Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yet another Internet Explorer RE-direct issue


  • This topic is locked This topic is locked
18 replies to this topic

#1 COHemi

COHemi

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 16 October 2012 - 07:57 PM

Hello and thanks in advance for any assistance.

A couple weeks ago I started getting a re-direct issue. Malwarebytes finds it and supposedly removes it but it comes right back. I have ran Malwarebytes and Spybot to no avail.

I looked thru the available spyware and malware removal guides available on the site but don't know exactly what my (virus) is called.

The following is what I am refering to from one line in the Malwarebytes log.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cdrle (Trojan.RedirRdll2.Gen) -> Data: rundll32.exe "C:\Users\xxxx\AppData\Roaming\cdrle.dll",HrStreamSeekSet -> Quarantined and deleted successfully


Thanks,

COHemi

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:36 PM

Posted 16 October 2012 - 09:54 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 COHemi

COHemi
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 16 October 2012 - 10:40 PM

Gringo, thanks for the response. Here are the logs you asked for. COHemi.

DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.4.1
Run by LocalAdmin at 21:35:24 on 2012-10-16
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.1787.772 [GMT -6:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ================
.
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Apoint] \Apoint2K\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [DagentUI] c:\program files\altiris\aclient\dagentui.exe
mRun: [OfficeScanNT Monitor] -HideWindow
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SecureConnector] "c:\program files\forescout secureconnector\SecureConnector.exe"
mRun: [AeXAgentLogon] c:\program files\altiris\altiris agent\AeXAgentActivate.exe /logon
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRunOnce: [InnoSetupRegFile.0000000001] "c:\windows\is-95NNC.exe" /REG
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{f3c1de9e-5e16-4ba9-b854-7b53a45e3579}\Icon3E5562ED7.ico
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoPublishingWizard = dword:1
mPolicies-Explorer: NoWebServices = dword:1
mPolicies-Explorer: DisableLocalMachineRun = dword:1
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-System: FilterAdministratorToken = dword:1
mPolicies-System: legalnoticecaption = PAETEC Security and Auditing Policy
mPolicies-System: legalnoticetext = PAETEC computers & network systems (including voice mail) are for the business use of PAETEC personnel. Any use of these by any other person is prohibited. PAETEC owns all records generated or stored on its computers/systems. PAETEC may at any time & for any purpose access and disclose all records sent over or stored in its computers/systems. Your use of PAETEC computers/systems constitutes your consent to this access and disclosure and the further restrictions as set forth in the Employee Handbook.
mPolicies-Windows\System: UserPolicyMode = dword:1
mPolicies-Windows\System: GroupPolicyMinTransferRate = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {71D73A47-975F-11D1-AA77-00A0C98D86D4} - hxxp://10.1.101.218/shorewaredirector/VoiceMessage.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} - hxxp://66.133.171.11/rcm/webcontrols/telnet/wodTelnetDLX.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - hxxp://applprd.xeta.com:8001/OA_HTML/oaj2se.exe
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cisco.webex.com/client/WBXclient-T27L10NSP25EP4-11889/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://remote.xeta.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {FA6424B7-D971-11D1-9697-00A0C928D512} - hxxp://10.1.101.218/shorewaredirector/TwentyFour7.ocx
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{382988C9-BB3A-4F91-8969-9AFA1D194C46} : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{382988C9-BB3A-4F91-8969-9AFA1D194C46}\16E6162656C6C656 : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{382988C9-BB3A-4F91-8969-9AFA1D194C46}\4435C4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{382988C9-BB3A-4F91-8969-9AFA1D194C46}\74C6F62616C6355796475675962756C6563737 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{382988C9-BB3A-4F91-8969-9AFA1D194C46}\94F4E44454E4655425 : DHCPNameServer = 10.25.119.26 205.171.3.65
