB4AFAD61F9EDD05DA8 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
18:30:40.0827 4804 SNP2UVC - ok
18:30:40.0858 4804 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
18:30:40.0858 4804 spldr - ok
18:30:40.0905 4804 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
18:30:40.0905 4804 Spooler - ok
18:30:40.0967 4804 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
18:30:41.0030 4804 sppsvc - ok
18:30:41.0061 4804 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:30:41.0061 4804 sppuinotify - ok
18:30:41.0092 4804 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:30:41.0108 4804 srv - ok
18:30:41.0123 4804 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:30:41.0123 4804 srv2 - ok
18:30:41.0155 4804 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:30:41.0155 4804 srvnet - ok
18:30:41.0170 4804 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:30:41.0186 4804 SSDPSRV - ok
18:30:41.0201 4804 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:30:41.0201 4804 SstpSvc - ok
18:30:41.0233 4804 [ E3D493BFB7CD108EC50B2F560C96367C ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
18:30:41.0248 4804 ssudmdm - ok
18:30:41.0311 4804 [ 03F6CF42A1DB74290448CDE668578C87 ] STacSV C:\Program Files\IDT\WDM\STacSV.exe
18:30:41.0311 4804 STacSV - ok
18:30:41.0357 4804 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:30:41.0357 4804 stexstor - ok
18:30:41.0389 4804 [ 8A8246F40792956E957F3E8D0C188963 ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
18:30:41.0389 4804 STHDA - ok
18:30:41.0435 4804 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
18:30:41.0435 4804 StiSvc - ok
18:30:41.0451 4804 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:30:41.0451 4804 storflt - ok
18:30:41.0482 4804 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
18:30:41.0482 4804 StorSvc - ok
18:30:41.0498 4804 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:30:41.0498 4804 storvsc - ok
18:30:41.0513 4804 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
18:30:41.0513 4804 swenum - ok
18:30:41.0529 4804 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
18:30:41.0529 4804 swprv - ok
18:30:41.0591 4804 [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:30:41.0607 4804 SynTP - ok
18:30:41.0654 4804 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
18:30:41.0685 4804 SysMain - ok
18:30:41.0716 4804 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:30:41.0716 4804 TabletInputService - ok
18:30:41.0747 4804 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
18:30:41.0747 4804 TapiSrv - ok
18:30:41.0763 4804 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
18:30:41.0763 4804 TBS - ok
18:30:41.0810 4804 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:30:41.0810 4804 Tcpip - ok
18:30:41.0841 4804 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:30:41.0857 4804 TCPIP6 - ok
18:30:41.0888 4804 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:30:41.0888 4804 tcpipreg - ok
18:30:41.0919 4804 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:30:41.0919 4804 TDPIPE - ok
18:30:41.0950 4804 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:30:41.0950 4804 TDTCP - ok
18:30:41.0981 4804 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:30:41.0981 4804 tdx - ok
18:30:41.0997 4804 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:30:41.0997 4804 TermDD - ok
18:30:42.0028 4804 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
18:30:42.0028 4804 TermService - ok
18:30:42.0044 4804 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
18:30:42.0044 4804 Themes - ok
18:30:42.0059 4804 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
18:30:42.0059 4804 THREADORDER - ok
18:30:42.0137 4804 [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
18:30:42.0137 4804 TomTomHOMEService - ok
18:30:42.0169 4804 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
18:30:42.0169 4804 TPM - ok
18:30:42.0200 4804 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
18:30:42.0200 4804 TrkWks - ok
18:30:42.0262 4804 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:30:42.0262 4804 TrustedInstaller - ok
18:30:42.0262 4804 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:30:42.0278 4804 tssecsrv - ok
18:30:42.0293 4804 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:30:42.0309 4804 TsUsbFlt - ok
18:30:42.0325 4804 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:30:42.0340 4804 tunnel - ok
18:30:42.0356 4804 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:30:42.0356 4804 uagp35 - ok
18:30:42.0387 4804 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:30:42.0403 4804 udfs - ok
