Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef and other trojan infections, still worried


  • This topic is locked This topic is locked
16 replies to this topic

#1 thatguy1066

thatguy1066

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 06 September 2012 - 09:38 PM

Browsing this evening when all of a sudden, I got a notification that Adobe Flash wanted to make changes to my computer. At that same time, I got a warning from Microsoft Security Essentials saying that a threat was detected. Coupled with the fact that the notifications from "Flash" wouldn't go away, no matter how many times I pressed No, I restarted my computer immediately.

Ran MSE and Malwarebytes, they reported positive for sirefef.ae, fareit.gen!E, and trojan.phex.thagen9 (which only Malwarebytes was able to pick up). Furthermore, upon looking at the history of MSE's activity, it shows that it allowed Sirefef.AE, sirefef.gen!A, and Fareit.gen!E to go through without any action taken, which is incredibly suspicious to me. Right now, I'm re-running full scans to make sure that I'm not still infected, but I'm not taking any chances, and have already begun to backup everything of value on this computer and dug out my old Windows 7 install discs just in case. I'd really like to know what I should do to make sure I'm clean. Thanks a lot.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Admin at 22:21:43 on 2012-09-06
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.12265.8767 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\System Control Manager\MSIService.exe
C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\FSP\FspUip.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Admin\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\MSI\NVIDIA Overclock Tool\NVIDIAOCAP.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\MSI\msi LED Manager\SLM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\REGSVR32.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=102868&gct=hp
uDefault_Page_URL = hxxp://msi.msn.com
mStart Page = hxxp://msi.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: ATLAS Toolbar: {3c6301ed-0f78-4af2-8150-d9c052361a8e} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: ATLAS Toolbar: {3c6301ed-0f78-4af2-8150-d9c052361a8e} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [F.lux] "C:\Users\Admin\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [NCsoft]
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
mRun: [Cinema ProII AP] C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
mRun: [Cinema ProII Controler] C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
mRun: [NVIDIAOCAP] C:\Program Files (x86)\MSI\NVIDIA Overclock Tool\NVIDIAOCAP.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\windows\UpdReg.EXE
mRun: [msi LED Manager] C:\Program Files (x86)\msi\msi LED Manager\SLM.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GLOBET~1.LNK - C:\Program Files (x86)\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files (x86)\ATLAS V14\Atlscript.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0E9B4C89-6354-4122-8925-08A46116B3CB} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0E9B4C89-6354-4122-8925-08A46116B3CB}\072776E2165627F6D286F6473707F647 : DhcpNameServer = 193.86.243.66 193.86.243.68
TCP: Interfaces\{0E9B4C89-6354-4122-8925-08A46116B3CB}\16A747563686F596E6964714A747 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0E9B4C89-6354-4122-8925-08A46116B3CB}\3547574656E64704053555 : DhcpNameServer = 10.2.1.11 10.2.1.12 10.162.0.11
TCP: Interfaces\{0E9B4C89-6354-4122-8925-08A46116B3CB}\45841445745595 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0E9B4C89-6354-4122-8925-08A46116B3CB}\46162756B6368677 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0E9B4C89-6354-4122-8925-08A46116B3CB}\56874756E6465627435693834623 : DhcpNameServer = 192.168.2.2 0.0.0.0
TCP: Interfaces\{0E9B4C89-6354-4122-8925-08A46116B3CB}\C696E6B6379737 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{14E18563-91E7-48A9-960E-90DBB7ED3000} : DhcpNameServer = 195.229.241.222 213.42.20.20
TCP: Interfaces\{167E9740-ACAF-4B9C-8C3A-D24022897827} : DhcpNameServer = 194.204.152.34 194.204.159.1 192.168.8.226 212.160.131.82 213.180.130.208
TCP: Interfaces\{3D358552-CFBB-4A20-861F-C9FA4BF12F55} : DhcpNameServer = 217.116.100.65 79.163.127.70
TCP: Interfaces\{F260C0B1-E2B7-4B11-A7BF-6DC69473167E} : DhcpNameServer = 194.204.152.34 194.204.159.1 192.168.8.226 212.160.131.82 213.180.130.208
TCP: Interfaces\{FE10DA84-4FD4-485A-B1DB-6CA4BC0FF85A} : DhcpNameServer = 98.158.112.60 216.131.94.5 216.131.95.20
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: ATLAS Toolbar: {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL
BHO-X64: ATLAS Toolbar - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: ATLAS Toolbar: {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
mRun-x64: [Cinema ProII AP] C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
mRun-x64: [Cinema ProII Controler] C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
mRun-x64: [NVIDIAOCAP] C:\Program Files (x86)\MSI\NVIDIA Overclock Tool\NVIDIAOCAP.exe
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\windows\UpdReg.EXE
mRun-x64: [msi LED Manager] C:\Program Files (x86)\msi\msi LED Manager\SLM.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files (x86)\ATLAS V14\Atlscript.html
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\spmqlc8q.default\
FF - prefs.js: network.proxy.http - 204.188.215.42
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 GtDetectSc;GtDetectSc;C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe [2009-5-4 809984]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-12-10 8704]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-25 13336]
R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\System Control Manager\MSIService.exe [2011-4-25 160768]
R2 MSI Foundation Service;MSI Foundation Service;C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-7-16 12800]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-8-27 1262400]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-13 508264]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
R3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;C:\windows\system32\drivers\fspad_wlh64.sys --> C:\windows\system32\drivers\fspad_wlh64.sys [?]
R3 MBfilt;MBfilt;C:\windows\system32\drivers\MBfilt64.sys --> C:\windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\drivers\HECIx64.sys --> C:\windows\system32\drivers\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\drivers\nusb3hub.sys --> C:\windows\system32\drivers\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\drivers\nusb3xhc.sys --> C:\windows\system32\drivers\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-13 219496]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-11 250568]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\system32\DRIVERS\btmaux.sys --> C:\windows\system32\DRIVERS\btmaux.sys [?]
S3 btmhsf;btmhsf;C:\windows\system32\DRIVERS\btmhsf.sys --> C:\windows\system32\DRIVERS\btmhsf.sys [?]
S3 fspad_xp64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_xp64;C:\windows\system32\drivers\fspad_xp64.sys --> C:\windows\system32\drivers\fspad_xp64.sys [?]
S3 GT72NDISIPXP;GT 72 IP NDIS;C:\windows\system32\DRIVERS\Gt51Ip.sys --> C:\windows\system32\DRIVERS\Gt51Ip.sys [?]
S3 GT72UBUS;GT 72 U BUS;C:\windows\system32\DRIVERS\gt72ubus.sys --> C:\windows\system32\DRIVERS\gt72ubus.sys [?]
S3 iBtFltCoex;iBtFltCoex;C:\windows\system32\DRIVERS\iBtFltCoex.sys --> C:\windows\system32\DRIVERS\iBtFltCoex.sys [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\windows\system32\DRIVERS\ManyCam_x64.sys --> C:\windows\system32\DRIVERS\ManyCam_x64.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\system32\DRIVERS\netaapl64.sys --> C:\windows\system32\DRIVERS\netaapl64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUVStor.sys --> C:\windows\system32\Drivers\RtsUVStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USB_NDIS;RCA USB Digital Cable Modem Driver;C:\windows\system32\DRIVERS\NetRcaCmNTamd64.sys --> C:\windows\system32\DRIVERS\NetRcaCmNTamd64.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0150;RsFx0150 Driver;C:\windows\system32\DRIVERS\RsFx0150.sys --> C:\windows\system32\DRIVERS\RsFx0150.sys [?]
.
=============== Created Last 30 ================
.
2012-09-07 01:29:48 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{087DEFD2-D136-40EC-BEA7-BB434BBE2167}\offreg.dll
2012-09-06 20:31:12 -------- d-----w- C:\Users\Admin\AppData\Roaming\redsn0w
2012-09-06 19:59:57 -------- d-----w- C:\Users\Admin\AppData\Local\libimobiledevice
2012-09-06 19:59:19 2816000 ----a-w- C:\Program Files (x86)\Mozilla Firefox\absinthe-win-2.0.4\absinthe-win-2.0.4\absinthe.exe
2012-09-06 18:24:46 -------- d-----w- C:\Program Files\iPod
2012-09-06 18:24:45 -------- d-----w- C:\Program Files\iTunes
2012-09-06 18:24:45 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-06 18:23:09 -------- d-----w- C:\Program Files\Bonjour
2012-09-06 18:23:09 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-09-06 18:09:20 5466948 ----a-w- C:\Program Files (x86)\Mozilla Firefox\absinthe-win-2.0.4\absinthe-win-2.0.4.exe
2012-09-06 04:50:17 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{087DEFD2-D136-40EC-BEA7-BB434BBE2167}\mpengine.dll
2012-09-03 01:25:24 -------- d-----w- C:\Users\Admin\AppData\Local\NCSoft
2012-09-03 01:17:28 -------- d-----w- C:\Program Files (x86)\NCsoft
2012-09-03 01:16:50 -------- d-----w- C:\Users\Admin\AppData\Local\assembly
2012-09-03 01:15:28 -------- d-----w- C:\Users\Admin\AppData\Roaming\GetRightToGo
2012-08-29 15:27:53 90112 ----a-w- C:\windows\unvise32.exe
2012-08-24 00:33:48 -------- d-----w- C:\Users\Admin\AppData\Local\NBGI
2012-08-24 00:17:20 -------- d-----w- C:\windows\SysWow64\xlive
2012-08-24 00:17:15 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-08-15 00:28:45 68608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\JoyToKey_en\JoyToKey_en\VistaAPI.dll
2012-08-15 00:28:45 1570304 ----a-w- C:\Program Files (x86)\Mozilla Firefox\JoyToKey_en\JoyToKey_en\JoyToKey.exe
2012-08-15 00:27:31 -------- d-----w- C:\Program Files\Microsoft Xbox 360 Accessories
2012-08-12 02:29:36 -------- d-----w- C:\Users\Admin\AppData\Local\Western Digital
2012-08-12 02:03:01 -------- d-----w- C:\Program Files\WDCSAM
2012-08-11 23:44:50 -------- d-----w- C:\Users\Admin\AppData\Local\Macromedia
2012-08-11 23:44:15 696520 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-08-28 00:59:48 73416 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-06 02:06:30 772544 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06:20 687544 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-07-03 17:46:44 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
.
============= FINISH: 22:26:48.31 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:05 PM

Posted 07 September 2012 - 12:57 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 thatguy1066

thatguy1066
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 07 September 2012 - 04:03 PM

Alright, ran both SecurityCheck and ComboFix, here are the logs from both. Just two notes: I uninstalled Java last night, so if that was supposed to show up in either of these scans, just pointing out that it was present at the time of infection. And I understand you guys aren't too keen on torrent applications, so I uninstalled uTorrent when I realized I had forgotten to remove it. Sorry about that.

