Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another one for the "Recommended for You" bandwagon


  • This topic is locked This topic is locked
12 replies to this topic

#1 Danny Weiss

Danny Weiss

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 09 October 2012 - 02:27 PM

Hello, all.

As stated, here's another case of the "Recommended for You" whatever-it-is that's hit a fair number of folks, if a cursory search is to be believed. This involves pop-ups (often iPhone-shaped) in the lower-right corner of my browser (Firefox/Chrome), and the occasional redirect.

Here's my DDS; no GMER (it's a 64-bit).

Any help would be appreciated!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.7.2
Run by PJOB at 14:06:00 on 2012-10-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.2056 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\WTouch\WTouchService.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\Pen_Tablet.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\WTouch\WTouchUser.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\windows\system32\WTablet\Pen_TabletUser.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Windows\System32\iprntctl.exe
C:\Windows\System32\iprntlgn.exe
C:\windows\system32\Pen_Tablet.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\PJOB\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\StikyNot.exe
C:\Users\PJOB\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3101810
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Spotify Web Helper] "C:\Users\PJOB\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [QuickTime Plugin Install] C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "D:\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage
StartupFolder: C:\Users\PJOB\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\PJOB\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\PJOB\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 172.16.1.36 172.16.1.78
TCP: Interfaces\{E083B314-07BD-497D-99CE-6653054422E4} : DhcpNameServer = 172.16.1.36 172.16.1.78
TCP: Interfaces\{E083B314-07BD-497D-99CE-6653054422E4}\2375942554939313 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E083B314-07BD-497D-99CE-6653054422E4}\35E61627B602F6E6024786560264C697 : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{E083B314-07BD-497D-99CE-6653054422E4}\35E61627B602F6E6024786560264C697D27657563747 : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{E083B314-07BD-497D-99CE-6653054422E4}\4656661657C647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E083B314-07BD-497D-99CE-6653054422E4}\D455D2745554354535 : DhcpNameServer = 172.16.1.36 172.16.1.78
TCP: Interfaces\{E083B314-07BD-497D-99CE-6653054422E4}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E882042D-FD03-4CEE-9027-6243A735A9CC} : DhcpNameServer = 172.16.1.36 172.16.1.78
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
LSA: Notification Packages = scecli iPrntWinCredMan
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun-x64: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [QuickTime Plugin Install] C:\Program Files (x86)\QuickTime\Plugins\DeleteMe1.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "D:\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Hosts: 66.232.114.203 www.google-analytics.com.
Hosts: 66.232.114.203 ad-emea.doubleclick.net.
Hosts: 66.232.114.203 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\PJOB\AppData\Roaming\Mozilla\Firefox\Profiles\rv4338qs.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3101810&SearchSource=2&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\PJOB\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - plugin: C:\windows\SysWOW64\npnipp.dll
FF - plugin: C:\windows\SysWOW64\npnisp.dll
FF - plugin: D:\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 funfrm;funfrm;C:\windows\system32\drivers\funfrm.sys --> C:\windows\system32\drivers\funfrm.sys [?]
R1 SbFw;SbFw;C:\windows\system32\drivers\SbFw.sys --> C:\windows\system32\drivers\SbFw.sys [?]
R1 SbTis;SbTis;C:\windows\system32\drivers\sbtis.sys --> C:\windows\system32\drivers\sbtis.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
R2 TabletServicePen;TabletServicePen;C:\windows\system32\Pen_Tablet.exe --> C:\windows\system32\Pen_Tablet.exe [?]
R2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2012-1-24 127272]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\windows\system32\DRIVERS\LVPr2M64.sys --> C:\windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\windows\system32\DRIVERS\SBFWIM.sys --> C:\windows\system32\DRIVERS\SBFWIM.sys [?]
R3 usbsmi;Lenovo EasyCamera;C:\windows\system32\DRIVERS\SMIksdrv.sys --> C:\windows\system32\DRIVERS\SMIksdrv.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdmirror;wdmirror;C:\windows\system32\DRIVERS\WDMirror.sys --> C:\windows\system32\DRIVERS\WDMirror.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-3 116648]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 Bridge0;Bridge0;C:\windows\system32\drivers\WDBridge.sys --> C:\windows\system32\drivers\WDBridge.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-5-8 1431888]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-3 116648]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-5-25 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-5-25 579400]
S3 lvpopf64;Logitech POP Suppression Filter;C:\windows\system32\DRIVERS\lvpopf64.sys --> C:\windows\system32\DRIVERS\lvpopf64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\windows\system32\DRIVERS\lvrs64.sys --> C:\windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam 200(UVC);C:\windows\system32\DRIVERS\lvuvc64.sys --> C:\windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 114144]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\windows\system32\DRIVERS\sbfwim.sys --> C:\windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\windows\system32\drivers\sbhips.sys --> C:\windows\system32\drivers\sbhips.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\windows\system32\DRIVERS\wacmoumonitor.sys --> C:\windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-10-09 14:33:12 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D87F7893-DD90-4800-AA42-46978AE59BD0}\mpengine.dll
2012-10-09 06:06:16 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-05 14:38:54 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{09146821-B54A-4058-A4C7-C4C3373FB6F7}\gapaengine.dll
2012-10-04 02:18:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-30 20:27:25 -------- d-----w- C:\Users\PJOB\AppData\Local\Macromedia
2012-09-30 20:26:53 696240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-09-25 22:22:25 245760 ----a-w- C:\windows\System32\OxpsConverter.exe
2012-09-25 22:04:08 -------- d-----w- C:\Program Files\Vendini
2012-09-14 23:45:01 -------- d-----w- C:\Program Files (x86)\NCH Software
2012-09-14 03:27:49 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-09-14 03:26:45 -------- d-----w- C:\Program Files\iPod
2012-09-14 03:26:42 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-14 03:26:42 -------- d-----w- C:\Program Files\iTunes
2012-09-12 14:14:54 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2012-09-12 14:14:53 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-09-12 14:14:53 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2012-09-12 14:14:53 41472 ----a-w- C:\windows\System32\drivers\RNDISMP.sys
2012-09-12 14:14:52 376688 ----a-w- C:\windows\System32\drivers\netio.sys
2012-09-12 14:14:52 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 14:14:52 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2012-09-30 20:26:53 73136 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-07 22:04:46 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-08-31 23:07:08 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-31 23:07:04 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-08-31 23:07:04 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-08-31 03:03:48 228768 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2012-08-31 03:03:48 128456 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-08-24 18:05:06 1188864 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 16:57:48 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 15:59:30 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2012-08-24 15:20:39 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-08-21 18:01:20 125872 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-08-21 18:01:20 106928 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 14:06:44.91 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:45 PM

Posted 09 October 2012 - 06:15 PM

Please run the following:

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Danny Weiss

Danny Weiss
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 09 October 2012 - 11:48 PM

Done as suggested.

In order: Adwcleaner and ComboFix

# AdwCleaner v2.004 - Logfile created 10/09/2012 at 22:32:26
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : PJOB - PJOB-PC
# Boot Mode : Normal
# Running from : C:\Users\PJOB\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\PJOB\AppData\Roaming\Mozilla\Firefox\Profiles\rv4338qs.default\searchplugins\Askcom.xml
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Users\PJOB\AppData\Local\Conduit
Folder Found : C:\Users\PJOB\AppData\LocalLow\Conduit

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-2864502416-2764662593-146802099-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-2864502416-2764662593-146802099-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3101810

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\PJOB\AppData\Roaming\Mozilla\Firefox\Profiles\rv4338qs.default\prefs.js

Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3101810&SearchSource=1[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "Somoto Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3101810[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3101810");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3101810&SearchSource=2&q=[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\PJOB\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2859 octets] - [09/10/2012 22:32:26]