18:30:42.0418 4804 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:30:42.0418 4804 UI0Detect - ok
18:30:42.0434 4804 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:30:42.0434 4804 uliagpkx - ok
18:30:42.0481 4804 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:30:42.0481 4804 umbus - ok
18:30:42.0481 4804 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:30:42.0481 4804 UmPass - ok
18:30:42.0512 4804 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
18:30:42.0512 4804 UmRdpService - ok
18:30:42.0637 4804 [ 5713E039C0622F40347735CBA460B8FC ] UNS C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:30:42.0637 4804 UNS - ok
18:30:42.0668 4804 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
18:30:42.0668 4804 upnphost - ok
18:30:42.0699 4804 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:30:42.0699 4804 usbccgp - ok
18:30:42.0730 4804 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:30:42.0730 4804 usbcir - ok
18:30:42.0761 4804 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:30:42.0761 4804 usbehci - ok
18:30:42.0777 4804 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:30:42.0793 4804 usbhub - ok
18:30:42.0808 4804 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:30:42.0808 4804 usbohci - ok
18:30:42.0839 4804 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:30:42.0839 4804 usbprint - ok
18:30:42.0871 4804 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:30:42.0871 4804 usbscan - ok
18:30:42.0886 4804 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:30:42.0886 4804 USBSTOR - ok
18:30:42.0902 4804 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:30:42.0902 4804 usbuhci - ok
18:30:42.0917 4804 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:30:42.0917 4804 usbvideo - ok
18:30:42.0933 4804 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
18:30:42.0933 4804 UxSms - ok
18:30:42.0949 4804 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
18:30:42.0949 4804 VaultSvc - ok
18:30:42.0995 4804 [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
18:30:42.0995 4804 VClone - ok
18:30:43.0058 4804 [ 8C72E0E88E5A1A70691135864F2F7F1B ] vcsFPService C:\Windows\system32\vcsFPService.exe
18:30:43.0089 4804 vcsFPService - ok
18:30:43.0136 4804 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:30:43.0151 4804 vdrvroot - ok
18:30:43.0183 4804 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
18:30:43.0183 4804 vds - ok
18:30:43.0198 4804 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:30:43.0198 4804 vga - ok
18:30:43.0214 4804 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:30:43.0214 4804 VgaSave - ok
18:30:43.0229 4804 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:30:43.0245 4804 vhdmp - ok
18:30:43.0261 4804 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:30:43.0261 4804 viaagp - ok
18:30:43.0276 4804 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
18:30:43.0276 4804 ViaC7 - ok
18:30:43.0292 4804 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
18:30:43.0292 4804 viaide - ok
18:30:43.0323 4804 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:30:43.0323 4804 vmbus - ok
18:30:43.0354 4804 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:30:43.0354 4804 VMBusHID - ok
18:30:43.0370 4804 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:30:43.0370 4804 volmgr - ok
18:30:43.0385 4804 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:30:43.0385 4804 volmgrx - ok
18:30:43.0401 4804 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:30:43.0401 4804 volsnap - ok
18:30:43.0417 4804 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:30:43.0432 4804 vsmraid - ok
18:30:43.0479 4804 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
18:30:43.0510 4804 VSS - ok
18:30:43.0526 4804 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:30:43.0526 4804 vwifibus - ok
18:30:43.0541 4804 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:30:43.0541 4804 vwififlt - ok
18:30:43.0573 4804 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
18:30:43.0573 4804 W32Time - ok
18:30:43.0588 4804 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:30:43.0604 4804 WacomPen - ok
18:30:43.0619 4804 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:30:43.0619 4804 WANARP - ok
18:30:43.0619 4804 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:30:43.0619 4804 Wanarpv6 - ok
18:30:43.0697 4804 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:30:43.0729 4804 WatAdminSvc - ok
18:30:43.0760 4804 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
18:30:43.0791 4804 wbengine - ok