TCP: Interfaces\{CE05E8A7-16EC-400D-AD0A-FAF2E52B2396} : NameServer = 198.224.160.135 198.224.164.135
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-4-25 65584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2010-11-17 81920]
R2 Altiris Deployment Agent;Altiris Deployment Agent;c:\program files\altiris\aclient\dagent.exe [2010-3-22 1254736]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-10-10 133944]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-6-8 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-1-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-6-20 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-1 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-1 676936]
R2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\qualcomm\qdlservice2k\QDLService2kHP.exe [2010-5-12 331512]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-9-7 2477304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-1 22856]
R3 qcfilterhp2k;Gobi 2000 USB Composite Device Filter Driver(03F0-251D);c:\windows\system32\drivers\qcfilterhp2k.sys [2010-5-12 5248]
R3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\drivers\qcusbnethp2k.sys [2010-5-12 372224]
R3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\drivers\qcusbserhp2k.sys [2010-5-12 190592]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-8-25 157776]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 OfficeSafe;OfficeSafe;c:\program files\allworx\officesafe service\OfficeSafeService.exe [2011-5-24 46592]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-11-17 297000]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-11-17 33320]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-12 1120752]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-11-16 186912]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-15 1343400]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\users\tjbrown\documents\inter-tel\collaboration client 2.0\lkWebLink.exe [2007-9-20 32768]
.
=============== Created Last 30 ================
.
2012-10-15 16:07:01 -------- d-----r- C:\Sandbox
2012-10-15 15:20:18 -------- d-----w- c:\program files\Sandboxie
2012-10-15 15:19:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-15 15:19:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-03 09:00:59 981504 ----a-w- c:\windows\system32\wininet.dll
2012-10-03 09:00:59 386048 ----a-w- c:\windows\system32\html.iec
2012-10-03 09:00:58 672872 ----a-w- c:\program files\internet explorer\iexplore.exe
2012-10-03 09:00:53 860672 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-10-03 09:00:51 524800 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2012-10-01 22:40:28 -------- d-----w- c:\users\localadmin\appdata\roaming\Malwarebytes
2012-10-01 22:39:28 -------- d-----w- c:\programdata\Malwarebytes
2012-10-01 22:39:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-01 22:39:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-10-03 05:32:22 174056 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2012-08-24 17:08:47 44544 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-24 15:27:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 21:35:57.18 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.05)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 6/9/2011 11:21:18 AM
System Uptime: 10/16/2012 4:31:38 PM (5 hours ago)
.
Motherboard: Hewlett-Packard | | 148B
Processor: AMD Athlon™ II Neo K325 Dual-Core Processor | Socket S1G4 | 1300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 199.755 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Microsoft Teredo Tunneling Adapter
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Broadcom 2070 Bluetooth
Device ID: USB\VID_0A5C&PID_21B4\70F395D28D16
Manufacturer: Broadcom
Name: Broadcom 2070 Bluetooth
PNP Device ID: USB\VID_0A5C&PID_21B4\70F395D28D16
Service: BTHUSB
.
==== System Restore Points ===================
.
RP152: 8/29/2012 3:00:23 AM - Windows Update
RP153: 9/5/2012 3:00:25 AM - Windows Update