########## EOF - C:\AdwCleaner[R1].txt - [2919 octets] ##########

ComboFix 12-10-09.01 - PJOB 10/09/2012 22:44:23.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.2228 [GMT -5:00]
Running from: c:\users\PJOB\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1799715130
c:\users\PJOB\.COMMgr
c:\users\PJOB\AppData\Roaming\WTouch
c:\users\PJOB\AppData\Roaming\WTouch\WTouch.xml
c:\users\PJOB\Documents\~WRL0003.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 04:39 . 2012-10-10 04:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-09 23:17 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C66DA424-B5CC-42DB-AB9E-4141B4BEC456}\mpengine.dll
2012-10-09 14:33 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-05 14:38 . 2012-10-02 15:42 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09146821-B54A-4058-A4C7-C4C3373FB6F7}\gapaengine.dll
2012-10-04 02:18 . 2012-10-04 02:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-30 20:27 . 2012-09-30 20:27 -------- d-----w- c:\users\PJOB\AppData\Local\Macromedia
2012-09-30 20:26 . 2012-09-30 20:26 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-30 20:26 . 2012-09-30 20:26 -------- d-----w- c:\windows\system32\Macromed
2012-09-25 22:22 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-25 22:04 . 2012-09-25 22:04 -------- d-----w- c:\program files\Vendini
2012-09-14 23:45 . 2012-09-14 23:45 -------- d-----w- c:\program files (x86)\NCH Software
2012-09-14 03:27 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-14 03:26 . 2012-09-14 03:26 -------- d-----w- c:\program files\iPod
2012-09-14 03:26 . 2012-09-14 03:27 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-14 03:26 . 2012-09-14 03:27 -------- d-----w- c:\program files\iTunes
2012-09-12 14:14 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 14:14 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 14:14 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 14:14 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 14:14 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 14:14 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 14:14 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-02 15:42 . 2011-03-26 03:54 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-30 20:26 . 2011-08-18 02:38 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-12 23:21 . 2010-12-27 16:37 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-07 22:04 . 2010-08-28 20:34 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 23:07 . 2012-08-31 23:07 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-31 23:07 . 2012-07-18 04:04 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-31 23:07 . 2011-07-27 22:01 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 03:03 . 2010-10-25 03:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-21 18:01 . 2010-08-02 03:39 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 18:01 . 2010-08-02 03:39 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-18 18:15 . 2012-08-15 20:46 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\PJOB\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\PJOB\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\PJOB\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Spotify Web Helper"="c:\users\PJOB\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-17 1193176]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2010-05-25 3122440]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"QuickTime Plugin Install"="c:\program files (x86)\QuickTime\Plugins\DeleteMe1.exe" [2011-09-20 86016]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="D:\iTunesHelper.exe" [2012-09-10 421776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
.
c:\users\PJOB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\PJOB\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli iPrntWinCredMan
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03 116648]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-16 79376]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-08 1431888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03 116648]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2009-10-07 271640]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 84568]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 60504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-22 154256]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-01-30 18216]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-02 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\test\ECECECEC\WinRing0x64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
S1 funfrm;funfrm; [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 253528]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 94296]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-07-15 5414184]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-07-15 127272]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 26128]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-28 52320]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 84568]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-10-16 197376]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11280]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
<NO NAME> REG_SZ
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03 20:42]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03 20:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\PJOB\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\PJOB\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\PJOB\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\PJOB\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2010-05-25 06:20 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 365592]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-09-29 4366704]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-08-19 5825536]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2011-11-04 66136]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2011-11-04 69720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.1.36 172.16.1.78
FF - ProfilePath - c:\users\PJOB\AppData\Roaming\Mozilla\Firefox\Profiles\rv4338qs.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bb45ef8e-1e36-4535-a017-ec908fb1e335} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
SafeBoot-97814897.sys
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\00\19\11\1d\18É"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-09 23:42:54
ComboFix-quarantined-files.txt 2012-10-10 04:42
.
Pre-Run: 91,704,123,392 bytes free
Post-Run: 90,988,494,848 bytes free
.
- - End Of File - - 4B3CCD8A50955B0D5FEEA9BAC7EAF98C

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:45 PM

Posted 10 October 2012 - 10:44 AM

Please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Danny Weiss

Danny Weiss
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 10 October 2012 - 01:46 PM

I have my TDF and Malwarebytes logs; ESET keeps stopping due to an "Unexpected error 2002." It keeps detecting Windows Defender somewhere.