As for any problems, I can't say I've had any since the initial warning. The computer seems to be running just fine, I've done several full scans on both Malwarebytes and MSE, as well as TDSSkiller, and everything has come up clean ever since. However, from what I've read about sirefef, I'm not about to take any chances. I did notice one odd thing last night, and that was I was unable to update the database for MWB. Every time I tried, it froze and I had to end the process through the task manager. The database was only 12 days out of date, and I was able to update it just fine today, so I'm not sure if it was just an anomaly or if it was related to something malicious that has since been cleaned.

Results of screen317's Security Check version 0.99.50
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Adobe Flash Player 11.4.402.265
Mozilla Firefox 5.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
Microsoft Security Client Antimalware MsMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````


ComboFix 12-09-07.03 - Admin 7/2012 Fri 16:38:46.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.12265.7712 [GMT -4:00]
Running from: c:\users\Admin\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Admin\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-08-07 to 2012-09-07 )))))))))))))))))))))))))))))))
.
.
2012-09-07 18:49 . 2012-09-07 18:49 -------- d-----w- c:\program files (x86)\uTorrent
2012-09-07 15:57 . 2011-07-17 02:21 302592 ----a-w- c:\program files (x86)\Mozilla Firefox\gmer\gmer.exe
2012-09-07 15:30 . 2012-09-07 15:30 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85709220-3651-4B30-A346-FE0CAEA89111}\offreg.dll
2012-09-07 12:14 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85709220-3651-4B30-A346-FE0CAEA89111}\mpengine.dll
2012-09-06 22:24 . 2012-06-18 04:32 120972800 ----a-w- c:\program files (x86)\Mozilla Firefox\redsn0w_win_0.9.14b1\redsn0w_win_0.9.14b1\redsn0w.exe
2012-09-06 20:31 . 2012-09-06 23:45 -------- d-----w- c:\users\Admin\AppData\Roaming\redsn0w
2012-09-06 20:22 . 2012-03-08 05:26 25787392 ----a-w- c:\program files (x86)\Mozilla Firefox\redsn0w_win_0.9.10b6\redsn0w_win_0.9.10b6\redsn0w.exe
2012-09-06 19:59 . 2012-09-06 22:03 -------- d-----w- c:\users\Admin\AppData\Local\libimobiledevice
2012-09-06 19:59 . 2012-05-30 00:11 2816000 ----a-w- c:\program files (x86)\Mozilla Firefox\absinthe-win-2.0.4\absinthe-win-2.0.4\absinthe.exe
2012-09-06 18:24 . 2012-09-06 18:24 -------- d-----w- c:\program files\iPod
2012-09-06 18:24 . 2012-09-06 18:25 -------- d-----w- c:\program files\iTunes
2012-09-06 18:24 . 2012-09-06 18:25 -------- d-----w- c:\program files (x86)\iTunes
2012-09-06 18:23 . 2012-09-06 18:23 -------- d-----w- c:\program files\Bonjour
2012-09-06 18:23 . 2012-09-06 18:23 -------- d-----w- c:\program files (x86)\Bonjour
2012-09-06 18:09 . 2012-05-30 06:21 5466948 ----a-w- c:\program files (x86)\Mozilla Firefox\absinthe-win-2.0.4\absinthe-win-2.0.4.exe
2012-09-03 01:25 . 2012-09-03 01:25 -------- d-----w- c:\users\Admin\AppData\Local\NCSoft
2012-09-03 01:17 . 2012-09-03 01:17 -------- d-----w- c:\program files (x86)\NCsoft
2012-09-03 01:16 . 2012-09-07 20:43 -------- d-----w- c:\users\Admin\AppData\Local\assembly
2012-09-03 01:15 . 2012-09-03 01:16 -------- d-----w- c:\users\Admin\AppData\Roaming\GetRightToGo
2012-08-29 15:33 . 1995-02-03 06:30 10970 ----a-w- c:\program files (x86)\Mozilla Firefox\openxcom-v0.4-win64\data\SOUND\SNDSTART.EXE
2012-08-29 15:33 . 1995-01-18 07:35 7756 ----a-w- c:\program files (x86)\Mozilla Firefox\openxcom-v0.4-win64\data\SOUND\SNDEND.EXE
2012-08-29 15:27 . 2004-03-29 20:23 90112 ----a-w- c:\windows\unvise32.exe
2012-08-24 00:33 . 2012-08-24 00:33 -------- d-----w- c:\users\Admin\AppData\Local\NBGI
2012-08-24 00:17 . 2012-08-24 00:17 -------- d-----w- c:\windows\SysWow64\xlive
2012-08-24 00:17 . 2012-08-24 00:17 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-08-15 00:28 . 2012-06-02 11:45 1570304 ----a-w- c:\program files (x86)\Mozilla Firefox\JoyToKey_en\JoyToKey_en\JoyToKey.exe
2012-08-15 00:28 . 2012-04-15 02:20 68608 ----a-w- c:\program files (x86)\Mozilla Firefox\JoyToKey_en\JoyToKey_en\VistaAPI.dll
2012-08-15 00:27 . 2012-08-15 00:27 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2012-08-12 02:29 . 2012-08-12 02:29 -------- d-----w- c:\users\Admin\AppData\Local\Western Digital
2012-08-12 02:03 . 2012-08-12 02:03 -------- d-----w- c:\program files\DIFX
2012-08-12 02:03 . 2012-08-12 02:03 -------- d-----w- c:\program files\WDCSAM
2012-08-11 23:44 . 2012-08-11 23:44 -------- d-----w- c:\users\Admin\AppData\Local\Macromedia
2012-08-11 23:44 . 2012-08-28 00:59 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-11 23:44 . 2012-08-11 23:44 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 00:59 . 2011-07-09 17:04 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-23 08:26 . 2012-02-03 07:24 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-06 02:06 . 2012-08-05 20:09 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06 . 2011-07-09 15:38 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 17:46 . 2011-10-05 07:18 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Admin\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2010-11-05 2482176]
"Cinema ProII AP"="c:\program files (x86)\MSI\Cinema ProII\CinemaProII.exe" [2011-01-25 200192]
"Cinema ProII Controler"="c:\program files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe" [2010-06-25 1689600]
"NVIDIAOCAP"="c:\program files (x86)\MSI\NVIDIA Overclock Tool\NVIDIAOCAP.exe" [2010-10-20 83456]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-18 1351680]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"msi LED Manager"="c:\program files (x86)\msi\msi LED Manager\SLM.exe" [2010-07-29 2795008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GlobeTrotter Connect.lnk - c:\program files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2009-10-14 2849280]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 250568]
R3 ALSysIO;ALSysIO;c:\users\Admin\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-12-14 58128]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2010-12-14 274432]
R3 DIRECTIO;DIRECTIO;c:\bit_temp\DirectIo.sys [x]
R3 fspad_xp64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_xp64;c:\windows\system32\drivers\fspad_xp64.sys [2010-06-07 52224]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2009-06-11 130048]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2009-06-11 86528]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2010-12-14 59904]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
R3 MGHwCtrl;MGHwCtrl;c:\program files\msi\msi Software Install\MGHwCtrl.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USB_NDIS;RCA USB Digital Cable Modem Driver;c:\windows\system32\DRIVERS\NetRcaCmNTamd64.sys [2007-01-05 18560]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-05 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2006-10-17 52760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 GtDetectSc;GtDetectSc;c:\program files\Option\GlobeTrotter Connect\GtDetectSc.exe [2009-05-04 809984]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-07 8704]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 MSI Foundation Service;MSI Foundation Service;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-07-16 12800]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 UCManSvc;UCManSvc;c:\program files (x86)\SoftDenchi\UCManSvc.exe [2010-03-12 241808]
S3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;c:\windows\system32\drivers\fspad_wlh64.sys [2010-06-07 52224]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-19 56344]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-04-27 184968]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 760168]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 00:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-14 11777128]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-12-14 10222080]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com/?l=dis&o=102868&gct=hp
mStart Page = hxxp://msi.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\spmqlc8q.default\
FF - prefs.js: network.proxy.http - 204.188.215.42
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ISUSPM - c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
Wow6432Node-HKCU-Run-NCsoft - (no file)
Toolbar-Locked - (no file)
HKLM-Run-fspuip - c:\program files (x86)\FSP\fspuip.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-BattlEye for OA - c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-Lament for the Queen_is1 - c:\program files (x86)\Paradox Interactive\Victoria II A House Divided\Victoria II\unins000.exe
AddRemove-PunkBusterSvc - c:\program files (x86)\Origin Games\Battlefield 3\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\A*3*ホ0モ0]
"FormKeyword"=hex:
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\A*4*ホ0モ0]
"FormKeyword"=hex:
.
Completion time: 2012-09-07 16:46:09
ComboFix-quarantined-files.txt 2012-09-07 20:46
.
Pre-Run: 181,177,397,248 bytes free
Post-Run: 181,786,148,864 bytes free
.
- - End Of File - - 28C6145D1DA73F7BDE905623FC57F746

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:05 PM

Posted 07 September 2012 - 07:41 PM

Greetings thatguy1066

Right now things do look fine but I do want to double check also

I want to run TDSSKiller again and I want you to delete the older one and download it fresh

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 thatguy1066

thatguy1066
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 07 September 2012 - 08:33 PM

Ran both, here are the logs from them. No problems running either of them. Hoping for the best.