18:30:43.0807 4804 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:30:43.0822 4804 WbioSrvc - ok
18:30:43.0853 4804 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:30:43.0853 4804 wcncsvc - ok
18:30:43.0869 4804 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:30:43.0885 4804 WcsPlugInService - ok
18:30:43.0900 4804 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:30:43.0900 4804 Wd - ok
18:30:43.0916 4804 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:30:43.0931 4804 Wdf01000 - ok
18:30:43.0931 4804 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:30:43.0947 4804 WdiServiceHost - ok
18:30:43.0947 4804 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:30:43.0947 4804 WdiSystemHost - ok
18:30:43.0978 4804 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
18:30:43.0978 4804 WebClient - ok
18:30:44.0009 4804 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:30:44.0009 4804 Wecsvc - ok
18:30:44.0025 4804 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:30:44.0025 4804 wercplsupport - ok
18:30:44.0056 4804 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
18:30:44.0056 4804 WerSvc - ok
18:30:44.0072 4804 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:30:44.0072 4804 WfpLwf - ok
18:30:44.0087 4804 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:30:44.0087 4804 WIMMount - ok
18:30:44.0150 4804 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:30:44.0165 4804 WinDefend - ok
18:30:44.0165 4804 WinHttpAutoProxySvc - ok
18:30:44.0228 4804 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:30:44.0228 4804 Winmgmt - ok
18:30:44.0259 4804 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
18:30:44.0290 4804 WinRM - ok
18:30:44.0337 4804 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
18:30:44.0337 4804 WinUSB - ok
18:30:44.0368 4804 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:30:44.0399 4804 Wlansvc - ok
18:30:44.0415 4804 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:30:44.0415 4804 WmiAcpi - ok
18:30:44.0446 4804 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:30:44.0462 4804 wmiApSrv - ok
18:30:44.0509 4804 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:30:44.0509 4804 WMPNetworkSvc - ok
18:30:44.0555 4804 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:30:44.0555 4804 WPCSvc - ok
18:30:44.0587 4804 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:30:44.0587 4804 WPDBusEnum - ok
18:30:44.0602 4804 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:30:44.0602 4804 ws2ifsl - ok
18:30:44.0633 4804 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
18:30:44.0633 4804 wscsvc - ok
18:30:44.0633 4804 WSearch - ok
18:30:44.0696 4804 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:30:44.0727 4804 wuauserv - ok
18:30:44.0758 4804 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:30:44.0758 4804 WudfPf - ok
18:30:44.0805 4804 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:30:44.0805 4804 WUDFRd - ok
18:30:44.0836 4804 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:30:44.0836 4804 wudfsvc - ok
18:30:44.0852 4804 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:30:44.0852 4804 WwanSvc - ok
18:30:44.0899 4804 ================ Scan global ===============================
18:30:44.0945 4804 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
18:30:44.0977 4804 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
18:30:44.0977 4804 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
18:30:45.0023 4804 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:30:45.0055 4804 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:30:45.0055 4804 [Global] - ok
18:30:45.0055 4804 ================ Scan MBR ==================================
18:30:45.0070 4804 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:30:45.0413 4804 \Device\Harddisk0\DR0 - ok
18:30:45.0413 4804 ================ Scan VBR ==================================
18:30:45.0413 4804 [ 9DC1167D4D483298C98905DC44E8F7B8 ] \Device\Harddisk0\DR0\Partition1
18:30:45.0413 4804 \Device\Harddisk0\DR0\Partition1 - ok
18:30:45.0429 4804 [ 6692C2D443B96DA8433A95548CA0BD30 ] \Device\Harddisk0\DR0\Partition2
18:30:45.0429 4804 \Device\Harddisk0\DR0\Partition2 - ok
18:30:45.0460 4804 [ ED87336F38751A9AF3012DEBA267F753 ] \Device\Harddisk0\DR0\Partition3
18:30:45.0460 4804 \Device\Harddisk0\DR0\Partition3 - ok
18:30:45.0460 4804 ============================================================
18:30:45.0460 4804 Scan finished
18:30:45.0460 4804 ============================================================
18:30:45.0460 4056 Detected object count: 0
18:30:45.0460 4056 Actual detected object count: 0