10:59:29.0576 1160 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
10:59:29.0934 1160 ============================================================
10:59:29.0934 1160 Current date / time: 2012/10/10 10:59:29.0934
10:59:29.0934 1160 SystemInfo:
10:59:29.0934 1160
10:59:29.0934 1160 OS Version: 6.1.7601 ServicePack: 1.0
10:59:29.0934 1160 Product type: Workstation
10:59:29.0934 1160 ComputerName: PJOB-PC
10:59:29.0934 1160 UserName: PJOB
10:59:29.0934 1160 Windows directory: C:\windows
10:59:29.0934 1160 System windows directory: C:\windows
10:59:29.0934 1160 Running under WOW64
10:59:29.0934 1160 Processor architecture: Intel x64
10:59:29.0934 1160 Number of processors: 2
10:59:29.0934 1160 Page size: 0x1000
10:59:29.0934 1160 Boot type: Normal boot
10:59:29.0934 1160 ============================================================
10:59:32.0964 1160 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:59:32.0979 1160 ============================================================
10:59:32.0979 1160 \Device\Harddisk0\DR0:
10:59:32.0979 1160 MBR partitions:
10:59:32.0979 1160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
10:59:32.0979 1160 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x177602C0
10:59:32.0995 1160 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x177C52C0, BlocksNum 0x3C7E000
10:59:32.0995 1160 ============================================================
10:59:33.0042 1160 C: <-> \Device\Harddisk0\DR0\Partition2
10:59:33.0369 1160 D: <-> \Device\Harddisk0\DR0\Partition3
10:59:33.0369 1160 ============================================================
10:59:33.0369 1160 Initialize success
10:59:33.0369 1160 ============================================================
10:59:54.0153 5072 ============================================================
10:59:54.0153 5072 Scan started
10:59:54.0153 5072 Mode: Manual; TDLFS;
10:59:54.0153 5072 ============================================================
10:59:54.0669 5072 ================ Scan system memory ========================
10:59:54.0669 5072 System memory - ok
10:59:54.0670 5072 ================ Scan services =============================
10:59:54.0838 5072 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
10:59:54.0844 5072 1394ohci - ok
10:59:54.0885 5072 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
10:59:54.0892 5072 ACPI - ok
10:59:54.0948 5072 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
10:59:54.0950 5072 AcpiPmi - ok
10:59:54.0991 5072 [ 2E68544BCE94DE6677F700CF1D582B6D ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
10:59:54.0992 5072 ACPIVPC - ok
10:59:55.0093 5072 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:59:55.0096 5072 AdobeARMservice - ok
10:59:55.0158 5072 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
10:59:55.0169 5072 adp94xx - ok
10:59:55.0221 5072 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
10:59:55.0252 5072 adpahci - ok
10:59:55.0280 5072 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
10:59:55.0287 5072 adpu320 - ok
10:59:55.0317 5072 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
10:59:55.0320 5072 AeLookupSvc - ok
10:59:55.0388 5072 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
10:59:55.0398 5072 AFD - ok
10:59:55.0446 5072 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
10:59:55.0449 5072 agp440 - ok
10:59:55.0471 5072 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
10:59:55.0474 5072 ALG - ok
10:59:55.0507 5072 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
10:59:55.0508 5072 aliide - ok
10:59:55.0527 5072 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
10:59:55.0528 5072 amdide - ok
10:59:55.0558 5072 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
10:59:55.0561 5072 AmdK8 - ok
10:59:55.0583 5072 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
10:59:55.0585 5072 AmdPPM - ok
10:59:55.0627 5072 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
10:59:55.0630 5072 amdsata - ok
10:59:55.0669 5072 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
10:59:55.0676 5072 amdsbs - ok
10:59:55.0704 5072 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
10:59:55.0705 5072 amdxata - ok
10:59:55.0770 5072 [ F7C36D620992FD7B5064603992C967EB ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys
10:59:55.0772 5072 ApfiltrService - ok
10:59:55.0827 5072 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
10:59:55.0831 5072 AppID - ok
10:59:55.0865 5072 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
10:59:55.0868 5072 AppIDSvc - ok
10:59:55.0906 5072 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
10:59:55.0909 5072 Appinfo - ok
10:59:55.0985 5072 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:59:55.0990 5072 Apple Mobile Device - ok
10:59:56.0079 5072 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
10:59:56.0082 5072 arc - ok
10:59:56.0108 5072 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
10:59:56.0111 5072 arcsas - ok
10:59:56.0264 5072 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:59:56.0308 5072 aspnet_state - ok
10:59:56.0344 5072 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
10:59:56.0346 5072 AsyncMac - ok
10:59:56.0418 5072 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
10:59:56.0420 5072 atapi - ok
10:59:56.0491 5072 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
10:59:56.0516 5072 AudioEndpointBuilder - ok
10:59:56.0546 5072 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
10:59:56.0550 5072 AudioSrv - ok
10:59:56.0643 5072 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
10:59:56.0646 5072 AxInstSV - ok
10:59:56.0698 5072 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
10:59:56.0707 5072 b06bdrv - ok
10:59:56.0750 5072 [ 93AF5CCCE5145AA3C2F0A41E7F65149A ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
10:59:56.0752 5072 b57nd60a - ok
10:59:56.0859 5072 [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
10:59:56.0884 5072 BCM43XX - ok
10:59:56.0914 5072 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
10:59:56.0917 5072 BDESVC - ok
10:59:56.0946 5072 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
10:59:56.0947 5072 Beep - ok
10:59:57.0010 5072 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
10:59:57.0032 5072 BFE - ok
10:59:57.0089 5072 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
10:59:57.0122 5072 BITS - ok
10:59:57.0166 5072 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
10:59:57.0169 5072 blbdrive - ok
10:59:57.0243 5072 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:59:57.0254 5072 Bonjour Service - ok
10:59:57.0306 5072 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
10:59:57.0309 5072 bowser - ok
10:59:57.0346 5072 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
10:59:57.0348 5072 BrFiltLo - ok
10:59:57.0361 5072 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
10:59:57.0363 5072 BrFiltUp - ok
10:59:57.0389 5072 [ 34F786535F9245E4028C57B28248C9D8 ] Bridge0 C:\windows\system32\drivers\WDBridge.sys
10:59:57.0392 5072 Bridge0 - ok
10:59:57.0436 5072 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
10:59:57.0439 5072 BridgeMP - ok
10:59:57.0478 5072 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
10:59:57.0482 5072 Browser - ok
10:59:57.0511 5072 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
10:59:57.0517 5072 Brserid - ok
10:59:57.0537 5072 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
10:59:57.0539 5072 BrSerWdm - ok
10:59:57.0561 5072 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
10:59:57.0563 5072 BrUsbMdm - ok
10:59:57.0575 5072 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
10:59:57.0577 5072 BrUsbSer - ok
10:59:57.0630 5072 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
10:59:57.0632 5072 BthEnum - ok
10:59:57.0660 5072 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
10:59:57.0663 5072 BTHMODEM - ok
10:59:57.0686 5072 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
10:59:57.0690 5072 BthPan - ok
10:59:57.0737 5072 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
10:59:57.0750 5072 BTHPORT - ok
10:59:57.0795 5072 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
10:59:57.0798 5072 bthserv - ok
10:59:57.0833 5072 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
10:59:57.0836 5072 BTHUSB - ok
10:59:57.0867 5072 catchme - ok
10:59:57.0905 5072 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
10:59:57.0909 5072 cdfs - ok
10:59:57.0960 5072 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys
10:59:57.0964 5072 cdrom - ok
10:59:58.0008 5072 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
10:59:58.0011 5072 CertPropSvc - ok
10:59:58.0039 5072 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
10:59:58.0042 5072 circlass - ok
10:59:58.0070 5072 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
10:59:58.0078 5072 CLFS - ok
10:59:58.0148 5072 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:59:58.0151 5072 clr_optimization_v2.0.50727_32 - ok
10:59:58.0204 5072 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:59:58.0209 5072 clr_optimization_v2.0.50727_64 - ok
10:59:58.0303 5072 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:59:58.0374 5072 clr_optimization_v4.0.30319_32 - ok
10:59:58.0406 5072 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:59:58.0436 5072 clr_optimization_v4.0.30319_64 - ok
10:59:58.0482 5072 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
10:59:58.0484 5072 CmBatt - ok
10:59:58.0523 5072 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
10:59:58.0525 5072 cmdide - ok
10:59:58.0566 5072 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
10:59:58.0574 5072 CNG - ok
10:59:58.0635 5072 [ 7247A4D0875F5F28919E0787E11B7B57 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
10:59:58.0643 5072 CnxtHdAudService - ok
10:59:58.0695 5072 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
10:59:58.0696 5072 Compbatt - ok
10:59:58.0744 5072 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
10:59:58.0746 5072 CompositeBus - ok
10:59:58.0758 5072 COMSysApp - ok
10:59:58.0785 5072 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
10:59:58.0787 5072 crcdisk - ok