21:00:39.0212 7132 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:00:39.0634 7132 ============================================================
21:00:39.0634 7132 Current date / time: 2012/09/07 21:00:39.0634
21:00:39.0634 7132 SystemInfo:
21:00:39.0634 7132
21:00:39.0634 7132 OS Version: 6.1.7601 ServicePack: 1.0
21:00:39.0634 7132 Product type: Workstation
21:00:39.0634 7132 ComputerName: ADMIN-MSI
21:00:39.0635 7132 UserName: Admin
21:00:39.0635 7132 Windows directory: C:\windows
21:00:39.0635 7132 System windows directory: C:\windows
21:00:39.0635 7132 Running under WOW64
21:00:39.0635 7132 Processor architecture: Intel x64
21:00:39.0635 7132 Number of processors: 8
21:00:39.0635 7132 Page size: 0x1000
21:00:39.0635 7132 Boot type: Normal boot
21:00:39.0635 7132 ============================================================
21:00:40.0266 7132 Drive \Device\Harddisk0\DR0 - Size: 0xE8E1300000 (931.52 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:00:40.0278 7132 Drive \Device\Harddisk1\DR1 - Size: 0x2BA9F400000 (2794.49 Gb), SectorSize: 0x1000, Cylinders: 0xB21F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:00:40.0683 7132 ============================================================
21:00:40.0683 7132 \Device\Harddisk0\DR0:
21:00:40.0683 7132 MBR partitions:
21:00:40.0683 7132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13BB800, BlocksNum 0x451F7FE6
21:00:40.0683 7132 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x465B37E6, BlocksNum 0x2E15581A
21:00:40.0683 7132 \Device\Harddisk1\DR1:
21:00:40.0684 7132 MBR partitions:
21:00:40.0684 7132 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x100, BlocksNum 0x2BA9F300
21:00:40.0684 7132 ============================================================
21:00:40.0763 7132 C: <-> \Device\Harddisk0\DR0\Partition1
21:00:40.0788 7132 D: <-> \Device\Harddisk0\DR0\Partition2
21:00:40.0870 7132 F: <-> \Device\Harddisk1\DR1\Partition1
21:00:40.0870 7132 ============================================================
21:00:40.0870 7132 Initialize success
21:00:40.0870 7132 ============================================================
21:00:51.0485 6236 ============================================================
21:00:51.0485 6236 Scan started
21:00:51.0485 6236 Mode: Manual;
21:00:51.0485 6236 ============================================================
21:00:56.0117 6236 ================ Scan system memory ========================
21:00:56.0118 6236 System memory - ok
21:00:56.0118 6236 ================ Scan services =============================
21:00:56.0287 6236 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
21:00:56.0292 6236 1394ohci - ok
21:00:56.0320 6236 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
21:00:56.0327 6236 ACPI - ok
21:00:56.0351 6236 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
21:00:56.0353 6236 AcpiPmi - ok
21:00:56.0469 6236 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:00:56.0474 6236 AdobeFlashPlayerUpdateSvc - ok
21:00:56.0493 6236 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
21:00:56.0502 6236 adp94xx - ok
21:00:56.0518 6236 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
21:00:56.0525 6236 adpahci - ok
21:00:56.0537 6236 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
21:00:56.0541 6236 adpu320 - ok
21:00:56.0568 6236 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
21:00:56.0570 6236 AeLookupSvc - ok
21:00:56.0617 6236 [ D5B031C308A409A0A576BFF4CF083D30 ] AFD C:\windows\system32\drivers\afd.sys
21:00:56.0622 6236 AFD - ok
21:00:56.0672 6236 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
21:00:56.0679 6236 agp440 - ok
21:00:56.0708 6236 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
21:00:56.0711 6236 ALG - ok
21:00:56.0725 6236 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
21:00:56.0727 6236 aliide - ok
21:00:56.0783 6236 ALSysIO - ok
21:00:56.0795 6236 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
21:00:56.0797 6236 amdide - ok
21:00:56.0806 6236 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
21:00:56.0808 6236 AmdK8 - ok
21:00:56.0817 6236 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
21:00:56.0818 6236 AmdPPM - ok
21:00:56.0826 6236 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\windows\system32\drivers\amdsata.sys
21:00:56.0828 6236 amdsata - ok
21:00:56.0837 6236 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
21:00:56.0840 6236 amdsbs - ok
21:00:56.0850 6236 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\windows\system32\drivers\amdxata.sys
21:00:56.0851 6236 amdxata - ok
21:00:56.0860 6236 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
21:00:56.0860 6236 AppID - ok
21:00:56.0869 6236 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
21:00:56.0870 6236 AppIDSvc - ok
21:00:56.0883 6236 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
21:00:56.0886 6236 Appinfo - ok
21:00:56.0955 6236 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:00:56.0963 6236 Apple Mobile Device - ok
21:00:56.0979 6236 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
21:00:56.0981 6236 arc - ok
21:00:56.0992 6236 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
21:00:56.0995 6236 arcsas - ok
21:00:57.0086 6236 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:00:57.0089 6236 aspnet_state - ok
21:00:57.0098 6236 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
21:00:57.0100 6236 AsyncMac - ok
21:00:57.0137 6236 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
21:00:57.0146 6236 atapi - ok
21:00:57.0185 6236 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\windows\system32\DRIVERS\athrx.sys
21:00:57.0208 6236 athr - ok
21:00:57.0261 6236 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\windows\system32\DRIVERS\atksgt.sys
21:00:57.0267 6236 atksgt - ok
21:00:57.0311 6236 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
21:00:57.0335 6236 AudioEndpointBuilder - ok
21:00:57.0352 6236 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
21:00:57.0358 6236 AudioSrv - ok
21:00:57.0390 6236 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
21:00:57.0393 6236 AxInstSV - ok
21:00:57.0407 6236 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
21:00:57.0411 6236 b06bdrv - ok
21:00:57.0502 6236 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
21:00:57.0509 6236 b57nd60a - ok
21:00:57.0530 6236 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
21:00:57.0534 6236 BDESVC - ok
21:00:57.0540 6236 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
21:00:57.0541 6236 Beep - ok
21:00:57.0574 6236 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
21:00:57.0586 6236 BFE - ok
21:00:57.0619 6236 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
21:00:57.0677 6236 BITS - ok
21:00:57.0690 6236 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\drivers\blbdrive.sys
21:00:57.0693 6236 blbdrive - ok
21:00:57.0745 6236 [ C620C59D46F43BEECC556F65E801312B ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
21:00:57.0767 6236 Bluetooth Device Monitor - ok
21:00:57.0793 6236 [ 5E5EDCCEEA4FA3FDF3A907AC204B5828 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
21:00:57.0816 6236 Bluetooth Media Service - ok
21:00:57.0847 6236 [ 826E65C945738CBD64F89EAE4406687F ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
21:00:57.0855 6236 Bluetooth OBEX Service - ok
21:00:57.0951 6236 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:00:57.0958 6236 Bonjour Service - ok
21:00:57.0992 6236 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
21:00:58.0001 6236 bowser - ok
21:00:58.0018 6236 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
21:00:58.0020 6236 BrFiltLo - ok
21:00:58.0032 6236 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
21:00:58.0033 6236 BrFiltUp - ok
21:00:58.0078 6236 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
21:00:58.0082 6236 BridgeMP - ok
21:00:58.0102 6236 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll
21:00:58.0106 6236 Browser - ok
21:00:58.0114 6236 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
21:00:58.0127 6236 Brserid - ok
21:00:58.0133 6236 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
21:00:58.0134 6236 BrSerWdm - ok
21:00:58.0140 6236 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
21:00:58.0141 6236 BrUsbMdm - ok
21:00:58.0147 6236 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
21:00:58.0148 6236 BrUsbSer - ok
21:00:58.0155 6236 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\DRIVERS\BthEnum.sys
21:00:58.0156 6236 BthEnum - ok
21:00:58.0162 6236 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
21:00:58.0163 6236 BTHMODEM - ok
21:00:58.0167 6236 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
21:00:58.0168 6236 BthPan - ok
21:00:58.0202 6236 [ 0D25B6D300BA26A5F2C3B2A8E96B158B ] BTHPORT C:\windows\system32\Drivers\BTHport.sys
21:00:58.0207 6236 BTHPORT - ok
21:00:58.0220 6236 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
21:00:58.0222 6236 bthserv - ok
21:00:58.0225 6236 [ 1F9912F8EC5BFA53432E71E150636A8A ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys
21:00:58.0226 6236 BTHUSB - ok
21:00:58.0243 6236 [ 962BD3689E2C85F0BA97F3D7E7BA540B ] btmaux C:\windows\system32\DRIVERS\btmaux.sys
21:00:58.0245 6236 btmaux - ok
21:00:58.0265 6236 [ EC1220B647F0D995DA5CAD4153454779 ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys
21:00:58.0271 6236 btmhsf - ok
21:00:58.0284 6236 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
21:00:58.0292 6236 cdfs - ok
21:00:58.0306 6236 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
21:00:58.0309 6236 cdrom - ok
21:00:58.0327 6236 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
21:00:58.0329 6236 CertPropSvc - ok
21:00:58.0333 6236 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
21:00:58.0334 6236 circlass - ok
21:00:58.0353 6236 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
21:00:58.0356 6236 CLFS - ok
21:00:58.0395 6236 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:00:58.0396 6236 clr_optimization_v2.0.50727_32 - ok
21:00:58.0445 6236 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:00:58.0449 6236 clr_optimization_v2.0.50727_64 - ok
21:00:58.0495 6236 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:00:58.0500 6236 clr_optimization_v4.0.30319_32 - ok
21:00:58.0529 6236 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:00:58.0532 6236 clr_optimization_v4.0.30319_64 - ok
21:00:58.0538 6236 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\drivers\CmBatt.sys
21:00:58.0539 6236 CmBatt - ok
21:00:58.0544 6236 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
21:00:58.0546 6236 cmdide - ok
21:00:58.0590 6236 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\windows\system32\Drivers\cng.sys
21:00:58.0603 6236 CNG - ok
21:00:58.0625 6236 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
21:00:58.0627 6236 Compbatt - ok
21:00:58.0647 6236 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
21:00:58.0650 6236 CompositeBus - ok
21:00:58.0660 6236 COMSysApp - ok
21:00:58.0676 6236 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
21:00:58.0678 6236 crcdisk - ok
21:00:58.0699 6236 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\windows\system32\cryptsvc.dll
21:00:58.0703 6236 CryptSvc - ok
21:00:58.0807 6236 [ 344546D11D7E6D9F481E9D3ABC6E76CB ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:00:58.0826 6236 cvhsvc - ok
21:00:58.0865 6236 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
21:00:58.0874 6236 DcomLaunch - ok
21:00:58.0905 6236 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
21:00:58.0911 6236 defragsvc - ok
21:00:58.0926 6236 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
21:00:58.0930 6236 DfsC - ok
21:00:58.0955 6236 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
21:00:58.0960 6236 Dhcp - ok
21:00:58.0965 6236 DIRECTIO - ok
21:00:58.0978 6236 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
21:00:58.0980 6236 discache - ok
21:00:59.0012 6236 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
21:00:59.0015 6236 Disk - ok
21:00:59.0058 6236 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
21:00:59.0066 6236 Dnscache - ok
21:00:59.0083 6236 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
21:00:59.0090 6236 dot3svc - ok
21:00:59.0110 6236 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
21:00:59.0114 6236 DPS - ok
21:00:59.0141 6236 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
21:00:59.0149 6236 drmkaud - ok
21:00:59.0181 6236 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
21:00:59.0199 6236 DXGKrnl - ok
21:00:59.0225 6236 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
21:00:59.0232 6236 EapHost - ok
21:00:59.0314 6236 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
21:00:59.0352 6236 ebdrv - ok
21:00:59.0369 6236 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
21:00:59.0371 6236 EFS - ok
21:00:59.0424 6236 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
21:00:59.0441 6236 ehRecvr - ok
21:00:59.0458 6236 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
21:00:59.0462 6236 ehSched - ok
21:00:59.0484 6236 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
21:00:59.0504 6236 elxstor - ok
21:00:59.0518 6236 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
21:00:59.0519 6236 ErrDev - ok
21:00:59.0547 6236 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
21:00:59.0554 6236 EventSystem - ok
21:00:59.0577 6236 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
21:00:59.0579 6236 exfat - ok
21:00:59.0596 6236 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
21:00:59.0599 6236 fastfat - ok
21:00:59.0622 6236 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
21:00:59.0628 6236 Fax - ok
21:00:59.0639 6236 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
21:00:59.0640 6236 fdc - ok
21:00:59.0653 6236 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
21:00:59.0654 6236 fdPHost - ok
21:00:59.0663 6236 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
21:00:59.0665 6236 FDResPub - ok
21:00:59.0678 6236 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
21:00:59.0680 6236 FileInfo - ok
21:00:59.0692 6236 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