RP154: 9/12/2012 3:50:53 PM - Scheduled Checkpoint
RP155: 9/19/2012 3:58:07 PM - Scheduled Checkpoint
RP156: 9/27/2012 12:00:06 AM - Scheduled Checkpoint
RP157: 10/3/2012 3:00:22 AM - Windows Update
RP158: 10/11/2012 1:12:52 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
ALPS Touch Pad Driver
Altiris Application Metering Agent
Altiris Deployment Agent
Altiris Software Delivery Solution Agent
Altiris Task Synchronization Agent
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avaya Integrated Management Administration Tools
Avaya Integrated Management Administration Tools 5.2 SP4
Avaya one-X® Communicator
BCM Monitor
Bonjour
Boson Exam Environment
Broadcom 2070 Bluetooth 3.0
Broadcom 802.11 Wireless LAN Adapter
Call Assistant
CCleaner
CCNA 802 Practice Exam
Cisco Packet Tracer 5.3
Cisco Systems VPN Client 5.0.05.0290
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Convergys Health Checker
DirectX 9 Runtime
ESU for Microsoft Windows 7
IDT Audio
inSSIDer 2.0
Inter-Tel Collaboration Client 2.0
ISScript
iTunes
J2SE Runtime Environment 5.0 Update 21
Java Auto Updater
Java™ 7 Update 4
JavaFX 2.1.0
join.me
Juniper Networks Network Connect 7.0.0
LiveUpdate 3.3 (Symantec Corporation)
LogMeIn
Malwarebytes Anti-Malware version 1.65.0.1400
MaximilianCMax
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007 R2
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nortel Business Element Manager
OfficeSafe Service
OrderPro 9.3.0
PL-2303 USB-to-Serial
Proofpoint Spam Reporting Plug-in for Microsoft Outlook
Qualcomm Gobi 2000 Package for HP
QuickTime
Realtek USB 2.0 Card Reader
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Business
Roxio Creator Business v10
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD
Sandboxie 3.74 (32-bit)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SMS 2003 Toolkit 2
SolarWinds Advanced Subnet Calculator
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
Symantec Endpoint Protection
Symantec Enterprise Vault Outlook Add-In
Symantec Procomm Plus
Synaptics Pointing Device Driver
U.S. Robotics V.92 USB Modem
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VZAccess Manager
WebEx
Windows Driver Package - U.S. Robotics Corporation (usbser) Modem (03/12/2010 3.1.0.39)
Windows Installer Clean Up
WinPcap 4.1.2
WinSCP 4.3.7
X-Lite 3.0
.
==== Event Viewer Messages From Past Week ========
.
10/16/2012 9:29:27 PM, Error: atikmdag [43029] - Display is not active
10/16/2012 8:34:00 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain PAETEC-DM due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
10/16/2012 8:12:55 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
10/16/2012 6:35:17 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
10/16/2012 4:36:45 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
10/16/2012 4:33:36 PM, Error: Service Control Manager [7034] - The OfficeSafe service terminated unexpectedly. It has done this 1 time(s).
10/16/2012 4:33:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
10/16/2012 4:32:52 PM, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses.
10/16/2012 4:32:24 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
10/16/2012 3:18:56 PM, Error: Service Control Manager [7034] - The iClarityQoSService service terminated unexpectedly. It has done this 1 time(s).
10/15/2012 9:14:02 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
10/15/2012 9:13:11 AM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
10/15/2012 9:03:31 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WwanSvc service.
10/15/2012 2:59:12 PM, Error: Microsoft-Windows-GroupPolicy [1096] - The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LDAP://CN=Machine,cn={161CF311-6510-43EB-9456-57D990A06EED},cn=policies,cn=system,DC=corp,DC=paetec,DC=com. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.
10/11/2012 12:17:28 PM, Error: Microsoft-Windows-GroupPolicy [1058] - The processing of Group Policy failed. Windows attempted to read the file \\corp.paetec.com\SysVol\corp.paetec.com\Policies\{0D2B3A52-CCB2-4344-AB96-EB98A36B573F}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. B) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled.
.
==== End Of File ===========================