10:59:58.0839 5072 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
10:59:58.0845 5072 CryptSvc - ok
10:59:58.0906 5072 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\windows\system32\DRIVERS\dc3d.sys
10:59:58.0909 5072 dc3d - ok
10:59:58.0958 5072 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
10:59:58.0981 5072 DcomLaunch - ok
10:59:59.0015 5072 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
10:59:59.0022 5072 defragsvc - ok
10:59:59.0062 5072 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
10:59:59.0065 5072 DfsC - ok
10:59:59.0123 5072 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
10:59:59.0132 5072 Dhcp - ok
10:59:59.0169 5072 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
10:59:59.0172 5072 discache - ok
10:59:59.0201 5072 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
10:59:59.0204 5072 Disk - ok
10:59:59.0244 5072 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
10:59:59.0250 5072 Dnscache - ok
10:59:59.0296 5072 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
10:59:59.0304 5072 dot3svc - ok
10:59:59.0323 5072 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
10:59:59.0328 5072 DPS - ok
10:59:59.0375 5072 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
10:59:59.0377 5072 drmkaud - ok
10:59:59.0445 5072 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
10:59:59.0451 5072 DXGKrnl - ok
10:59:59.0480 5072 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
10:59:59.0483 5072 EapHost - ok
10:59:59.0592 5072 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
10:59:59.0716 5072 ebdrv - ok
10:59:59.0761 5072 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
10:59:59.0764 5072 EFS - ok
10:59:59.0799 5072 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
10:59:59.0811 5072 elxstor - ok
10:59:59.0830 5072 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
10:59:59.0832 5072 ErrDev - ok
10:59:59.0872 5072 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
10:59:59.0880 5072 EventSystem - ok
10:59:59.0905 5072 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
10:59:59.0910 5072 exfat - ok
10:59:59.0930 5072 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
10:59:59.0935 5072 fastfat - ok
11:00:00.0000 5072 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
11:00:00.0022 5072 Fax - ok
11:00:00.0053 5072 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
11:00:00.0055 5072 fdc - ok
11:00:00.0091 5072 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
11:00:00.0094 5072 fdPHost - ok
11:00:00.0106 5072 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
11:00:00.0108 5072 FDResPub - ok
11:00:00.0120 5072 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
11:00:00.0122 5072 FileInfo - ok
11:00:00.0141 5072 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
11:00:00.0146 5072 Filetrace - ok
11:00:00.0244 5072 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
11:00:00.0545 5072 FLEXnet Licensing Service 64 - ok
11:00:00.0584 5072 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
11:00:00.0586 5072 flpydisk - ok
11:00:00.0641 5072 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
11:00:00.0646 5072 FltMgr - ok
11:00:00.0707 5072 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
11:00:00.0735 5072 FontCache - ok
11:00:00.0802 5072 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:00:00.0803 5072 FontCache3.0.0.0 - ok
11:00:00.0827 5072 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
11:00:00.0830 5072 FsDepends - ok
11:00:00.0873 5072 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
11:00:00.0873 5072 Fs_Rec - ok
11:00:00.0921 5072 [ 6CCF66BCA3D24146CB8B0930DBA1448F ] funfrm C:\windows\system32\drivers\funfrm.sys
11:00:00.0922 5072 funfrm - ok
11:00:00.0981 5072 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
11:00:00.0986 5072 fvevol - ok
11:00:01.0017 5072 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
11:00:01.0020 5072 gagp30kx - ok
11:00:01.0062 5072 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
11:00:01.0063 5072 GEARAspiWDM - ok
11:00:01.0124 5072 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
11:00:01.0144 5072 gpsvc - ok
11:00:01.0270 5072 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:00:01.0274 5072 gupdate - ok
11:00:01.0297 5072 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:00:01.0299 5072 gupdatem - ok
11:00:01.0317 5072 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
11:00:01.0320 5072 hcw85cir - ok
11:00:01.0384 5072 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
11:00:01.0392 5072 HdAudAddService - ok
11:00:01.0432 5072 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
11:00:01.0434 5072 HDAudBus - ok
11:00:01.0454 5072 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
11:00:01.0456 5072 HidBatt - ok
11:00:01.0487 5072 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
11:00:01.0490 5072 HidBth - ok
11:00:01.0512 5072 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
11:00:01.0515 5072 HidIr - ok
11:00:01.0542 5072 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
11:00:01.0544 5072 hidserv - ok
11:00:01.0595 5072 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
11:00:01.0613 5072 HidUsb - ok
11:00:01.0667 5072 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
11:00:01.0672 5072 hkmsvc - ok
11:00:01.0709 5072 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
11:00:01.0717 5072 HomeGroupListener - ok
11:00:01.0758 5072 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
11:00:01.0765 5072 HomeGroupProvider - ok
11:00:01.0786 5072 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
11:00:01.0789 5072 HpSAMD - ok
11:00:01.0868 5072 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
11:00:01.0892 5072 HTTP - ok
11:00:01.0936 5072 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
11:00:01.0937 5072 hwpolicy - ok
11:00:01.0992 5072 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
11:00:01.0996 5072 i8042prt - ok
11:00:02.0066 5072 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:00:02.0076 5072 IAANTMON - ok
11:00:02.0126 5072 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
11:00:02.0130 5072 iaStor - ok
11:00:02.0184 5072 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
11:00:02.0196 5072 iaStorV - ok
11:00:02.0275 5072 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:00:02.0307 5072 idsvc - ok
11:00:02.0489 5072 [ AC4B14E985B2BB19386CC8203FE49BCD ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
11:00:02.0677 5072 igfx - ok
11:00:02.0866 5072 [ D951D20153E51928F9DB2227D6FF5C7A ] IGRS C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
11:00:02.0868 5072 IGRS - ok
11:00:02.0894 5072 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
11:00:02.0897 5072 iirsp - ok
11:00:02.0958 5072 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
11:00:02.0992 5072 IKEEXT - ok
11:00:03.0035 5072 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
11:00:03.0038 5072 intelide - ok
11:00:03.0077 5072 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
11:00:03.0077 5072 intelppm - ok
11:00:03.0107 5072 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
11:00:03.0110 5072 IPBusEnum - ok
11:00:03.0153 5072 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
11:00:03.0156 5072 IpFilterDriver - ok
11:00:03.0204 5072 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
11:00:03.0215 5072 iphlpsvc - ok
11:00:03.0255 5072 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
11:00:03.0259 5072 IPMIDRV - ok
11:00:03.0283 5072 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
11:00:03.0286 5072 IPNAT - ok
11:00:03.0370 5072 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:00:03.0401 5072 iPod Service - ok
11:00:03.0438 5072 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
11:00:03.0440 5072 IRENUM - ok
11:00:03.0483 5072 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
11:00:03.0485 5072 isapnp - ok
11:00:03.0501 5072 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
11:00:03.0508 5072 iScsiPrt - ok
11:00:03.0547 5072 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\windows\system32\DRIVERS\k57nd60a.sys
11:00:03.0554 5072 k57nd60a - ok
11:00:03.0579 5072 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
11:00:03.0580 5072 kbdclass - ok
11:00:03.0634 5072 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
11:00:03.0635 5072 kbdhid - ok
11:00:03.0647 5072 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
11:00:03.0648 5072 KeyIso - ok
11:00:03.0690 5072 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
11:00:03.0693 5072 KSecDD - ok
11:00:03.0736 5072 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
11:00:03.0739 5072 KSecPkg - ok
11:00:03.0773 5072 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
11:00:03.0775 5072 ksthunk - ok
11:00:03.0818 5072 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
11:00:03.0826 5072 KtmRm - ok
11:00:03.0879 5072 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
11:00:03.0885 5072 LanmanServer - ok
11:00:03.0918 5072 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
11:00:03.0922 5072 LanmanWorkstation - ok
11:00:03.0993 5072 [ 7FCB3EC66361F157BCD5B5C33CE2AC16 ] Lenovo ReadyComm AppSvc C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
11:00:04.0006 5072 Lenovo ReadyComm AppSvc - ok
11:00:04.0046 5072 [ 5287074E79E4BA82510886F684DC5F72 ] Lenovo ReadyComm ConnSvc C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
11:00:04.0056 5072 Lenovo ReadyComm ConnSvc - ok
11:00:04.0085 5072 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
11:00:04.0088 5072 lltdio - ok
11:00:04.0119 5072 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
11:00:04.0126 5072 lltdsvc - ok
11:00:04.0145 5072 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
11:00:04.0147 5072 lmhosts - ok
11:00:04.0177 5072 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
11:00:04.0180 5072 LSI_FC - ok
11:00:04.0220 5072 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
11:00:04.0223 5072 LSI_SAS - ok
11:00:04.0257 5072 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
11:00:04.0259 5072 LSI_SAS2 - ok