21:00:59.0693 6236 Filetrace - ok
21:00:59.0708 6236 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
21:00:59.0709 6236 flpydisk - ok
21:00:59.0723 6236 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
21:00:59.0726 6236 FltMgr - ok
21:00:59.0760 6236 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
21:00:59.0773 6236 FontCache - ok
21:00:59.0806 6236 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:00:59.0808 6236 FontCache3.0.0.0 - ok
21:00:59.0818 6236 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
21:00:59.0820 6236 FsDepends - ok
21:00:59.0862 6236 [ 10A54EF46B70CF9C86C72E65A23CDE74 ] fspad_wlh64 C:\windows\system32\drivers\fspad_wlh64.sys
21:00:59.0870 6236 fspad_wlh64 - ok
21:00:59.0896 6236 [ 10A54EF46B70CF9C86C72E65A23CDE74 ] fspad_xp64 C:\windows\system32\drivers\fspad_xp64.sys
21:00:59.0899 6236 fspad_xp64 - ok
21:00:59.0907 6236 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
21:00:59.0908 6236 Fs_Rec - ok
21:00:59.0925 6236 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
21:00:59.0928 6236 fvevol - ok
21:00:59.0939 6236 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
21:00:59.0941 6236 gagp30kx - ok
21:00:59.0984 6236 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
21:00:59.0988 6236 GEARAspiWDM - ok
21:01:00.0033 6236 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
21:01:00.0058 6236 gpsvc - ok
21:01:00.0109 6236 [ DD57207E4742300CE2727400B21D0230 ] GT72NDISIPXP C:\windows\system32\DRIVERS\Gt51Ip.sys
21:01:00.0114 6236 GT72NDISIPXP - ok
21:01:00.0157 6236 [ DDD79FDCC5DE474E23F94E95625C79AA ] GT72UBUS C:\windows\system32\DRIVERS\gt72ubus.sys
21:01:00.0165 6236 GT72UBUS - ok
21:01:00.0263 6236 [ 6D68DF200E0C7FE5DAB51F8F52DB35C1 ] GtDetectSc C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
21:01:00.0283 6236 GtDetectSc - ok
21:01:00.0325 6236 [ D1735D174FA4D42978BC0CF1EDCE85D5 ] GTPTSER C:\windows\system32\DRIVERS\gtptser.sys
21:01:00.0334 6236 GTPTSER - ok
21:01:00.0347 6236 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
21:01:00.0350 6236 hcw85cir - ok
21:01:00.0369 6236 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
21:01:00.0387 6236 HdAudAddService - ok
21:01:00.0408 6236 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
21:01:00.0413 6236 HDAudBus - ok
21:01:00.0420 6236 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
21:01:00.0422 6236 HidBatt - ok
21:01:00.0443 6236 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
21:01:00.0454 6236 HidBth - ok
21:01:00.0459 6236 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
21:01:00.0460 6236 HidIr - ok
21:01:00.0481 6236 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
21:01:00.0485 6236 hidserv - ok
21:01:00.0507 6236 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
21:01:00.0524 6236 HidUsb - ok
21:01:00.0584 6236 [ 08B58AD2BD4906E793783E4D78A680A0 ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
21:01:00.0592 6236 HiPatchService - ok
21:01:00.0644 6236 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
21:01:00.0649 6236 hkmsvc - ok
21:01:00.0670 6236 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
21:01:00.0677 6236 HomeGroupListener - ok
21:01:00.0696 6236 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
21:01:00.0702 6236 HomeGroupProvider - ok
21:01:00.0710 6236 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
21:01:00.0712 6236 HpSAMD - ok
21:01:00.0751 6236 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
21:01:00.0772 6236 HTTP - ok
21:01:00.0780 6236 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
21:01:00.0781 6236 hwpolicy - ok
21:01:00.0793 6236 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
21:01:00.0795 6236 i8042prt - ok
21:01:00.0813 6236 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\drivers\iaStor.sys
21:01:00.0817 6236 iaStor - ok
21:01:00.0853 6236 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
21:01:00.0855 6236 IAStorDataMgrSvc - ok
21:01:00.0876 6236 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\windows\system32\drivers\iaStorV.sys
21:01:00.0887 6236 iaStorV - ok
21:01:00.0908 6236 [ E44F0B4DC753C14930B8DC48BB7A1644 ] iBtFltCoex C:\windows\system32\DRIVERS\iBtFltCoex.sys
21:01:00.0911 6236 iBtFltCoex - ok
21:01:00.0982 6236 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
21:01:00.0986 6236 IDriverT - ok
21:01:01.0043 6236 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:01:01.0059 6236 idsvc - ok
21:01:01.0075 6236 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
21:01:01.0077 6236 iirsp - ok
21:01:01.0107 6236 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
21:01:01.0131 6236 IKEEXT - ok
21:01:01.0229 6236 [ B4563FDBCAE3D96D1AFF474A84965A63 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
21:01:01.0248 6236 IntcAzAudAddService - ok
21:01:01.0259 6236 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
21:01:01.0260 6236 intelide - ok
21:01:01.0269 6236 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
21:01:01.0271 6236 intelppm - ok
21:01:01.0293 6236 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
21:01:01.0299 6236 IPBusEnum - ok
21:01:01.0309 6236 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
21:01:01.0310 6236 IpFilterDriver - ok
21:01:01.0333 6236 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
21:01:01.0338 6236 iphlpsvc - ok
21:01:01.0341 6236 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
21:01:01.0342 6236 IPMIDRV - ok
21:01:01.0346 6236 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
21:01:01.0347 6236 IPNAT - ok
21:01:01.0398 6236 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:01:01.0413 6236 iPod Service - ok
21:01:01.0423 6236 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
21:01:01.0424 6236 IRENUM - ok
21:01:01.0436 6236 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
21:01:01.0436 6236 isapnp - ok
21:01:01.0440 6236 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
21:01:01.0443 6236 iScsiPrt - ok
21:01:01.0465 6236 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
21:01:01.0473 6236 kbdclass - ok
21:01:01.0476 6236 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
21:01:01.0477 6236 kbdhid - ok
21:01:01.0491 6236 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
21:01:01.0491 6236 KeyIso - ok
21:01:01.0502 6236 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
21:01:01.0504 6236 KSecDD - ok
21:01:01.0533 6236 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
21:01:01.0535 6236 KSecPkg - ok
21:01:01.0549 6236 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
21:01:01.0550 6236 ksthunk - ok
21:01:01.0572 6236 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
21:01:01.0576 6236 KtmRm - ok
21:01:01.0601 6236 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
21:01:01.0616 6236 LanmanServer - ok
21:01:01.0629 6236 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
21:01:01.0649 6236 LanmanWorkstation - ok
21:01:01.0706 6236 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\windows\system32\DRIVERS\lirsgt.sys
21:01:01.0714 6236 lirsgt - ok
21:01:01.0738 6236 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
21:01:01.0741 6236 lltdio - ok
21:01:01.0764 6236 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
21:01:01.0771 6236 lltdsvc - ok
21:01:01.0785 6236 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
21:01:01.0788 6236 lmhosts - ok
21:01:01.0799 6236 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
21:01:01.0801 6236 LSI_FC - ok
21:01:01.0804 6236 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
21:01:01.0805 6236 LSI_SAS - ok
21:01:01.0808 6236 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
21:01:01.0809 6236 LSI_SAS2 - ok
21:01:01.0827 6236 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
21:01:01.0829 6236 LSI_SCSI - ok
21:01:01.0842 6236 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
21:01:01.0844 6236 luafv - ok
21:01:01.0889 6236 [ D33E2B74CF8B3A652BF0A9FBD068E87A ] ManyCam C:\windows\system32\DRIVERS\ManyCam_x64.sys
21:01:01.0897 6236 ManyCam - ok
21:01:01.0925 6236 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\windows\system32\drivers\MBfilt64.sys
21:01:01.0927 6236 MBfilt - ok
21:01:01.0942 6236 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
21:01:01.0946 6236 Mcx2Svc - ok
21:01:01.0951 6236 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
21:01:01.0953 6236 megasas - ok
21:01:01.0971 6236 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
21:01:01.0976 6236 MegaSR - ok
21:01:01.0991 6236 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\drivers\HECIx64.sys
21:01:01.0993 6236 MEIx64 - ok
21:01:02.0018 6236 MGHwCtrl - ok
21:01:02.0057 6236 [ 71C6748EE8DE938532057EF10B4B7E44 ] Micro Star SCM C:\Program Files (x86)\System Control Manager\MSIService.exe
21:01:02.0060 6236 Micro Star SCM - ok
21:01:02.0076 6236 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
21:01:02.0079 6236 MMCSS - ok
21:01:02.0084 6236 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
21:01:02.0085 6236 Modem - ok
21:01:02.0091 6236 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
21:01:02.0107 6236 monitor - ok
21:01:02.0121 6236 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
21:01:02.0124 6236 mouclass - ok
21:01:02.0136 6236 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
21:01:02.0156 6236 mouhid - ok
21:01:02.0179 6236 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
21:01:02.0181 6236 mountmgr - ok
21:01:02.0226 6236 [ C177A7EBF5E8A0B596F618870516CAB8 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
21:01:02.0231 6236 MpFilter - ok
21:01:02.0253 6236 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
21:01:02.0258 6236 mpio - ok
21:01:02.0300 6236 [ 8FBF6B31FE8AF1833D93C5913D5B4D55 ] MpNWMon C:\windows\system32\DRIVERS\MpNWMon.sys
21:01:02.0303 6236 MpNWMon - ok
21:01:02.0310 6236 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
21:01:02.0314 6236 mpsdrv - ok
21:01:02.0343 6236 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
21:01:02.0367 6236 MpsSvc - ok
21:01:02.0374 6236 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
21:01:02.0377 6236 MRxDAV - ok
21:01:02.0418 6236 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
21:01:02.0426 6236 mrxsmb - ok
21:01:02.0475 6236 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
21:01:02.0482 6236 mrxsmb10 - ok
21:01:02.0499 6236 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
21:01:02.0503 6236 mrxsmb20 - ok
21:01:02.0518 6236 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
21:01:02.0519 6236 msahci - ok
21:01:02.0579 6236 [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
21:01:02.0583 6236 MSCSPTISRV - ok
21:01:02.0595 6236 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
21:01:02.0599 6236 msdsm - ok
21:01:02.0623 6236 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
21:01:02.0628 6236 MSDTC - ok
21:01:02.0656 6236 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
21:01:02.0658 6236 Msfs - ok
21:01:02.0672 6236 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
21:01:02.0673 6236 mshidkmdf - ok
21:01:02.0715 6236 [ 87B9DAF6D123EC06C19B41D5295441AD ] MSI Foundation Service C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
21:01:02.0716 6236 MSI Foundation Service - ok
21:01:02.0728 6236 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
21:01:02.0729 6236 msisadrv - ok
21:01:02.0756 6236 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
21:01:02.0760 6236 MSiSCSI - ok
21:01:02.0766 6236 msiserver - ok
21:01:02.0789 6236 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
21:01:02.0790 6236 MSKSSRV - ok
21:01:02.0844 6236 [ 157E9E498206A3366BAA7E4697BDD947 ] MsMpSvc c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
21:01:02.0844 6236 MsMpSvc - ok
21:01:02.0864 6236 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
21:01:02.0872 6236 MSPCLOCK - ok
21:01:02.0888 6236 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
21:01:02.0890 6236 MSPQM - ok
21:01:02.0913 6236 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
21:01:02.0921 6236 MsRPC - ok
21:01:02.0939 6236 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
21:01:02.0941 6236 mssmbios - ok
21:01:03.0002 6236 MSSQL$SQLEXPRESS - ok
21:01:03.0092 6236 [ 04EF36EAF5C4DBCE424D81B76F1E9231 ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
21:01:03.0104 6236 MSSQLServerADHelper100 - ok
21:01:03.0125 6236 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
21:01:03.0134 6236 MSTEE - ok
21:01:03.0149 6236 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
21:01:03.0151 6236 MTConfig - ok
21:01:03.0180 6236 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
21:01:03.0183 6236 Mup - ok
21:01:03.0217 6236 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
21:01:03.0230 6236 napagent - ok
21:01:03.0258 6236 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
21:01:03.0265 6236 NativeWifiP - ok
21:01:03.0303 6236 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\windows\system32\drivers\ndis.sys
21:01:03.0317 6236 NDIS - ok
21:01:03.0325 6236 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
21:01:03.0326 6236 NdisCap - ok
21:01:03.0344 6236 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
21:01:03.0345 6236 NdisTapi - ok
21:01:03.0361 6236 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
21:01:03.0363 6236 Ndisuio - ok
21:01:03.0378 6236 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
21:01:03.0380 6236 NdisWan - ok
21:01:03.0392 6236 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
21:01:03.0394 6236 NDProxy - ok
21:01:03.0436 6236 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\windows\system32\DRIVERS\netaapl64.sys
21:01:03.0438 6236 Netaapl - ok
21:01:03.0452 6236 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
21:01:03.0454 6236 NetBIOS - ok
21:01:03.0471 6236 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
21:01:03.0481 6236 NetBT - ok
21:01:03.0486 6236 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
21:01:03.0487 6236 Netlogon - ok
21:01:03.0526 6236 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
21:01:03.0531 6236 Netman - ok
21:01:03.0560 6236 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:01:03.0564 6236 NetMsmqActivator - ok