Results of screen317's Security Check version 0.99.51
Windows 7 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.0.1400
CCleaner
JavaFX 2.1.0
Java™ 7 Update 4
Java version out of Date!
Adobe Reader X 10.1.3 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:36 PM

Posted 16 October 2012 - 10:41 PM

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 COHemi

COHemi
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 16 October 2012 - 11:00 PM

here ya go...


Results of screen317's Security Check version 0.99.51
Windows 7 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.0.1400
CCleaner
JavaFX 2.1.0
Java™ 7 Update 4
Java version out of Date!
Adobe Reader X 10.1.3 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````






# AdwCleaner v2.005 - Logfile created 10/16/2012 at 21:49:55
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Enterprise (32 bits)
# User : LocalAdmin - JPBROWN-PAVDM1
# Boot Mode : Normal
# Running from : C:\Users\LocalAdmin\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKU\S-1-5-21-2117276672-2013200570-311576647-66346\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [1606 octets] - [16/10/2012 21:47:41]
AdwCleaner[R2].txt - [1666 octets] - [16/10/2012 21:48:58]
AdwCleaner[S1].txt - [1458 octets] - [16/10/2012 21:49:55]

########## EOF - C:\AdwCleaner[S1].txt - [1518 octets] ##########








RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : LocalAdmin [Admin rights]
Mode : Remove -- Date : 10/16/2012 21:56:44

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\RunOnce : InnoSetupRegFile.0000000001 ("C:\Windows\is-95NNC.exe" /REG) -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{CE05E8A7-16EC-400D-AD0A-FAF2E52B2396} : NameServer (198.224.160.135 198.224.164.135) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{CE05E8A7-16EC-400D-AD0A-FAF2E52B2396} : NameServer (198.224.160.135 198.224.164.135) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x83323069 -> HOOKED (Unknown @ 0x866EFE28)
SSDT[14] : NtAlertThread @ 0x832D0DC6 -> HOOKED (Unknown @ 0x866EFF08)
SSDT[19] : NtAllocateVirtualMemory @ 0x8329243B -> HOOKED (Unknown @ 0x868C4208)
SSDT[59] : ExpInterlockedPopEntrySListResume @ 0x832BEF42 -> HOOKED (Unknown @ 0x86535E00)
SSDT[74] : NtCreateMutant @ 0x832C52C3 -> HOOKED (Unknown @ 0x866EFB78)
SSDT[87] : NtCreateThread @ 0x8332129A -> HOOKED (Unknown @ 0x8626CE50)
SSDT[131] : NtFreeVirtualMemory @ 0x830F996D -> HOOKED (Unknown @ 0x868C4068)
SSDT[145] : NtImpersonateAnonymousToken @ 0x83239048 -> HOOKED (Unknown @ 0x866EFC68)
SSDT[147] : NtImpersonateThread @ 0x8329ECB3 -> HOOKED (Unknown @ 0x866EFD48)
SSDT[168] : NtMapViewOfSection @ 0x832C5585 -> HOOKED (Unknown @ 0x868C3D20)
SSDT[177] : NtOpenEvent @ 0x832C7C15 -> HOOKED (Unknown @ 0x866EFA98)
SSDT[191] : NtOpenProcessToken @ 0x83282F11 -> HOOKED (Unknown @ 0x868C12C0)
SSDT[199] : NtOpenThreadToken @ 0x83282775 -> HOOKED (Unknown @ 0x868C3AF8)
SSDT[304] : NtResumeThread @ 0x832B867D -> HOOKED (Unknown @ 0x868975E0)
SSDT[316] : NtSetContextThread @ 0x83322B17 -> HOOKED (Unknown @ 0x868C3A38)
SSDT[333] : NtSetInformationProcess @ 0x83293A35 -> HOOKED (Unknown @ 0x868C3BC8)
SSDT[335] : NtSetInformationThread @ 0x832AFE22 -> HOOKED (Unknown @ 0x868C3968)
SSDT[366] : NtSuspendProcess @ 0x83322FA3 -> HOOKED (Unknown @ 0x866EF9B8)
SSDT[367] : NtSuspendThread @ 0x832DFD04 -> HOOKED (Unknown @ 0x868C37C8)
SSDT[370] : NtTerminateProcess @ 0x832A81B5 -> HOOKED (Unknown @ 0x8626CD30)
SSDT[371] : NtTerminateThread @ 0x832BAF92 -> HOOKED (Unknown @ 0x868C38A8)
SSDT[385] : NtUnmapViewOfSection @ 0x832C238A -> HOOKED (Unknown @ 0x868C1200)
SSDT[399] : NtWriteVirtualMemory @ 0x832CDC63 -> HOOKED (Unknown @ 0x868C4138)
_INLINE_ : NtTraceEvent -> HOOKED (Unknown @ 0x83078E34)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEKT-60PVMT0 ATA Device +++++
--- User ---
[MBR] 059ae0dbb820647c886f61c29e385e3a
[BSP] a0256d1d5305bbcf6a648dfd83e16d77 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:36 PM

Posted 16 October 2012 - 11:32 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 COHemi

COHemi
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 17 October 2012 - 12:10 AM

Gringo, IE is running normal now - no Re-Direct issues so far.