11:00:04.0283 5072 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
11:00:04.0286 5072 LSI_SCSI - ok
11:00:04.0305 5072 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
11:00:04.0308 5072 luafv - ok
11:00:04.0370 5072 [ B2085E335F2B57077B0CBADB6F1245CD ] lvpopf64 C:\windows\system32\DRIVERS\lvpopf64.sys
11:00:04.0378 5072 lvpopf64 - ok
11:00:04.0420 5072 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\windows\system32\DRIVERS\LVPr2M64.sys
11:00:04.0444 5072 LVPr2M64 - ok
11:00:04.0475 5072 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\windows\system32\DRIVERS\LVPr2M64.sys
11:00:04.0475 5072 LVPr2Mon - ok
11:00:04.0534 5072 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
11:00:04.0539 5072 LVPrcS64 - ok
11:00:04.0577 5072 [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64 C:\windows\system32\DRIVERS\lvrs64.sys
11:00:04.0585 5072 LVRS64 - ok
11:00:04.0760 5072 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\windows\system32\DRIVERS\lvuvc64.sys
11:00:04.0919 5072 LVUVC64 - ok
11:00:04.0968 5072 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
11:00:04.0974 5072 megasas - ok
11:00:05.0101 5072 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
11:00:05.0108 5072 MegaSR - ok
11:00:05.0145 5072 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
11:00:05.0148 5072 MMCSS - ok
11:00:05.0171 5072 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
11:00:05.0175 5072 Modem - ok
11:00:05.0219 5072 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
11:00:05.0221 5072 monitor - ok
11:00:05.0249 5072 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
11:00:05.0251 5072 mouclass - ok
11:00:05.0276 5072 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
11:00:05.0293 5072 mouhid - ok
11:00:05.0332 5072 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
11:00:05.0334 5072 mountmgr - ok
11:00:05.0417 5072 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:00:05.0422 5072 MozillaMaintenance - ok
11:00:05.0501 5072 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
11:00:05.0506 5072 MpFilter - ok
11:00:05.0545 5072 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
11:00:05.0550 5072 mpio - ok
11:00:05.0581 5072 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
11:00:05.0584 5072 mpsdrv - ok
11:00:05.0646 5072 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
11:00:05.0680 5072 MpsSvc - ok
11:00:05.0723 5072 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
11:00:05.0727 5072 MRxDAV - ok
11:00:05.0774 5072 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
11:00:05.0778 5072 mrxsmb - ok
11:00:05.0825 5072 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
11:00:05.0832 5072 mrxsmb10 - ok
11:00:05.0848 5072 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
11:00:05.0851 5072 mrxsmb20 - ok
11:00:05.0874 5072 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
11:00:05.0876 5072 msahci - ok
11:00:05.0892 5072 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
11:00:05.0896 5072 msdsm - ok
11:00:05.0922 5072 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
11:00:05.0926 5072 MSDTC - ok
11:00:05.0972 5072 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
11:00:05.0974 5072 Msfs - ok
11:00:05.0998 5072 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
11:00:06.0001 5072 mshidkmdf - ok
11:00:06.0046 5072 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
11:00:06.0047 5072 msisadrv - ok
11:00:06.0070 5072 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
11:00:06.0076 5072 MSiSCSI - ok
11:00:06.0084 5072 msiserver - ok
11:00:06.0109 5072 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
11:00:06.0111 5072 MSKSSRV - ok
11:00:06.0168 5072 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:00:06.0169 5072 MsMpSvc - ok
11:00:06.0179 5072 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
11:00:06.0181 5072 MSPCLOCK - ok
11:00:06.0191 5072 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
11:00:06.0193 5072 MSPQM - ok
11:00:06.0242 5072 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
11:00:06.0248 5072 MsRPC - ok
11:00:06.0293 5072 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
11:00:06.0294 5072 mssmbios - ok
11:00:06.0312 5072 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
11:00:06.0314 5072 MSTEE - ok
11:00:06.0324 5072 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
11:00:06.0325 5072 MTConfig - ok
11:00:06.0358 5072 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
11:00:06.0359 5072 Mup - ok
11:00:06.0416 5072 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
11:00:06.0425 5072 napagent - ok
11:00:06.0472 5072 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
11:00:06.0478 5072 NativeWifiP - ok
11:00:06.0548 5072 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
11:00:06.0568 5072 NDIS - ok
11:00:06.0593 5072 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
11:00:06.0595 5072 NdisCap - ok
11:00:06.0617 5072 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
11:00:06.0619 5072 NdisTapi - ok
11:00:06.0658 5072 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
11:00:06.0668 5072 Ndisuio - ok
11:00:06.0714 5072 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
11:00:06.0719 5072 NdisWan - ok
11:00:06.0762 5072 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
11:00:06.0765 5072 NDProxy - ok
11:00:06.0798 5072 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
11:00:06.0800 5072 NetBIOS - ok
11:00:06.0850 5072 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
11:00:06.0857 5072 NetBT - ok
11:00:06.0871 5072 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
11:00:06.0874 5072 Netlogon - ok
11:00:06.0922 5072 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
11:00:06.0930 5072 Netman - ok
11:00:07.0003 5072 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:00:07.0035 5072 NetMsmqActivator - ok
11:00:07.0063 5072 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:00:07.0066 5072 NetPipeActivator - ok
11:00:07.0109 5072 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
11:00:07.0121 5072 netprofm - ok
11:00:07.0138 5072 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:00:07.0140 5072 NetTcpActivator - ok
11:00:07.0151 5072 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:00:07.0153 5072 NetTcpPortSharing - ok
11:00:07.0282 5072 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\windows\system32\DRIVERS\netw5v64.sys
11:00:07.0405 5072 netw5v64 - ok
11:00:07.0459 5072 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
11:00:07.0462 5072 nfrd960 - ok
11:00:07.0521 5072 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
11:00:07.0523 5072 NisDrv - ok
11:00:07.0569 5072 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
11:00:07.0578 5072 NisSrv - ok
11:00:07.0645 5072 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
11:00:07.0654 5072 NlaSvc - ok
11:00:07.0742 5072 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
11:00:07.0746 5072 Npfs - ok
11:00:07.0873 5072 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
11:00:07.0876 5072 nsi - ok
11:00:07.0897 5072 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
11:00:07.0900 5072 nsiproxy - ok
11:00:07.0976 5072 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
11:00:08.0019 5072 Ntfs - ok
11:00:08.0050 5072 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
11:00:08.0052 5072 Null - ok
11:00:08.0080 5072 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
11:00:08.0084 5072 nvraid - ok
11:00:08.0129 5072 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
11:00:08.0136 5072 nvstor - ok
11:00:08.0162 5072 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
11:00:08.0166 5072 nv_agp - ok
11:00:08.0278 5072 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:00:08.0287 5072 odserv - ok
11:00:08.0331 5072 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
11:00:08.0336 5072 ohci1394 - ok
11:00:08.0403 5072 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:00:08.0407 5072 ose - ok
11:00:08.0436 5072 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
11:00:08.0444 5072 p2pimsvc - ok
11:00:08.0469 5072 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
11:00:08.0478 5072 p2psvc - ok
11:00:08.0505 5072 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
11:00:08.0508 5072 Parport - ok
11:00:08.0556 5072 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
11:00:08.0558 5072 partmgr - ok
11:00:08.0582 5072 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
11:00:08.0587 5072 PcaSvc - ok
11:00:08.0634 5072 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
11:00:08.0638 5072 pci - ok
11:00:08.0653 5072 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
11:00:08.0655 5072 pciide - ok
11:00:08.0688 5072 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
11:00:08.0693 5072 pcmcia - ok
11:00:08.0721 5072 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
11:00:08.0722 5072 pcw - ok
11:00:08.0754 5072 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
11:00:08.0765 5072 PEAUTH - ok
11:00:08.0853 5072 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
11:00:08.0856 5072 PerfHost - ok
11:00:08.0935 5072 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
11:00:08.0981 5072 pla - ok
11:00:09.0039 5072 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
11:00:09.0048 5072 PlugPlay - ok
11:00:09.0069 5072 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
11:00:09.0072 5072 PNRPAutoReg - ok
11:00:09.0097 5072 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
11:00:09.0100 5072 PNRPsvc - ok
11:00:09.0150 5072 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\windows\system32\DRIVERS\point64.sys
11:00:09.0152 5072 Point64 - ok
11:00:09.0203 5072 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
11:00:09.0216 5072 PolicyAgent - ok
11:00:09.0255 5072 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
11:00:09.0261 5072 Power - ok
11:00:09.0301 5072 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
11:00:09.0304 5072 PptpMiniport - ok
11:00:09.0331 5072 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
11:00:09.0333 5072 Processor - ok