21:01:03.0569 6236 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:01:03.0570 6236 NetPipeActivator - ok
21:01:03.0590 6236 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
21:01:03.0596 6236 netprofm - ok
21:01:03.0601 6236 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:01:03.0603 6236 NetTcpActivator - ok
21:01:03.0608 6236 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:01:03.0610 6236 NetTcpPortSharing - ok
21:01:03.0745 6236 [ B9C587BDAA61A689883439D5AE6FE7F3 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
21:01:03.0846 6236 NETwNs64 - ok
21:01:03.0863 6236 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
21:01:03.0864 6236 nfrd960 - ok
21:01:03.0877 6236 [ 5F7D72CBCDD025AF1F38FDEEE5646968 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
21:01:03.0880 6236 NisDrv - ok
21:01:03.0895 6236 [ 566DDD5D82520DA01D75F81428AC4C38 ] NisSrv c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
21:01:03.0898 6236 NisSrv - ok
21:01:03.0934 6236 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
21:01:03.0943 6236 NlaSvc - ok
21:01:03.0960 6236 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
21:01:03.0962 6236 Npfs - ok
21:01:03.0969 6236 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
21:01:03.0971 6236 nsi - ok
21:01:03.0982 6236 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
21:01:03.0983 6236 nsiproxy - ok
21:01:04.0023 6236 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\windows\system32\drivers\Ntfs.sys
21:01:04.0040 6236 Ntfs - ok
21:01:04.0054 6236 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
21:01:04.0055 6236 Null - ok
21:01:04.0094 6236 [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub C:\windows\system32\drivers\nusb3hub.sys
21:01:04.0097 6236 nusb3hub - ok
21:01:04.0124 6236 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\windows\system32\drivers\nusb3xhc.sys
21:01:04.0129 6236 nusb3xhc - ok
21:01:04.0183 6236 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\windows\system32\drivers\nvhda64v.sys
21:01:04.0191 6236 NVHDA - ok
21:01:04.0439 6236 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
21:01:04.0578 6236 nvlddmkm - ok
21:01:04.0607 6236 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\windows\system32\drivers\nvraid.sys
21:01:04.0609 6236 nvraid - ok
21:01:04.0613 6236 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\windows\system32\drivers\nvstor.sys
21:01:04.0614 6236 nvstor - ok
21:01:04.0656 6236 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] NVSvc C:\windows\system32\nvvsvc.exe
21:01:04.0680 6236 NVSvc - ok
21:01:04.0765 6236 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:01:04.0782 6236 nvUpdatusService - ok
21:01:04.0790 6236 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
21:01:04.0793 6236 nv_agp - ok
21:01:04.0798 6236 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
21:01:04.0799 6236 ohci1394 - ok
21:01:04.0893 6236 [ 447D71FFCEFAD01D6787422A6286A182 ] OpenVPNService C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
21:01:04.0896 6236 OpenVPNService - ok
21:01:04.0957 6236 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:01:04.0970 6236 ose - ok
21:01:05.0101 6236 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:01:05.0147 6236 osppsvc - ok
21:01:05.0177 6236 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
21:01:05.0181 6236 p2pimsvc - ok
21:01:05.0203 6236 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
21:01:05.0207 6236 p2psvc - ok
21:01:05.0255 6236 [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
21:01:05.0269 6236 PACSPTISVR - ok
21:01:05.0278 6236 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
21:01:05.0280 6236 Parport - ok
21:01:05.0302 6236 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\windows\system32\drivers\partmgr.sys
21:01:05.0304 6236 partmgr - ok
21:01:05.0321 6236 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
21:01:05.0326 6236 PcaSvc - ok
21:01:05.0347 6236 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
21:01:05.0350 6236 pci - ok
21:01:05.0354 6236 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
21:01:05.0355 6236 pciide - ok
21:01:05.0361 6236 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
21:01:05.0364 6236 pcmcia - ok
21:01:05.0374 6236 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
21:01:05.0376 6236 pcw - ok
21:01:05.0393 6236 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
21:01:05.0398 6236 PEAUTH - ok
21:01:05.0476 6236 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
21:01:05.0480 6236 PerfHost - ok
21:01:05.0540 6236 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
21:01:05.0562 6236 pla - ok
21:01:05.0620 6236 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
21:01:05.0635 6236 PlugPlay - ok
21:01:05.0655 6236 PnkBstrA - ok
21:01:05.0674 6236 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
21:01:05.0683 6236 PNRPAutoReg - ok
21:01:05.0708 6236 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
21:01:05.0714 6236 PNRPsvc - ok
21:01:05.0745 6236 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
21:01:05.0757 6236 PolicyAgent - ok
21:01:05.0786 6236 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
21:01:05.0792 6236 Power - ok
21:01:05.0805 6236 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
21:01:05.0809 6236 PptpMiniport - ok
21:01:05.0825 6236 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
21:01:05.0832 6236 Processor - ok
21:01:05.0851 6236 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\windows\system32\profsvc.dll
21:01:05.0859 6236 ProfSvc - ok
21:01:05.0875 6236 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
21:01:05.0877 6236 ProtectedStorage - ok
21:01:05.0905 6236 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
21:01:05.0908 6236 Psched - ok
21:01:05.0950 6236 [ 5D6C8E778F0218FCD2CCA0EFBC9766CA ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
21:01:05.0958 6236 PxHlpa64 - ok
21:01:06.0015 6236 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
21:01:06.0033 6236 ql2300 - ok
21:01:06.0060 6236 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
21:01:06.0061 6236 ql40xx - ok
21:01:06.0077 6236 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
21:01:06.0082 6236 QWAVE - ok
21:01:06.0095 6236 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
21:01:06.0096 6236 QWAVEdrv - ok
21:01:06.0099 6236 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
21:01:06.0100 6236 RasAcd - ok
21:01:06.0120 6236 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
21:01:06.0122 6236 RasAgileVpn - ok
21:01:06.0136 6236 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
21:01:06.0139 6236 RasAuto - ok
21:01:06.0149 6236 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
21:01:06.0152 6236 Rasl2tp - ok
21:01:06.0180 6236 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
21:01:06.0185 6236 RasMan - ok
21:01:06.0195 6236 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
21:01:06.0196 6236 RasPppoe - ok
21:01:06.0212 6236 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
21:01:06.0215 6236 RasSstp - ok
21:01:06.0231 6236 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
21:01:06.0235 6236 rdbss - ok
21:01:06.0239 6236 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
21:01:06.0240 6236 rdpbus - ok
21:01:06.0260 6236 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
21:01:06.0261 6236 RDPCDD - ok
21:01:06.0273 6236 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
21:01:06.0274 6236 RDPENCDD - ok
21:01:06.0280 6236 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
21:01:06.0281 6236 RDPREFMP - ok
21:01:06.0287 6236 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
21:01:06.0290 6236 RDPWD - ok
21:01:06.0322 6236 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
21:01:06.0325 6236 rdyboost - ok
21:01:06.0345 6236 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
21:01:06.0351 6236 RemoteAccess - ok
21:01:06.0367 6236 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
21:01:06.0374 6236 RemoteRegistry - ok
21:01:06.0397 6236 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
21:01:06.0401 6236 RFCOMM - ok
21:01:06.0417 6236 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
21:01:06.0421 6236 RpcEptMapper - ok
21:01:06.0447 6236 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
21:01:06.0456 6236 RpcLocator - ok
21:01:06.0478 6236 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
21:01:06.0485 6236 RpcSs - ok
21:01:06.0525 6236 [ EB1C539E621A35A49F7692B0EB565AB9 ] RsFx0150 C:\windows\system32\DRIVERS\RsFx0150.sys
21:01:06.0530 6236 RsFx0150 - ok
21:01:06.0542 6236 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
21:01:06.0544 6236 rspndr - ok
21:01:06.0591 6236 [ E57FAC2CDB73F06586ED2ED310B80932 ] RSUSBVSTOR C:\windows\System32\Drivers\RtsUVStor.sys
21:01:06.0597 6236 RSUSBVSTOR - ok
21:01:06.0637 6236 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
21:01:06.0644 6236 RTL8167 - ok
21:01:06.0650 6236 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
21:01:06.0653 6236 SamSs - ok
21:01:06.0669 6236 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
21:01:06.0677 6236 sbp2port - ok
21:01:06.0697 6236 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
21:01:06.0702 6236 SCardSvr - ok
21:01:06.0715 6236 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
21:01:06.0717 6236 scfilter - ok
21:01:06.0751 6236 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
21:01:06.0769 6236 Schedule - ok
21:01:06.0785 6236 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
21:01:06.0786 6236 SCPolicySvc - ok
21:01:06.0802 6236 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
21:01:06.0805 6236 SDRSVC - ok
21:01:06.0813 6236 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
21:01:06.0814 6236 secdrv - ok
21:01:06.0825 6236 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
21:01:06.0827 6236 seclogon - ok
21:01:06.0839 6236 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
21:01:06.0842 6236 SENS - ok
21:01:06.0853 6236 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
21:01:06.0855 6236 SensrSvc - ok
21:01:06.0858 6236 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
21:01:06.0859 6236 Serenum - ok
21:01:06.0862 6236 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
21:01:06.0864 6236 Serial - ok
21:01:06.0879 6236 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
21:01:06.0881 6236 sermouse - ok
21:01:06.0902 6236 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
21:01:06.0903 6236 SessionEnv - ok
21:01:06.0913 6236 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
21:01:06.0914 6236 sffdisk - ok
21:01:06.0917 6236 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
21:01:06.0917 6236 sffp_mmc - ok
21:01:06.0920 6236 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
21:01:06.0921 6236 sffp_sd - ok
21:01:06.0924 6236 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
21:01:06.0924 6236 sfloppy - ok
21:01:06.0997 6236 [ A40ABFDCB75F835FDF3CE0CC64E4250D ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
21:01:07.0016 6236 Sftfs - ok
21:01:07.0084 6236 [ 08D2B597CC4E26FDE43BE9F104476F65 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:01:07.0098 6236 sftlist - ok
21:01:07.0144 6236 [ 411769ED1CB12D2B44217734347BDB7A ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
21:01:07.0159 6236 Sftplay - ok
21:01:07.0196 6236 [ A14D0DF34BBB00EA94DA16193D0C7957 ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
21:01:07.0198 6236 Sftredir - ok
21:01:07.0209 6236 [ 393B22ADDD89979EB1C60898F51C3648 ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
21:01:07.0211 6236 Sftvol - ok
21:01:07.0253 6236 [ 0EC561D71A733814CFF37712CDEE2A74 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:01:07.0262 6236 sftvsa - ok
21:01:07.0308 6236 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
21:01:07.0315 6236 SharedAccess - ok
21:01:07.0339 6236 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
21:01:07.0347 6236 ShellHWDetection - ok
21:01:07.0352 6236 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
21:01:07.0354 6236 SiSRaid2 - ok
21:01:07.0360 6236 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
21:01:07.0362 6236 SiSRaid4 - ok
21:01:07.0377 6236 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
21:01:07.0380 6236 Smb - ok
21:01:07.0412 6236 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
21:01:07.0415 6236 SNMPTRAP - ok
21:01:07.0453 6236 [ 977AAA4398D7D6FA65D973F5B3F54E40 ] SonicStage Back-End Service C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe
21:01:07.0462 6236 SonicStage Back-End Service - ok
21:01:07.0481 6236 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
21:01:07.0490 6236 spldr - ok
21:01:07.0511 6236 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe
21:01:07.0527 6236 Spooler - ok
21:01:07.0621 6236 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
21:01:07.0656 6236 sppsvc - ok
21:01:07.0668 6236 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
21:01:07.0670 6236 sppuinotify - ok
21:01:07.0703 6236 [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
21:01:07.0704 6236 SPTISRV - ok
21:01:07.0803 6236 [ BEA7FEA5BB31EB58D78971F821AE6844 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
21:01:07.0817 6236 SQLAgent$SQLEXPRESS - ok
21:01:07.0872 6236 [ 7D67C07C63796775CC5492BCFEAFF125 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:01:07.0887 6236 SQLBrowser - ok
21:01:07.0916 6236 [ F98DDFBFE0EE66D4C4B00693512B9527 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:01:07.0919 6236 SQLWriter - ok
21:01:07.0962 6236 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
21:01:07.0975 6236 srv - ok
21:01:07.0997 6236 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
21:01:08.0001 6236 srv2 - ok
21:01:08.0042 6236 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
21:01:08.0050 6236 srvnet - ok
21:01:08.0078 6236 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
21:01:08.0085 6236 SSDPSRV - ok
21:01:08.0123 6236 [ 756E371B3B86A3D3039926D32EAC0E8D ] SSScsiSV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe
21:01:08.0126 6236 SSScsiSV - ok
21:01:08.0142 6236 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
21:01:08.0150 6236 SstpSvc - ok