====== aswMBR Log ======


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-03 18:32:17
-----------------------------
18:32:17.798 OS Version: Windows 6.1.7601 Service Pack 1
18:32:17.798 Number of processors: 4 586 0x2505
18:32:17.798 ComputerName: ESH UserName:
18:32:35.129 Initialize success
18:33:47.763 AVAST engine defs: 12090300
18:35:16.575 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:35:16.575 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
18:35:16.591 Disk 0 MBR read successfully
18:35:16.591 Disk 0 MBR scan
18:35:16.684 Disk 0 Windows 7 default MBR code
18:35:16.700 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 51200 MB offset 63
18:35:16.856 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 251987 MB offset 104859648
18:35:16.981 Disk 0 Partition 3 00 0C FAT32 LBA MSDOS5.0 2048 MB offset 620929024
18:35:17.090 Disk 0 scanning sectors +625123328
18:35:17.199 Disk 0 scanning C:\Windows\system32\drivers
18:35:40.147 Service scanning
18:36:06.261 Modules scanning
18:36:15.980 Disk 0 trace - called modules:
18:36:16.557 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys iaStor.sys
18:36:16.557 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x875a6a80]
18:36:16.573 3 CLASSPNP.SYS[8bfc659e] -> nt!IofCallDriver -> [0x875a6020]
18:36:16.573 5 hpdskflt.sys[8c01a0be] -> nt!IofCallDriver -> [0x86adc3e0]
18:36:16.573 7 ACPI.sys[8b8b93d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85cbe028]
18:36:19.443 AVAST engine scan C:\Windows
18:36:24.108 AVAST engine scan C:\Windows\system32
18:40:06.892 AVAST engine scan C:\Windows\system32\drivers
18:40:21.041 AVAST engine scan C:\Users\Jannes Eshuis
18:43:57.725 AVAST engine scan C:\ProgramData
18:45:59.156 Scan finished successfully
19:20:09.187 Disk 0 MBR has been saved successfully to "C:\Users\Jannes Eshuis\Desktop\MBR.dat"
19:20:09.187 The log file has been saved successfully to "C:\Users\Jannes Eshuis\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 PM

Posted 03 September 2012 - 02:11 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

Edited by gringo_pr, 03 September 2012 - 04:02 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ganaffe

ganaffe
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 03 September 2012 - 02:51 PM

Hi,

I was a bit confused about the second half of your post, so I only did the first step:

- I copied the text from your first box into an empty notepad en saved it and dragged it onto ComboFix.
- Subsequently ComboFix started, and asked me if I wanted to update because a new version of ComboFix was available
- I chose 'yes'
- Then I got a warning from F-Secure (sorry!! forgot to close it) about CombFix wanting to change my system, which I allowed
- Then I got a warning from ComboFix that I had to disable F-Secure, which I did.
- Then I told ComboFix 'OK' and everything else went smoothly

Otherwise no problems and no new developments. Here is the log




ComboFix 12-09-03.07 - Jannes Eshuis 03-09-2012 21:29:00.2.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.2991.1906 [GMT 2:00]
Gestart vanuit: c:\users\Jannes Eshuis\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Jannes Eshuis\Desktop\CFScript.txt
AV: Computer Security *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Computer Security *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Computer Security *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-08-03 to 2012-09-03 ))))))))))))))))))))))))))))))
.
.
2012-09-03 19:34 . 2012-09-03 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-03 15:33 . 2012-09-03 19:34 -------- d-----w- c:\users\Jannes Eshuis\AppData\Local\temp
2012-09-03 14:32 . 2012-09-03 16:53 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-09-02 05:13 . 2012-09-02 05:13 -------- d-----w- c:\program files\Common Files\Java
2012-09-02 05:13 . 2012-09-02 05:13 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 14:38 . 2012-08-31 14:38 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-08-31 14:37 . 2012-07-06 19:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-31 07:33 . 2012-08-31 07:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-31 07:33 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 06:34 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-31 06:32 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-08-31 06:32 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-08-31 06:32 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-31 06:32 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-08-31 06:32 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-08-31 06:32 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-08-31 06:32 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-08-31 06:27 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-08-31 06:27 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-08-31 06:24 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-31 06:24 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-08-31 06:24 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-31 06:24 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-08-31 06:24 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-08-31 06:24 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-08-31 06:24 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-08-31 06:23 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-31 06:23 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-08-29 14:05 . 2012-08-29 14:05 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-02 05:13 . 2012-06-27 07:25 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-02 05:13 . 2011-04-18 07:47 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-02 05:07 . 2012-04-05 07:22 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-02 05:07 . 2011-05-23 07:25 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 13:07 . 2012-06-29 07:41 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-07-18 02:11 . 2011-06-01 22:40 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-07-02 15:57 . 2012-07-24 22:00 52280 ----a-w- c:\windows\system32\drivers\fsccsys.sys
2012-06-28 11:56 . 2004-10-01 14:08 18048 ----a-w- c:\windows\system32\drivers\pl40rwdm.sys
2012-06-25 12:58 . 2012-07-11 10:26 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-06-25 12:58 . 2012-07-11 10:26 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-06-13 07:29 . 2011-06-01 22:40 856712 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-06 06:49 . 2012-06-06 06:49 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-08-29 14:05 . 2011-05-02 07:42 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 12:01 . 2011-03-13 19:56 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jannes Eshuis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jannes Eshuis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jannes Eshuis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-02-22 943504]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-02-22 3508624]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-27 21416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-07 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-19 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-19 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-19 170520]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-03-03 111640]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-10-01 256056]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"F-Secure Hoster (54599)"="c:\program files\F-Secure\fshoster32.exe" [2012-06-21 163536]
"F-Secure Manager"="c:\program files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" [2012-03-15 311976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Jannes Eshuis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jannes Eshuis\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 795936]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2011-3-14 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-01-23 04:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 PL-40R;CASIO USB MIDI;c:\windows\system32\Drivers\pl40rwdm.sys [x]
R3 RDID1061;UA-4FX;c:\windows\system32\Drivers\rdwm1061.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [x]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [x]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 fshoster;F-Secure Dll Hoster;c:\program files\F-Secure\fshoster32.exe [x]
S2 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\apps\CCF_Reputation\fsorsp.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [x]
S3 fsccsys1343167236;F-Secure Content Control Driver;c:\windows\System32\drivers\fsccsys.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - 32029625
*NewlyCreated* - ASWMBR
*Deregistered* - 32029625
*Deregistered* - aswMBR
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Jannes Eshuis\AppData\Roaming\Mozilla\Firefox\Profiles\7h2qd1io.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fshoster]
"ImagePath"="\"c:\program files\F-Secure\fshoster32.exe\" -hosterid:0"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(5656)
c:\users\Jannes Eshuis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Voltooingstijd: 2012-09-03 21:36:06
ComboFix-quarantined-files.txt 2012-09-03 19:36
ComboFix2.txt 2012-09-03 15:39
.
Pre-Run: 1.923.223.040 bytes free
Post-Run: 1.997.986.304 bytes free
.
- - End Of File - - D4611E2ACA78970343B271B8F2136D4A