11:00:09.0383 5072 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
11:00:09.0388 5072 ProfSvc - ok
11:00:09.0402 5072 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
11:00:09.0404 5072 ProtectedStorage - ok
11:00:09.0461 5072 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
11:00:09.0465 5072 Psched - ok
11:00:09.0473 5072 PS_MDP - ok
11:00:09.0530 5072 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
11:00:09.0564 5072 ql2300 - ok
11:00:09.0603 5072 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
11:00:09.0606 5072 ql40xx - ok
11:00:09.0639 5072 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
11:00:09.0645 5072 QWAVE - ok
11:00:09.0663 5072 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
11:00:09.0670 5072 QWAVEdrv - ok
11:00:09.0686 5072 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
11:00:09.0688 5072 RasAcd - ok
11:00:09.0716 5072 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
11:00:09.0718 5072 RasAgileVpn - ok
11:00:09.0734 5072 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
11:00:09.0738 5072 RasAuto - ok
11:00:09.0782 5072 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
11:00:09.0786 5072 Rasl2tp - ok
11:00:09.0805 5072 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
11:00:09.0813 5072 RasMan - ok
11:00:09.0839 5072 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
11:00:09.0842 5072 RasPppoe - ok
11:00:09.0865 5072 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
11:00:09.0868 5072 RasSstp - ok
11:00:09.0911 5072 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
11:00:09.0917 5072 rdbss - ok
11:00:09.0930 5072 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
11:00:09.0933 5072 rdpbus - ok
11:00:09.0945 5072 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
11:00:09.0946 5072 RDPCDD - ok
11:00:09.0972 5072 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
11:00:09.0973 5072 RDPENCDD - ok
11:00:09.0987 5072 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
11:00:09.0989 5072 RDPREFMP - ok
11:00:10.0031 5072 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
11:00:10.0035 5072 RDPWD - ok
11:00:10.0097 5072 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
11:00:10.0103 5072 rdyboost - ok
11:00:10.0111 5072 ReadyComm.DirectRouter - ok
11:00:10.0141 5072 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
11:00:10.0145 5072 RemoteAccess - ok
11:00:10.0177 5072 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
11:00:10.0185 5072 RemoteRegistry - ok
11:00:10.0232 5072 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
11:00:10.0237 5072 RFCOMM - ok
11:00:10.0268 5072 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
11:00:10.0271 5072 RpcEptMapper - ok
11:00:10.0294 5072 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
11:00:10.0296 5072 RpcLocator - ok
11:00:10.0336 5072 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
11:00:10.0340 5072 RpcSs - ok
11:00:10.0374 5072 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
11:00:10.0377 5072 rspndr - ok
11:00:10.0389 5072 RSUSBSTOR - ok
11:00:10.0398 5072 RtsUIR - ok
11:00:10.0415 5072 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
11:00:10.0416 5072 SamSs - ok
11:00:10.0463 5072 [ CDB954C736D51DC5FA712C039AF4F683 ] SbFw C:\windows\system32\drivers\SbFw.sys
11:00:10.0465 5072 SbFw - ok
11:00:10.0512 5072 [ 5DE22E3CB6140213DA2E0599B08D525C ] SBFWIMCL C:\windows\system32\DRIVERS\sbfwim.sys
11:00:10.0513 5072 SBFWIMCL - ok
11:00:10.0524 5072 [ 5DE22E3CB6140213DA2E0599B08D525C ] SBFWIMCLMP C:\windows\system32\DRIVERS\SBFWIM.sys
11:00:10.0525 5072 SBFWIMCLMP - ok
11:00:10.0555 5072 [ A5BC45F8C2F30350E7566799C86B2F5D ] sbhips C:\windows\system32\drivers\sbhips.sys
11:00:10.0558 5072 sbhips - ok
11:00:10.0596 5072 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
11:00:10.0599 5072 sbp2port - ok
11:00:10.0624 5072 SBRE - ok
11:00:10.0655 5072 [ F9955774A6BF0A5CA696F591C7B80A79 ] SbTis C:\windows\system32\drivers\sbtis.sys
11:00:10.0657 5072 SbTis - ok
11:00:10.0708 5072 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
11:00:10.0752 5072 SCardSvr - ok
11:00:10.0853 5072 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
11:00:10.0856 5072 scfilter - ok
11:00:10.0916 5072 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
11:00:10.0947 5072 Schedule - ok
11:00:10.0984 5072 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
11:00:10.0985 5072 SCPolicySvc - ok
11:00:11.0019 5072 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
11:00:11.0024 5072 SDRSVC - ok
11:00:11.0058 5072 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
11:00:11.0061 5072 secdrv - ok
11:00:11.0099 5072 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
11:00:11.0102 5072 seclogon - ok
11:00:11.0130 5072 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
11:00:11.0133 5072 SENS - ok
11:00:11.0160 5072 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
11:00:11.0163 5072 SensrSvc - ok
11:00:11.0186 5072 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
11:00:11.0188 5072 Serenum - ok
11:00:11.0224 5072 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
11:00:11.0228 5072 Serial - ok
11:00:11.0271 5072 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
11:00:11.0274 5072 sermouse - ok
11:00:11.0335 5072 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
11:00:11.0341 5072 SessionEnv - ok
11:00:11.0366 5072 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
11:00:11.0369 5072 sffdisk - ok
11:00:11.0384 5072 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
11:00:11.0386 5072 sffp_mmc - ok
11:00:11.0406 5072 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
11:00:11.0409 5072 sffp_sd - ok
11:00:11.0429 5072 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
11:00:11.0432 5072 sfloppy - ok
11:00:11.0466 5072 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
11:00:11.0473 5072 SharedAccess - ok
11:00:11.0524 5072 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
11:00:11.0532 5072 ShellHWDetection - ok
11:00:11.0563 5072 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
11:00:11.0566 5072 SiSRaid2 - ok
11:00:11.0595 5072 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
11:00:11.0598 5072 SiSRaid4 - ok
11:00:11.0690 5072 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:00:11.0694 5072 SkypeUpdate - ok
11:00:11.0766 5072 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
11:00:11.0771 5072 Smb - ok
11:00:11.0818 5072 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
11:00:11.0820 5072 SNMPTRAP - ok
11:00:11.0838 5072 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
11:00:11.0839 5072 spldr - ok
11:00:11.0895 5072 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
11:00:11.0918 5072 Spooler - ok
11:00:12.0025 5072 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
11:00:12.0195 5072 sppsvc - ok
11:00:12.0224 5072 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
11:00:12.0227 5072 sppuinotify - ok
11:00:12.0277 5072 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
11:00:12.0287 5072 srv - ok
11:00:12.0303 5072 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
11:00:12.0312 5072 srv2 - ok
11:00:12.0329 5072 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
11:00:12.0333 5072 srvnet - ok
11:00:12.0368 5072 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
11:00:12.0373 5072 SSDPSRV - ok
11:00:12.0392 5072 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
11:00:12.0395 5072 SstpSvc - ok
11:00:12.0430 5072 Steam Client Service - ok
11:00:12.0463 5072 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
11:00:12.0465 5072 stexstor - ok
11:00:12.0520 5072 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
11:00:12.0532 5072 stisvc - ok
11:00:12.0566 5072 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
11:00:12.0567 5072 swenum - ok
11:00:12.0607 5072 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
11:00:12.0619 5072 swprv - ok
11:00:12.0692 5072 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
11:00:12.0743 5072 SysMain - ok
11:00:12.0780 5072 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
11:00:12.0784 5072 TabletInputService - ok
11:00:12.0941 5072 [ 25999F2134BE3EA656D1F8D50FA089E6 ] TabletServicePen C:\windows\system32\Pen_Tablet.exe
11:00:13.0073 5072 TabletServicePen - ok
11:00:13.0115 5072 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
11:00:13.0125 5072 TapiSrv - ok
11:00:13.0155 5072 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
11:00:13.0161 5072 TBS - ok
11:00:13.0255 5072 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
11:00:13.0339 5072 Tcpip - ok
11:00:13.0392 5072 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
11:00:13.0402 5072 TCPIP6 - ok
11:00:13.0453 5072 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
11:00:13.0456 5072 tcpipreg - ok
11:00:13.0497 5072 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
11:00:13.0500 5072 TDPIPE - ok
11:00:13.0544 5072 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
11:00:13.0547 5072 TDTCP - ok
11:00:13.0598 5072 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
11:00:13.0602 5072 tdx - ok
11:00:13.0644 5072 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
11:00:13.0645 5072 TermDD - ok
11:00:13.0679 5072 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
11:00:13.0702 5072 TermService - ok
11:00:13.0734 5072 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
11:00:13.0739 5072 Themes - ok
11:00:13.0816 5072 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
11:00:13.0819 5072 THREADORDER - ok
11:00:13.0838 5072 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
11:00:13.0844 5072 TrkWks - ok
11:00:13.0904 5072 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
11:00:13.0910 5072 TrustedInstaller - ok
11:00:13.0956 5072 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
11:00:13.0958 5072 tssecsrv - ok
11:00:13.0994 5072 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
11:00:13.0997 5072 TsUsbFlt - ok
11:00:14.0066 5072 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
11:00:14.0070 5072 tunnel - ok
11:00:14.0102 5072 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