21:01:08.0166 6236 Steam Client Service - ok
21:01:08.0182 6236 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
21:01:08.0185 6236 stexstor - ok
21:01:08.0225 6236 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
21:01:08.0244 6236 stisvc - ok
21:01:08.0259 6236 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
21:01:08.0261 6236 swenum - ok
21:01:08.0289 6236 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
21:01:08.0305 6236 swprv - ok
21:01:08.0345 6236 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
21:01:08.0387 6236 SysMain - ok
21:01:08.0401 6236 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
21:01:08.0403 6236 TabletInputService - ok
21:01:08.0433 6236 [ 3B73C849B41FB20D77B0E553214061A5 ] tap0901 C:\windows\system32\DRIVERS\tap0901.sys
21:01:08.0435 6236 tap0901 - ok
21:01:08.0450 6236 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
21:01:08.0454 6236 TapiSrv - ok
21:01:08.0464 6236 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
21:01:08.0466 6236 TBS - ok
21:01:08.0548 6236 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\windows\system32\drivers\tcpip.sys
21:01:08.0582 6236 Tcpip - ok
21:01:08.0603 6236 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
21:01:08.0613 6236 TCPIP6 - ok
21:01:08.0623 6236 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
21:01:08.0623 6236 tcpipreg - ok
21:01:08.0628 6236 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
21:01:08.0629 6236 TDPIPE - ok
21:01:08.0634 6236 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
21:01:08.0643 6236 TDTCP - ok
21:01:08.0655 6236 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
21:01:08.0657 6236 tdx - ok
21:01:08.0663 6236 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
21:01:08.0666 6236 TermDD - ok
21:01:08.0686 6236 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
21:01:08.0691 6236 TermService - ok
21:01:08.0700 6236 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
21:01:08.0702 6236 Themes - ok
21:01:08.0718 6236 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
21:01:08.0719 6236 THREADORDER - ok
21:01:08.0732 6236 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
21:01:08.0735 6236 TrkWks - ok
21:01:08.0775 6236 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
21:01:08.0780 6236 TrustedInstaller - ok
21:01:08.0802 6236 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
21:01:08.0805 6236 tssecsrv - ok
21:01:08.0821 6236 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
21:01:08.0824 6236 TsUsbFlt - ok
21:01:08.0834 6236 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
21:01:08.0836 6236 TsUsbGD - ok
21:01:08.0863 6236 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
21:01:08.0867 6236 tunnel - ok
21:01:08.0881 6236 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
21:01:08.0883 6236 uagp35 - ok
21:01:08.0944 6236 [ F7DF6654663AD07DAB615A7AF513D90C ] UCManSvc C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
21:01:08.0950 6236 UCManSvc - ok
21:01:08.0975 6236 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
21:01:08.0981 6236 udfs - ok
21:01:08.0998 6236 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
21:01:09.0002 6236 UI0Detect - ok
21:01:09.0018 6236 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
21:01:09.0020 6236 uliagpkx - ok
21:01:09.0038 6236 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
21:01:09.0040 6236 umbus - ok
21:01:09.0058 6236 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
21:01:09.0060 6236 UmPass - ok
21:01:09.0090 6236 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
21:01:09.0097 6236 upnphost - ok
21:01:09.0135 6236 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
21:01:09.0138 6236 USBAAPL64 - ok
21:01:09.0145 6236 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
21:01:09.0160 6236 usbccgp - ok
21:01:09.0165 6236 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
21:01:09.0167 6236 usbcir - ok
21:01:09.0175 6236 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\windows\system32\drivers\usbehci.sys
21:01:09.0177 6236 usbehci - ok
21:01:09.0190 6236 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\windows\system32\drivers\usbhub.sys
21:01:09.0194 6236 usbhub - ok
21:01:09.0206 6236 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\windows\system32\drivers\usbohci.sys
21:01:09.0207 6236 usbohci - ok
21:01:09.0217 6236 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
21:01:09.0218 6236 usbprint - ok
21:01:09.0247 6236 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
21:01:09.0248 6236 usbscan - ok
21:01:09.0267 6236 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
21:01:09.0306 6236 USBSTOR - ok
21:01:09.0314 6236 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\windows\system32\drivers\usbuhci.sys
21:01:09.0316 6236 usbuhci - ok
21:01:09.0359 6236 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
21:01:09.0364 6236 usbvideo - ok
21:01:09.0402 6236 [ 0D0D009E35635F4E500E50B9EC6530F5 ] USB_NDIS C:\windows\system32\DRIVERS\NetRcaCmNTamd64.sys
21:01:09.0411 6236 USB_NDIS - ok
21:01:09.0424 6236 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
21:01:09.0427 6236 UxSms - ok
21:01:09.0431 6236 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
21:01:09.0433 6236 VaultSvc - ok
21:01:09.0444 6236 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
21:01:09.0446 6236 vdrvroot - ok
21:01:09.0465 6236 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
21:01:09.0479 6236 vds - ok
21:01:09.0484 6236 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
21:01:09.0485 6236 vga - ok
21:01:09.0499 6236 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
21:01:09.0501 6236 VgaSave - ok
21:01:09.0507 6236 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
21:01:09.0511 6236 vhdmp - ok
21:01:09.0515 6236 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
21:01:09.0516 6236 viaide - ok
21:01:09.0531 6236 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
21:01:09.0533 6236 volmgr - ok
21:01:09.0550 6236 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
21:01:09.0556 6236 volmgrx - ok
21:01:09.0564 6236 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
21:01:09.0568 6236 volsnap - ok
21:01:09.0574 6236 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
21:01:09.0576 6236 vsmraid - ok
21:01:09.0624 6236 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
21:01:09.0644 6236 VSS - ok
21:01:09.0656 6236 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
21:01:09.0657 6236 vwifibus - ok
21:01:09.0667 6236 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
21:01:09.0669 6236 vwififlt - ok
21:01:09.0687 6236 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
21:01:09.0695 6236 W32Time - ok
21:01:09.0701 6236 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
21:01:09.0702 6236 WacomPen - ok
21:01:09.0716 6236 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
21:01:09.0718 6236 WANARP - ok
21:01:09.0722 6236 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
21:01:09.0723 6236 Wanarpv6 - ok
21:01:09.0796 6236 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
21:01:09.0823 6236 WatAdminSvc - ok
21:01:09.0865 6236 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
21:01:09.0887 6236 wbengine - ok
21:01:09.0906 6236 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
21:01:09.0909 6236 WbioSrvc - ok
21:01:09.0925 6236 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
21:01:09.0929 6236 wcncsvc - ok
21:01:09.0936 6236 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
21:01:09.0938 6236 WcsPlugInService - ok
21:01:09.0949 6236 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
21:01:09.0951 6236 Wd - ok
21:01:09.0982 6236 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\windows\system32\DRIVERS\wdcsam64.sys
21:01:10.0004 6236 WDC_SAM - ok
21:01:10.0037 6236 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
21:01:10.0047 6236 Wdf01000 - ok
21:01:10.0063 6236 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
21:01:10.0067 6236 WdiServiceHost - ok
21:01:10.0071 6236 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
21:01:10.0074 6236 WdiSystemHost - ok
21:01:10.0093 6236 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
21:01:10.0099 6236 WebClient - ok
21:01:10.0113 6236 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
21:01:10.0120 6236 Wecsvc - ok
21:01:10.0134 6236 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
21:01:10.0138 6236 wercplsupport - ok
21:01:10.0148 6236 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
21:01:10.0153 6236 WerSvc - ok
21:01:10.0167 6236 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
21:01:10.0168 6236 WfpLwf - ok
21:01:10.0182 6236 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
21:01:10.0183 6236 WIMMount - ok
21:01:10.0206 6236 WinDefend - ok
21:01:10.0214 6236 WinHttpAutoProxySvc - ok
21:01:10.0262 6236 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
21:01:10.0269 6236 Winmgmt - ok
21:01:10.0317 6236 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
21:01:10.0363 6236 WinRM - ok
21:01:10.0390 6236 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
21:01:10.0392 6236 WinUsb - ok
21:01:10.0425 6236 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
21:01:10.0459 6236 Wlansvc - ok
21:01:10.0502 6236 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:01:10.0508 6236 wlcrasvc - ok
21:01:10.0615 6236 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:01:10.0634 6236 wlidsvc - ok
21:01:10.0650 6236 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
21:01:10.0652 6236 WmiAcpi - ok
21:01:10.0672 6236 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
21:01:10.0674 6236 wmiApSrv - ok
21:01:10.0687 6236 WMPNetworkSvc - ok
21:01:10.0692 6236 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
21:01:10.0694 6236 WPCSvc - ok
21:01:10.0703 6236 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
21:01:10.0706 6236 WPDBusEnum - ok
21:01:10.0717 6236 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
21:01:10.0718 6236 ws2ifsl - ok
21:01:10.0729 6236 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
21:01:10.0732 6236 wscsvc - ok
21:01:10.0734 6236 WSearch - ok
21:01:10.0791 6236 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\windows\system32\wuaueng.dll
21:01:10.0811 6236 wuauserv - ok
21:01:10.0823 6236 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
21:01:10.0825 6236 WudfPf - ok
21:01:10.0849 6236 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
21:01:10.0858 6236 WUDFRd - ok
21:01:10.0877 6236 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
21:01:10.0885 6236 wudfsvc - ok
21:01:10.0905 6236 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
21:01:10.0911 6236 WwanSvc - ok
21:01:10.0953 6236 [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21 C:\windows\system32\DRIVERS\xusb21.sys
21:01:10.0955 6236 xusb21 - ok
21:01:11.0001 6236 ================ Scan global ===============================
21:01:11.0022 6236 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
21:01:11.0058 6236 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
21:01:11.0063 6236 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
21:01:11.0075 6236 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
21:01:11.0085 6236 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
21:01:11.0089 6236 [Global] - ok
21:01:11.0089 6236 ================ Scan MBR ==================================
21:01:11.0100 6236 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:01:11.0260 6236 \Device\Harddisk0\DR0 - ok
21:01:11.0679 6236 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
21:01:11.0698 6236 \Device\Harddisk1\DR1 - ok
21:01:11.0699 6236 ================ Scan VBR ==================================
21:01:11.0725 6236 [ 986AE84023515514B9820808E3914F4A ] \Device\Harddisk0\DR0\Partition1
21:01:11.0729 6236 \Device\Harddisk0\DR0\Partition1 - ok
21:01:11.0754 6236 [ 9701A4A7ABB8635ED24043075FCC0D8D ] \Device\Harddisk0\DR0\Partition2
21:01:11.0757 6236 \Device\Harddisk0\DR0\Partition2 - ok
21:01:11.0766 6236 [ 56A94F02C80039E90636552A3370E776 ] \Device\Harddisk1\DR1\Partition1
21:01:11.0770 6236 \Device\Harddisk1\DR1\Partition1 - ok
21:01:11.0771 6236 ============================================================
21:01:11.0771 6236 Scan finished
21:01:11.0771 6236 ============================================================
21:01:11.0788 1160 Detected object count: 0
21:01:11.0788 1160 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-07 21:03:25
-----------------------------
21:03:25.394 OS Version: Windows x64 6.1.7601 Service Pack 1
21:03:25.394 Number of processors: 8 586 0x2A07
21:03:25.396 ComputerName: ADMIN-MSI UserName: Admin
21:03:25.958 Initialize success
21:04:13.455 AVAST engine defs: 12090701
21:04:28.495 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:04:28.501 Disk 0 Vendor: Intel___ 1.0. Size: 953875MB BusType: 8
21:04:28.517 Disk 0 MBR read successfully
21:04:28.522 Disk 0 MBR scan
21:04:28.612 Disk 0 Windows 7 default MBR code
21:04:28.615 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10002 MB offset 2048
21:04:28.641 Disk 0 Partition 2 80 (A) 27 Hidden NTFS WinRE NTFS 100 MB offset 20486144
21:04:28.663 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 566255 MB offset 20690944
21:04:28.703 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 377515 MB offset 1180383206
21:04:28.764 Disk 0 scanning C:\windows\system32\drivers
21:04:40.292 Service scanning
21:05:06.680 Modules scanning
21:05:06.700 Disk 0 trace - called modules:
21:05:06.724 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:05:06.730 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a7d8790]
21:05:06.736 3 CLASSPNP.SYS[fffff88001d6843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800a192050]
21:05:07.598 AVAST engine scan C:\windows
21:05:11.908 AVAST engine scan C:\windows\system32
21:10:01.780 AVAST engine scan C:\windows\system32\drivers
21:10:24.094 AVAST engine scan C:\Users\Admin
21:28:06.656 AVAST engine scan C:\ProgramData
21:29:18.780 Scan finished successfully
21:31:32.425 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
21:31:32.430 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:05 PM