The ComboFix did disable one file c:\windows\system32\AMINIT.dll

Here is the log:


ComboFix 12-10-16.02 - LocalAdmin 10/16/2012 22:47:41.1.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.1787.856 [GMT -6:00]
Running from: c:\users\LocalAdmin\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
The following files were disabled during the run:
c:\windows\system32\AMINIT.dll
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Altiris_Icon.ico
c:\users\tjb45495\AppData\Local\chromeupdate.crx
c:\users\tjb45495\AppData\Roaming\mcadef.dll
c:\users\tjb45495\AppData\Roaming\MicroST
c:\windows\system32\msstdfmt.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-17 to 2012-10-17 )))))))))))))))))))))))))))))))
.
.
2012-10-17 04:56 . 2012-10-17 04:56 -------- d-----w- c:\users\vpnmover\AppData\Local\temp
2012-10-17 04:56 . 2012-10-17 04:56 -------- d-----w- c:\users\TJBrown\AppData\Local\temp
2012-10-17 04:56 . 2012-10-17 04:56 -------- d-----w- c:\users\dnorris.xeta\AppData\Local\temp
2012-10-17 04:56 . 2012-10-17 04:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-17 04:56 . 2012-10-17 04:56 -------- d-----w- c:\users\altiris.paetec-dm\AppData\Local\temp
2012-10-17 04:56 . 2012-10-17 04:56 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-15 16:07 . 2012-10-15 16:07 -------- d-----r- C:\Sandbox
2012-10-15 15:20 . 2012-10-15 15:20 -------- d-----w- c:\program files\Sandboxie
2012-10-15 15:19 . 2012-10-16 22:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-15 15:19 . 2012-10-15 21:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-03 09:00 . 2012-08-24 17:10 981504 ----a-w- c:\windows\system32\wininet.dll
2012-10-03 09:00 . 2012-08-24 16:01 386048 ----a-w- c:\windows\system32\html.iec
2012-10-03 09:00 . 2012-08-24 17:15 672872 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-10-03 09:00 . 2012-08-24 17:08 860672 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-10-03 09:00 . 2012-08-24 17:08 524800 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-10-01 22:42 . 2012-10-01 22:42 -------- d-----w- c:\users\tjb45495\AppData\Roaming\Malwarebytes
2012-10-01 22:40 . 2012-10-01 22:40 -------- d-----w- c:\users\LocalAdmin\AppData\Roaming\Malwarebytes
2012-10-01 22:39 . 2012-10-01 22:39 -------- d-----w- c:\programdata\Malwarebytes
2012-10-01 22:39 . 2012-10-01 22:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-01 22:39 . 2012-09-07 23:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-03 05:32 . 2011-09-30 13:50 174056 ----a-w- c:\windows\system32\drivers\wpshelper.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-08-25 545552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="-HideWindow" [X]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2012-05-15 5164120]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-06-09 495708]
"DagentUI"="c:\program files\Altiris\AClient\dagentui.exe" [2010-03-22 554320]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-09-07 115560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"SecureConnector"="c:\program files\ForeScout SecureConnector\SecureConnector.exe" [2012-04-02 994904]
"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2009-09-30 152872]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-07 766536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2011-12-9 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 1 (0x1)
"PromptOnSecureDesktop"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPublishingWizard"= 1 (0x1)
"NoWebServices"= 1 (0x1)
"NoAutorun"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-154013260-982405162-577866162-1866\Scripts\Logon\0\0]
"Script"=\\dc3\sysvol\corp.xeta.com\scripts\Staff_Shared_Drives.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2117276672-2013200570-311576647-66346\Scripts\Logon\0\0]
"Script"=Kintana-Fix.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2117276672-2013200570-311576647-66346\Scripts\Logon\1\0]
"Script"=Kintana-Fix.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 06:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2011-01-12 00:04 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 17:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 OfficeSafe;OfficeSafe;c:\program files\Allworx\OfficeSafe Service\OfficeSafeService.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\users\TJBrown\Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 Altiris Deployment Agent;Altiris Deployment Agent;c:\program files\Altiris\AClient\dagent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\QUALCOMM\QDLService2k\QDLService2kHP.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 qcfilterhp2k;Gobi 2000 USB Composite Device Filter Driver(03F0-251D);c:\windows\system32\DRIVERS\qcfilterhp2k.sys [x]
S3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\DRIVERS\qcusbnethp2k.sys [x]
S3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\DRIVERS\qcusbserhp2k.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
.
------- Supplementary Scan -------
.
Trusted Zone: xeta.com\applprd
Trusted Zone: xeta.com\onexp.corp
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{CE05E8A7-16EC-400D-AD0A-FAF2E52B2396}: NameServer = 198.224.160.135 198.224.164.135
DPF: {71D73A47-975F-11D1-AA77-00A0C98D86D4} - hxxp://10.1.101.218/shorewaredirector/VoiceMessage.ocx
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} - hxxp://66.133.171.11/rcm/webcontrols/telnet/wodTelnetDLX.cab
DPF: {FA6424B7-D971-11D1-9697-00A0C928D512} - hxxp://10.1.101.218/shorewaredirector/TwentyFour7.ocx
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Apoint - \Apoint2K\Apoint.exe
SafeBoot-Symantec Antvirus
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.EXE'(3588)
c:\windows\system32\AMINIT.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\WinSCP\DragExt.dll
c:\users\LocalAdmin\AppData\Local\Temp\catchme.dll
.
Completion time: 2012-10-16 23:01:30
ComboFix-quarantined-files.txt 2012-10-17 05:01
.
Pre-Run: 216,277,016,576 bytes free
Post-Run: 216,319,537,152 bytes free
.
- - End Of File - - 7C24E5BD31242F671069DD9092824C8A