11:00:14.0105 5072 uagp35 - ok
11:00:14.0147 5072 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
11:00:14.0155 5072 udfs - ok
11:00:14.0201 5072 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
11:00:14.0204 5072 UI0Detect - ok
11:00:14.0246 5072 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
11:00:14.0249 5072 uliagpkx - ok
11:00:14.0309 5072 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
11:00:14.0311 5072 umbus - ok
11:00:14.0333 5072 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
11:00:14.0334 5072 UmPass - ok
11:00:14.0358 5072 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
11:00:14.0366 5072 upnphost - ok
11:00:14.0393 5072 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
11:00:14.0424 5072 usbaudio - ok
11:00:14.0448 5072 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
11:00:14.0451 5072 usbccgp - ok
11:00:14.0461 5072 USBCCID - ok
11:00:14.0513 5072 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
11:00:14.0516 5072 usbcir - ok
11:00:14.0536 5072 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
11:00:14.0539 5072 usbehci - ok
11:00:14.0575 5072 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
11:00:14.0582 5072 usbhub - ok
11:00:14.0598 5072 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
11:00:14.0601 5072 usbohci - ok
11:00:14.0633 5072 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
11:00:14.0635 5072 usbprint - ok
11:00:14.0675 5072 [ DF4D962EC7D1C1109B121239712C1299 ] usbsmi C:\windows\system32\DRIVERS\SMIksdrv.sys
11:00:14.0680 5072 usbsmi - ok
11:00:14.0693 5072 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
11:00:14.0696 5072 USBSTOR - ok
11:00:14.0713 5072 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
11:00:14.0715 5072 usbuhci - ok
11:00:14.0752 5072 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
11:00:14.0757 5072 usbvideo - ok
11:00:14.0789 5072 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
11:00:14.0792 5072 UxSms - ok
11:00:14.0806 5072 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
11:00:14.0807 5072 VaultSvc - ok
11:00:14.0854 5072 [ 9304501324486866F91B3AE4C420F206 ] VBoxNetAdp C:\windows\system32\DRIVERS\VBoxNetAdp.sys
11:00:14.0859 5072 VBoxNetAdp - ok
11:00:14.0865 5072 VBoxNetFlt - ok
11:00:14.0894 5072 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
11:00:14.0895 5072 vdrvroot - ok
11:00:14.0948 5072 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
11:00:14.0960 5072 vds - ok
11:00:14.0985 5072 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
11:00:14.0987 5072 vga - ok
11:00:15.0004 5072 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
11:00:15.0005 5072 VgaSave - ok
11:00:15.0031 5072 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
11:00:15.0036 5072 vhdmp - ok
11:00:15.0054 5072 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
11:00:15.0056 5072 viaide - ok
11:00:15.0071 5072 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
11:00:15.0073 5072 volmgr - ok
11:00:15.0119 5072 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
11:00:15.0126 5072 volmgrx - ok
11:00:15.0144 5072 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
11:00:15.0149 5072 volsnap - ok
11:00:15.0174 5072 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
11:00:15.0179 5072 vsmraid - ok
11:00:15.0258 5072 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
11:00:15.0336 5072 VSS - ok
11:00:15.0362 5072 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
11:00:15.0364 5072 vwifibus - ok
11:00:15.0402 5072 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
11:00:15.0405 5072 vwififlt - ok
11:00:15.0426 5072 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
11:00:15.0428 5072 vwifimp - ok
11:00:15.0485 5072 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
11:00:15.0493 5072 W32Time - ok
11:00:15.0534 5072 [ 4F1FBD963F8520B7CE80FFA73EF7DE1D ] wacmoumonitor C:\windows\system32\DRIVERS\wacmoumonitor.sys
11:00:15.0537 5072 wacmoumonitor - ok
11:00:15.0577 5072 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\windows\system32\DRIVERS\wacommousefilter.sys
11:00:15.0578 5072 wacommousefilter - ok
11:00:15.0599 5072 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
11:00:15.0601 5072 WacomPen - ok
11:00:15.0625 5072 [ 26B430E7C5F598FE7353E3BC4B261321 ] wacomvhid C:\windows\system32\DRIVERS\wacomvhid.sys
11:00:15.0626 5072 wacomvhid - ok
11:00:15.0648 5072 [ 8B4255329EDFBA3ECFBD0714476FAD38 ] WacomVKHid C:\windows\system32\DRIVERS\WacomVKHid.sys
11:00:15.0649 5072 WacomVKHid - ok
11:00:15.0702 5072 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
11:00:15.0705 5072 WANARP - ok
11:00:15.0723 5072 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
11:00:15.0725 5072 Wanarpv6 - ok
11:00:15.0789 5072 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
11:00:15.0818 5072 WatAdminSvc - ok
11:00:15.0882 5072 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
11:00:15.0935 5072 wbengine - ok
11:00:15.0974 5072 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
11:00:15.0980 5072 WbioSrvc - ok
11:00:16.0027 5072 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
11:00:16.0035 5072 wcncsvc - ok
11:00:16.0052 5072 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
11:00:16.0056 5072 WcsPlugInService - ok
11:00:16.0079 5072 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
11:00:16.0081 5072 Wd - ok
11:00:16.0120 5072 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
11:00:16.0142 5072 Wdf01000 - ok
11:00:16.0156 5072 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
11:00:16.0161 5072 WdiServiceHost - ok
11:00:16.0169 5072 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
11:00:16.0172 5072 WdiSystemHost - ok
11:00:16.0206 5072 [ 2A444ACF7DD446505BCC801F8F6AE5FD ] wdmirror C:\windows\system32\DRIVERS\WDMirror.sys
11:00:16.0207 5072 wdmirror - ok
11:00:16.0248 5072 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
11:00:16.0254 5072 WebClient - ok
11:00:16.0277 5072 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
11:00:16.0284 5072 Wecsvc - ok
11:00:16.0300 5072 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
11:00:16.0303 5072 wercplsupport - ok
11:00:16.0328 5072 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
11:00:16.0332 5072 WerSvc - ok
11:00:16.0364 5072 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
11:00:16.0366 5072 WfpLwf - ok
11:00:16.0399 5072 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
11:00:16.0404 5072 WimFltr - ok
11:00:16.0421 5072 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
11:00:16.0423 5072 WIMMount - ok
11:00:16.0480 5072 WinDefend - ok
11:00:16.0492 5072 WinHttpAutoProxySvc - ok
11:00:16.0603 5072 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
11:00:16.0609 5072 Winmgmt - ok
11:00:16.0639 5072 WinRing0_1_2_0 - ok
11:00:16.0728 5072 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
11:00:16.0787 5072 WinRM - ok
11:00:16.0874 5072 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
11:00:16.0879 5072 WinUsb - ok
11:00:16.0928 5072 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
11:00:16.0959 5072 Wlansvc - ok
11:00:16.0976 5072 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
11:00:16.0978 5072 WmiAcpi - ok
11:00:17.0019 5072 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
11:00:17.0024 5072 wmiApSrv - ok
11:00:17.0065 5072 WMPNetworkSvc - ok
11:00:17.0088 5072 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
11:00:17.0091 5072 WPCSvc - ok
11:00:17.0136 5072 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
11:00:17.0140 5072 WPDBusEnum - ok
11:00:17.0166 5072 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
11:00:17.0168 5072 ws2ifsl - ok
11:00:17.0219 5072 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
11:00:17.0224 5072 wscsvc - ok
11:00:17.0230 5072 WSearch - ok
11:00:17.0282 5072 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
11:00:17.0286 5072 wsvd - ok
11:00:17.0384 5072 [ 21903F2FC8F70C1FC2AAAA2F06C2C665 ] WTouchService C:\Program Files\WTouch\WTouchService.exe
11:00:17.0450 5072 WTouchService - ok
11:00:17.0542 5072 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
11:00:17.0609 5072 wuauserv - ok
11:00:17.0650 5072 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
11:00:17.0654 5072 WudfPf - ok
11:00:17.0684 5072 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
11:00:17.0689 5072 WUDFRd - ok
11:00:17.0730 5072 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
11:00:17.0734 5072 wudfsvc - ok
11:00:17.0760 5072 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
11:00:17.0766 5072 WwanSvc - ok
11:00:17.0787 5072 ================ Scan global ===============================
11:00:17.0805 5072 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
11:00:17.0844 5072 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
11:00:17.0856 5072 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
11:00:17.0884 5072 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
11:00:17.0907 5072 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
11:00:17.0915 5072 [Global] - ok
11:00:17.0916 5072 ================ Scan MBR ==================================
11:00:17.0929 5072 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:00:18.0276 5072 \Device\Harddisk0\DR0 - ok
11:00:18.0277 5072 ================ Scan VBR ==================================
11:00:18.0283 5072 [ A20D8505F07CA7BCAEEA29D37211C62D ] \Device\Harddisk0\DR0\Partition1
11:00:18.0285 5072 \Device\Harddisk0\DR0\Partition1 - ok
11:00:18.0318 5072 [ 7437C0244A8FFB48841BA50CE2DFA247 ] \Device\Harddisk0\DR0\Partition2
11:00:18.0322 5072 \Device\Harddisk0\DR0\Partition2 - ok
11:00:18.0370 5072 [ 7C44609E2FC5CD5F3B37F113ADF3499A ] \Device\Harddisk0\DR0\Partition3
11:00:18.0372 5072 \Device\Harddisk0\DR0\Partition3 - ok
11:00:18.0373 5072 ============================================================
11:00:18.0373 5072 Scan finished
11:00:18.0373 5072 ============================================================
11:00:18.0461 3264 Detected object count: 0
11:00:18.0461 3264 Actual detected object count: 0
11:00:45.0594 4812 Deinitialize success