Posted 07 September 2012 - 10:13 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 thatguy1066

thatguy1066
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 07 September 2012 - 10:59 PM

Ran the script with ComboFix again, no problems with that. Computer seems to be working just fine right now, nothing out of the ordinary so far.

ComboFix 12-09-07.03 - Admin 7/2012 Fri 23:38:59.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.12265.7743 [GMT -4:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
Command switches used :: c:\users\Admin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 )))))))))))))))))))))))))))))))
.
.
2012-09-08 03:44 . 2012-09-08 03:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-08 03:44 . 2012-09-08 03:44 -------- d-----w- c:\users\Mcx1-ADMIN-MSI\AppData\Local\temp
2012-09-08 03:44 . 2012-09-08 03:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-07 21:25 . 2012-09-07 21:25 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2DE59E9-18AB-47B9-8D5B-A09365D7345E}\offreg.dll
2012-09-07 20:47 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2DE59E9-18AB-47B9-8D5B-A09365D7345E}\mpengine.dll
2012-09-07 15:57 . 2011-07-17 02:21 302592 ----a-w- c:\program files (x86)\Mozilla Firefox\gmer\gmer.exe
2012-09-06 22:24 . 2012-06-18 04:32 120972800 ----a-w- c:\program files (x86)\Mozilla Firefox\redsn0w_win_0.9.14b1\redsn0w_win_0.9.14b1\redsn0w.exe
2012-09-06 20:31 . 2012-09-06 23:45 -------- d-----w- c:\users\Admin\AppData\Roaming\redsn0w
2012-09-06 20:22 . 2012-03-08 05:26 25787392 ----a-w- c:\program files (x86)\Mozilla Firefox\redsn0w_win_0.9.10b6\redsn0w_win_0.9.10b6\redsn0w.exe
2012-09-06 19:59 . 2012-09-06 22:03 -------- d-----w- c:\users\Admin\AppData\Local\libimobiledevice
2012-09-06 19:59 . 2012-05-30 00:11 2816000 ----a-w- c:\program files (x86)\Mozilla Firefox\absinthe-win-2.0.4\absinthe-win-2.0.4\absinthe.exe
2012-09-06 18:24 . 2012-09-06 18:24 -------- d-----w- c:\program files\iPod
2012-09-06 18:24 . 2012-09-06 18:25 -------- d-----w- c:\program files\iTunes
2012-09-06 18:24 . 2012-09-06 18:25 -------- d-----w- c:\program files (x86)\iTunes
2012-09-06 18:23 . 2012-09-06 18:23 -------- d-----w- c:\program files\Bonjour
2012-09-06 18:23 . 2012-09-06 18:23 -------- d-----w- c:\program files (x86)\Bonjour
2012-09-06 18:09 . 2012-05-30 06:21 5466948 ----a-w- c:\program files (x86)\Mozilla Firefox\absinthe-win-2.0.4\absinthe-win-2.0.4.exe
2012-09-03 01:25 . 2012-09-03 01:25 -------- d-----w- c:\users\Admin\AppData\Local\NCSoft
2012-09-03 01:17 . 2012-09-03 01:17 -------- d-----w- c:\program files (x86)\NCsoft
2012-09-03 01:16 . 2012-09-07 20:43 -------- d-----w- c:\users\Admin\AppData\Local\assembly
2012-09-03 01:15 . 2012-09-03 01:16 -------- d-----w- c:\users\Admin\AppData\Roaming\GetRightToGo
2012-08-29 15:33 . 1995-02-03 06:30 10970 ----a-w- c:\program files (x86)\Mozilla Firefox\openxcom-v0.4-win64\data\SOUND\SNDSTART.EXE
2012-08-29 15:33 . 1995-01-18 07:35 7756 ----a-w- c:\program files (x86)\Mozilla Firefox\openxcom-v0.4-win64\data\SOUND\SNDEND.EXE
2012-08-29 15:27 . 2004-03-29 20:23 90112 ----a-w- c:\windows\unvise32.exe
2012-08-24 00:33 . 2012-08-24 00:33 -------- d-----w- c:\users\Admin\AppData\Local\NBGI
2012-08-24 00:17 . 2012-08-24 00:17 -------- d-----w- c:\windows\SysWow64\xlive
2012-08-24 00:17 . 2012-08-24 00:17 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-08-15 00:28 . 2012-06-02 11:45 1570304 ----a-w- c:\program files (x86)\Mozilla Firefox\JoyToKey_en\JoyToKey_en\JoyToKey.exe
2012-08-15 00:28 . 2012-04-15 02:20 68608 ----a-w- c:\program files (x86)\Mozilla Firefox\JoyToKey_en\JoyToKey_en\VistaAPI.dll
2012-08-15 00:27 . 2012-08-15 00:27 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2012-08-12 02:29 . 2012-08-12 02:29 -------- d-----w- c:\users\Admin\AppData\Local\Western Digital
2012-08-12 02:03 . 2012-08-12 02:03 -------- d-----w- c:\program files\DIFX
2012-08-12 02:03 . 2012-08-12 02:03 -------- d-----w- c:\program files\WDCSAM
2012-08-11 23:44 . 2012-08-11 23:44 -------- d-----w- c:\users\Admin\AppData\Local\Macromedia
2012-08-11 23:44 . 2012-08-28 00:59 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-11 23:44 . 2012-08-11 23:44 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 00:59 . 2011-07-09 17:04 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-23 08:26 . 2012-02-03 07:24 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-06 02:06 . 2012-08-05 20:09 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06 . 2011-07-09 15:38 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 17:46 . 2011-10-05 07:18 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-07_20.44.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 02:36 . 2012-09-07 15:36 720224 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-07 21:18 720224 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-07 21:18 146888 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-09-07 15:36 146888 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Admin\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2010-11-05 2482176]
"Cinema ProII AP"="c:\program files (x86)\MSI\Cinema ProII\CinemaProII.exe" [2011-01-25 200192]
"Cinema ProII Controler"="c:\program files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe" [2010-06-25 1689600]
"NVIDIAOCAP"="c:\program files (x86)\MSI\NVIDIA Overclock Tool\NVIDIAOCAP.exe" [2010-10-20 83456]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-18 1351680]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"msi LED Manager"="c:\program files (x86)\msi\msi LED Manager\SLM.exe" [2010-07-29 2795008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GlobeTrotter Connect.lnk - c:\program files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2009-10-14 2849280]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 250568]
R3 ALSysIO;ALSysIO;c:\users\Admin\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-12-14 58128]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2010-12-14 274432]
R3 DIRECTIO;DIRECTIO;c:\bit_temp\DirectIo.sys [x]
R3 fspad_xp64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_xp64;c:\windows\system32\drivers\fspad_xp64.sys [2010-06-07 52224]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2009-06-11 130048]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2009-06-11 86528]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2010-12-14 59904]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
R3 MGHwCtrl;MGHwCtrl;c:\program files\msi\msi Software Install\MGHwCtrl.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USB_NDIS;RCA USB Digital Cable Modem Driver;c:\windows\system32\DRIVERS\NetRcaCmNTamd64.sys [2007-01-05 18560]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-05 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2006-10-17 52760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 GtDetectSc;GtDetectSc;c:\program files\Option\GlobeTrotter Connect\GtDetectSc.exe [2009-05-04 809984]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-07 8704]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 MSI Foundation Service;MSI Foundation Service;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-07-16 12800]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 UCManSvc;UCManSvc;c:\program files (x86)\SoftDenchi\UCManSvc.exe [2010-03-12 241808]
S3 fspad_wlh64;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh64;c:\windows\system32\drivers\fspad_wlh64.sys [2010-06-07 52224]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-19 56344]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-04-27 184968]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 760168]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 31795197
*NewlyCreated* - ASWMBR
*Deregistered* - 31795197
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 00:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-14 11777128]
"fspuip"="c:\program files (x86)\FSP\fspuip.exe" [BU]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-12-14 10222080]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com/?l=dis&o=102868&gct=hp
mStart Page = hxxp://msi.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\spmqlc8q.default\
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: network.proxy.http - 204.188.215.42
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\A*3*ホ0モ0]
"FormKeyword"=hex:
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\A*4*ホ0モ0]
"FormKeyword"=hex:
.
Completion time: 2012-09-07 23:46:34
ComboFix-quarantined-files.txt 2012-09-08 03:46
ComboFix2.txt 2012-09-07 20:46
.
Pre-Run: 189,332,721,664 bytes free
Post-Run: 189,381,943,296 bytes free
.
- - End Of File - - 1FAC1A499C62409C92485F7CD1FAC005