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 PM

Posted 03 September 2012 - 04:06 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ganaffe

ganaffe
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 03 September 2012 - 05:14 PM

Alright, back again.

I followed your instructions step by step, but had a few problems/unexpected things:

- While uninstalling uTorrent with Revo everything went smoothly, until I had to 'Check only the bolded items'. When I arrived there, there were no bolded items, so I skipped that, only to realize later that this had actually been the overview of uTorrent folders that I should have deleted. Is there a way to delete those folders manually, where can I find them on a Win7 machine?

- After uninstalling the Java 6 update 31, I went on to install Java, only to have the website tell me that I already had the latest version of Java (7 update 7) installed. Is that OK or should I uninstall that version too, and then do a clean install?

- I already had CCleaner on my system, so I updated it and then ran it following your instructions. Is that OK, or should I do a clean install and run it again?

- MBAM and Hijackthis went OK. Here are the logs:


====== MBAM Log ======

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.03.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jannes Eshuis :: ESH [administrator]

3-9-2012 23:48:48
mbam-log-2012-09-03 (23-48-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198877
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



====== HijackThis ======

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:58:09, on 3-9-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files\F-Secure\fshoster32.exe
C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Users\Jannes Eshuis\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Windows\system32\notepad.exe
C:\Users\Jannes Eshuis\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Hoster (54599)] "C:\Program Files\F-Secure\fshoster32.exe" -app -hosterid:1
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" /splash
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - Startup: Dropbox.lnk = Jannes Eshuis\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\apps\ComputerSecurity\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files\F-Secure\fshoster32.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\apps\CCF_Reputation\fsorsp.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe

--
End of file - 10235 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 PM

Posted 03 September 2012 - 07:03 PM

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
      O4 - Startup: Dropbox.lnk = Jannes Eshuis\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ganaffe

ganaffe
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 04 September 2012 - 01:45 AM

Hi Gringo,

Followed your instructions. ESET found no threats.

Cheers!

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 PM

Posted 04 September 2012 - 10:03 PM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ganaffe

ganaffe
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 05 September 2012 - 07:53 AM

Hey Gringo,

Thanks alot for helping so quickly and efficiently! Great work.
I read your last post, followed the instructions, and will let you know if there's still a problem in the next few days.

So far it looks like the system no longer hangs on shutdown, in general sped up a bit, and I haven't seen any windows antivirus popups in the last day or so...

Thanks again!
Ganaffe

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 PM

Posted 05 September 2012 - 12:47 PM

you are more than welcome


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 PM

Posted 08 September 2012 - 12:44 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users