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.10.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
PJOB :: PJOB-PC [administrator]

10/10/2012 11:03:34 AM
mbam-log-2012-10-10 (11-03-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212088
Time elapsed: 5 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by Danny Weiss, 10 October 2012 - 01:47 PM.


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:45 PM

Posted 10 October 2012 - 02:19 PM

see if you can delete your browser history and cookies, then log on to safe mode with networking and give ESET another try

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode with networking
  • Then press the Enter Key on your Keyboard
  • go into your usual account


thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Danny Weiss

Danny Weiss
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 11 October 2012 - 05:23 PM

Got the ESET, right here.

C:\Users\PJOB\AppData\Roaming\4830FB73AC15614709D0EA09C9D0178E\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Users\PJOB\AppData\Roaming\4830FB73AC15614709D0EA09C9D0178E\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:45 PM

Posted 11 October 2012 - 05:47 PM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Folder::
C:\Users\PJOB\AppData\Roaming\4830FB73AC15614709D0EA09C9D0178E

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT



Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Danny Weiss

Danny Weiss
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 11 October 2012 - 10:24 PM

ComboFix 12-10-11.03 - PJOB 10/11/2012 22:10:22.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.2436 [GMT -5:00]
Running from: c:\users\PJOB\Desktop\ComboFix.exe
Command switches used :: c:\users\PJOB\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PJOB\AppData\Roaming\4830FB73AC15614709D0EA09C9D0178E
c:\users\PJOB\AppData\Roaming\4830FB73AC15614709D0EA09C9D0178E\enemies-names.txt
c:\users\PJOB\AppData\Roaming\4830FB73AC15614709D0EA09C9D0178E\local.ini
c:\users\PJOB\AppData\Roaming\4830FB73AC15614709D0EA09C9D0178E\lsrslt.ini
c:\users\PJOB\AppData\Roaming\WTouch
c:\users\PJOB\AppData\Roaming\WTouch\WTouch.xml
.
.
((((((((((((((((((((((((( Files Created from 2012-09-12 to 2012-10-12 )))))))))))))))))))))))))))))))
.
.
2012-10-12 03:19 . 2012-10-12 03:19 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-10-12 03:19 . 2012-10-12 03:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-11 18:13 . 2012-10-11 18:13 -------- d-----w- c:\users\PJOB\AppData\Local\fontconfig
2012-10-11 18:13 . 2012-10-11 19:53 -------- d-----w- c:\users\PJOB\.gimp-2.8
2012-10-11 18:13 . 2012-10-11 18:13 -------- d-----w- c:\users\PJOB\AppData\Local\gegl-0.2
2012-10-11 18:11 . 2012-10-11 18:12 -------- d-----w- c:\program files\GIMP 2
2012-10-11 16:51 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AE6D0C8C-624C-4CFF-B361-32944CB73E99}\mpengine.dll
2012-10-10 19:05 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-10 18:02 . 2012-10-10 18:02 -------- d-----w- c:\program files (x86)\ESET
2012-10-10 12:24 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 12:24 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 12:24 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 12:24 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 12:22 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 12:22 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 12:22 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 12:22 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 12:22 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 12:22 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-05 14:38 . 2012-10-02 15:42 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09146821-B54A-4058-A4C7-C4C3373FB6F7}\gapaengine.dll
2012-10-04 02:18 . 2012-10-04 02:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-30 20:27 . 2012-09-30 20:27 -------- d-----w- c:\users\PJOB\AppData\Local\Macromedia
2012-09-30 20:26 . 2012-09-30 20:26 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-30 20:26 . 2012-09-30 20:26 -------- d-----w- c:\windows\system32\Macromed
2012-09-25 22:22 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-25 22:04 . 2012-09-25 22:04 -------- d-----w- c:\program files\Vendini
2012-09-14 23:45 . 2012-09-14 23:45 -------- d-----w- c:\program files (x86)\NCH Software
2012-09-14 03:27 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-14 03:26 . 2012-09-14 03:26 -------- d-----w- c:\program files\iPod
2012-09-14 03:26 . 2012-09-14 03:27 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-14 03:26 . 2012-09-14 03:27 -------- d-----w- c:\program files\iTunes
2012-09-12 14:14 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 14:14 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 14:14 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 14:14 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 14:14 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 14:14 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 14:14 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 16:51 . 2010-12-27 16:37 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-02 15:42 . 2011-03-26 03:54 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-30 20:26 . 2011-08-18 02:38 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-07 22:04 . 2010-08-28 20:34 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 23:07 . 2012-08-31 23:07 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-31 23:07 . 2012-07-18 04:04 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-31 23:07 . 2011-07-27 22:01 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 03:03 . 2010-10-25 03:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-21 18:01 . 2010-08-02 03:39 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 18:01 . 2010-08-02 03:39 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 12:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-07-18 18:15 . 2012-08-15 20:46 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\PJOB\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\PJOB\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\PJOB\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Spotify Web Helper"="c:\users\PJOB\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-17 1193176]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2010-05-25 3122440]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"QuickTime Plugin Install"="c:\program files (x86)\QuickTime\Plugins\DeleteMe1.exe" [2011-09-20 86016]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="D:\iTunesHelper.exe" [2012-09-10 421776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
.
c:\users\PJOB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\PJOB\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli iPrntWinCredMan
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03 116648]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-16 79376]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-08 1431888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03 116648]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2009-10-07 271640]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 84568]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 60504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-22 154256]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-01-30 18216]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-02 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\test\ECECECEC\WinRing0x64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
S1 funfrm;funfrm; [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 253528]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 94296]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-07-15 5414184]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-07-15 127272]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 26128]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-28 52320]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 84568]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-10-16 197376]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11280]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
<NO NAME> REG_SZ
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03 20:42]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03 20:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\PJOB\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\PJOB\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\PJOB\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\PJOB\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2010-05-25 06:20 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 365592]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-09-29 4366704]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-08-19 5825536]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2011-11-04 66136]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2011-11-04 69720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.1.36 172.16.1.78
FF - ProfilePath - c:\users\PJOB\AppData\Roaming\Mozilla\Firefox\Profiles\rv4338qs.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\00\19\11\1d\18É"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-11 22:22:48
ComboFix-quarantined-files.txt 2012-10-12 03:22
ComboFix2.txt 2012-10-10 04:42
.
Pre-Run: 86,340,579,328 bytes free
Post-Run: 86,293,778,432 bytes free
.
- - End Of File - - F0384A8BA73ADEB7449BD11C4023F947

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:45 PM

Posted 12 October 2012 - 09:49 PM

please run the following:

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Danny Weiss

Danny Weiss
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 12 October 2012 - 09:58 PM

Everything's running good so far; no sign of those pop-ups.

MiniToolBox by Farbar Version: 23-07-2012
Ran by PJOB (administrator) on 12-10-2012 at 21:54:33
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer (Version: 7.2.5)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 10 ActiveX (Version: 10.1.82.76)
Adobe Flash Player 11 Plugin (Version: 11.4.402.278)
Adobe Reader X (10.1.4) (Version: 10.1.4)
ALPS Touch Pad Driver
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.3.12 (Unicode)
Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79)
Bamboo
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless Driver (Version: 1.0.0.0)
Broadcom Gigabit Integrated Controller (Version: 12.24.02)
CCleaner (Version: 2.35)
Celtx (2.9.7) (Version: 2.9.7 (en-US))
Conexant HD Audio (Version: 4.119.0.60)
Dropbox (Version: 1.4.7)
EasyCapture (Version: V4.0.09.1015)
Energy Management (Version: 4.4.1.3)
ESET Online Scanner v3
FARO LS 1.1.406.58 (Version: 4.6.58.2)
Finale NotePad 2012 (Version: 2012..r1.5)
FUJIFILM MyFinePix Studio 1.0
GIMP 2.8.2 (Version: 2.8.2)
Google Chrome (Version: 22.0.1229.94)
Google SketchUp 8 (Version: 3.0.14346)
Google Update Helper (Version: 1.3.21.123)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes (Version: 10.7.0.21)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 14.0.8089.726)
LAME v3.98.3 for Audacity
Lenovo EasyCamera (Version: 5.8.0.12)
Lenovo OneKey Recovery (Version: 7.0.0723)
Lenovo ReadyComm 5 (Version: 5.1.1.20)
Lenovo ReadyComm 5.0 Service (Version: 5.0.0.1)
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Mouse and Keyboard Center (Version: 1.1.500.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Reader
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 15.0 (x86 en-US) (Version: 15.0)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MS Access 97 SP2
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Novell iPrint Client v05.74.00
Oasis2Service 1.0 (Version: 1.0.0)
PC-Doctor for Windows (Version: 6.0.5426.03)
Portal
Portal 2
Power2Go (Version: 5.6.0.4809d4)
QuickTime (Version: 7.71.80.42)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
Sibelius 7 OpenType Fonts (Version: 7.0.0)
Sibelius 7.0.0.23 (Version: 7.0.0.23)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.10 (Version: 5.10.116)
Spotify (Version: 0.8.4.124.ga3559d86)
Steam (Version: 1.0.0.0)
System Requirements Lab CYRI (Version: 4.5.1.0)
Team Fortress 2
TicketAgent 4.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VeriFace (Version: 3.6.0.0921)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
VLC media player 2.0.2 (Version: 2.0.2)
WavePad Sound Editor
Windows Driver Package - Lenovo (ACPIVPC) System (05/19/2009 4.4.0.1) (Version: 05/19/2009 4.4.0.1)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
WinRAR archiver
Yahoo! BrowserPlus 2.9.8

**** End of log ****

Farbar Service Scanner Version: 07-10-2012
Ran by PJOB (administrator) on 12-10-2012 at 21:57:19
Running from "C:\Users\PJOB\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-10-10 07:22] - [2012-06-02 00:41] - 0184320 ____A (Microsoft Corporation) 9C01375BE382E834CC26D1B7EAF2C4FE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:45 PM

Posted 12 October 2012 - 10:13 PM

We just have some housekeeping to do now,

Please do the following:


You can delete the DDS, TDSSKiller and the Farbar logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:45 PM

Posted 19 October 2012 - 08:25 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users