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:05 PM

Posted 08 September 2012 - 12:11 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 thatguy1066

thatguy1066
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 08 September 2012 - 01:07 AM

Here's the Combofix report:

7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Aegisub 2.1.8
Age of Decadence Public Beta 0.8.6
Anki
ANNO 1404
ANNO 2070
Apple Application Support
Apple Software Update
Arcanum Of Steamworks and Magick Obscura
ARMA 2: Operation Arrowhead
ATLAS Translation Standard V14.0 Trial Version
Battlefield 2142
Battlelog Web Plugins
BattlEye for OA Uninstall
Brytenwalda version 1.37
BurnRecovery
calibre
Canon MP Navigator EX 4.0
Canon MP280 series User Registration
CDisplay 1.8
Cinema ProII Setup
City of Heroes
Combined Community Codec Pack 2011-07-30
Control ActiveX de Windows Live Mesh para conexiones remotas
Controle ActiveX Windows Live Mesh pour connexions a distance
CopyTrans Suite Remove Only
Crusader Kings II version 1.05g
D3DX10
Dark Souls: Prepare to Die Edition
Darkest Hour: A Hearts of Iron Game
DarthMod: Shogun II
DDS Thumbnail Viewer
DEFCON
Divine Wind version 5.1
Dota 2
Dup Detector
ESN Sonar
Europa Universalis III
F.lux
Fall Further 051
Fallout Mod Manager 0.13.21
Fallout: New Vegas
Foxit Reader
Fraps (remove only)
From Dust
Galeria fotografica de Windows Live
Galerie de photos Windows Live
Garry's Mod
GIMP 2.6.11
GlobeTrotter Connect
Half-Life 2: Episode Two
Hi-Rez Studios Authenticate and Update Service
i-Charger
Intel® Management Engine Components
Intel® Rapid Storage Technology
IrfanView (remove only)
Junk Mail filter update
Just Cause 2
KeyHoleTV
Killing Floor
Lament for the Queen
Malwarebytes Anti-Malware version 1.62.0.1300
Mass Effect? 3
Mesh Runtime
Metro 2033
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Browser
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Web Developer 2010 Express - ENU
Microsoft XNA Framework Redistributable 3.1
Mirror's Edge
MKVtoolnix 5.0.0
Morrowind
Mount & Blade: Warband
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Firefox 5.0 (x86 en-US)
MSI HOUSE
msi LED Manager
msi Software Install
MSVCRT
MSVCRT_amd64
Napoleon: Total War
Natural Selection 2 Beta
NCsoft Launcher
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA Overclock Tool
NVIDIA PhysX
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
OpenOffice.org 3.3
OpenVPN 2.1.4
Opera 11.50
Orbis
PlanetSide 2 Beta
PunkBuster Services
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
Renesas Electronics USB 3.0 Host Controller Driver
RocketDock 1.3.5
RollerCoaster Tycoon 2 Triple Thrill Pack
RPGツクール2000 ランタイムパッケージ
S.T.A.L.K.E.R.: Call of Pripyat
S.T.A.L.K.E.R.: Shadow of Chernobyl
SdRt4200
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Visual Web Developer 2010 Express - ENU (KB2251489)
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
SonicStage 4.3
Star Wars® Knights of the Old Republic® II: The Sith Lords™
Star Warsョ: Knights of the Old Republic ™
Steam
STEINS;GATE
Supreme Commander: Forged Alliance
Sword of the Stars Complete Collection
System Control Manager
System Requirements Lab CYRI
TES Construction Set
The Eagle and the Radiant Cross Ch. 3
THX TruStudio Pro
Total War: SHOGUN 2
Total War: Shogun 2 - Fall of the Samurai - Beta Client
TSLRCM 1.8
Ubisoft Game Launcher
Victoria 2
Victoria II A House Divided 2.1
VLC media player 2.0.3
Warhammer 40,000 Space Marine
WarhammerR 40,000R: Dawn of WarR II ? Retribution?
Warlock - Master of the Arcane © Paradox Interactive version 1
WinDirStat 1.1.2
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
XCOM-Total Pack
XviD4PSP 5.10.260.0
グリーフシンドローム

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:05 PM

Posted 08 September 2012 - 01:51 AM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 thatguy1066

thatguy1066
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 08 September 2012 - 09:45 AM

Logs from MBAM & Hijackthis. No problems once I ran Hijackthis as administrator. As before, computer's fine, nothing out of the ordinary. Though I thought I had CCleaner already, don't know why it wasn't there already.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.08.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: ADMIN-MSI [administrator]

9/8/2012 10:30:31 AM
mbam-log-2012-09-08 (10-30-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241927
Time elapsed: 5 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:39:43 AM, on 9/8/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\MSI\msi LED Manager\SLM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Users\Admin\Downloads\HijackThis.exe

O2 - BHO: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [Cinema ProII AP] C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
O4 - HKLM\..\Run: [Cinema ProII Controler] C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
O4 - HKLM\..\Run: [NVIDIAOCAP] C:\Program Files (x86)\MSI\NVIDIA Overclock Tool\NVIDIAOCAP.exe
O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\windows\UpdReg.EXE
O4 - HKLM\..\Run: [msi LED Manager] C:\Program Files (x86)\msi\msi LED Manager\SLM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [F.lux] "C:\Users\Admin\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKUS\S-1-5-21-3336651487-4280826147-1098286620-1008\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3336651487-4280826147-1098286620-1008\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files (x86)\ATLAS V14\Atlscript.html
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files (x86)\System Control Manager\MSIService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: MSI Foundation Service - MSI - C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: UCManSvc - Paltiosoft Inc. - C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10150 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:05 PM

Posted 08 September 2012 - 11:26 AM

Greetings thatguy1066

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [NVIDIAOCAP] C:\Program Files (x86)\MSI\NVIDIA Overclock Tool\NVIDIAOCAP.exe
      O4 - HKLM\..\Run: [UpdReg] C:\windows\UpdReg.EXE
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKCU\..\Run: [F.lux] "C:\Users\Admin\Local Settings\Apps\F.lux\flux.exe" /noshow
      O4 - HKUS\S-1-5-21-3336651487-4280826147-1098286620-1008\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-3336651487-4280826147-1098286620-1008\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
      O4 - Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
      O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 thatguy1066

thatguy1066
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 08 September 2012 - 04:38 PM

Huh, well, ESET came up positive with three results, but I don't believe that they're actually malicious.

C:\Users\Admin\Desktop\Translation Aggregator 0.4.9.r171\Translation Aggregator 0.4.9.r171\agth.dll probably a variant of Win32/AGTH.A application
C:\Users\Admin\Downloads\cnet_egifan5_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Admin\Downloads\cnet_setup_zip.exe a variant of Win32/InstallCore.D application

AGTH, I'm familiar with, that's the Anime Games Text Hooker, and I'm pretty sure it's legitimate. I'll clean it out anyways and reinstall it, though.
The two items in my downloads folder, those I downloaded from CNET, so I'm not exactly sure why those are flagged as threats. I'll get rid of those as well.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:05 PM

Posted 08 September 2012 - 11:41 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\Admin\Desktop\Translation Aggregator 0.4.9.r171\Translation Aggregator 0.4.9.r171\agth.dll"
    del /f /s /q "C:\Users\Admin\Downloads\cnet_egifan5_exe.exe"
    del /f /s /q "C:\Users\Admin\Downloads\cnet_setup_zip.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 thatguy1066

thatguy1066
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 09 September 2012 - 12:29 AM

Good to hear that everything checks out. Guess MSE managed to do its job just fine after all.
Well, thank you very much for helping me out with this, even if this was just a false alarm, I really appreciate the assistance and guidance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users