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:36 PM

Posted 17 October 2012 - 12:21 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 COHemi

COHemi
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 17 October 2012 - 12:47 AM

here are the 2 reports. Thanks for staying up late by the way!




23:27:58.0875 5928 SetPrivileges failed!
23:27:58.0875 5928 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
23:28:00.0373 5928 ============================================================
23:28:00.0373 5928 Current date / time: 2012/10/16 23:28:00.0373
23:28:00.0373 5928 SystemInfo:
23:28:00.0373 5928
23:28:00.0373 5928 OS Version: 6.1.7600 ServicePack: 0.0
23:28:00.0373 5928 Product type: Workstation
23:28:00.0373 5928 ComputerName: JPBROWN-PAVDM1
23:28:00.0373 5928 UserName: LocalAdmin
23:28:00.0373 5928 Windows directory: C:\Windows
23:28:00.0373 5928 System windows directory: C:\Windows
23:28:00.0373 5928 Processor architecture: Intel x86
23:28:00.0373 5928 Number of processors: 2
23:28:00.0373 5928 Page size: 0x1000
23:28:00.0373 5928 Boot type: Normal boot
23:28:00.0373 5928 ============================================================
23:28:01.0995 5928 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:28:01.0995 5928 ============================================================
23:28:01.0995 5928 \Device\Harddisk0\DR0:
23:28:01.0995 5928 MBR partitions:
23:28:01.0995 5928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
23:28:01.0995 5928 ============================================================
23:28:02.0011 5928 C: <-> \Device\Harddisk0\DR0\Partition1
23:28:02.0011 5928 ============================================================
23:28:02.0011 5928 Initialize success
23:28:02.0011 5928 ============================================================
23:28:04.0289 2552 ============================================================
23:28:04.0289 2552 Scan started
23:28:04.0289 2552 Mode: Manual;
23:28:04.0289 2552 ============================================================
23:28:05.0303 2552 ================ Scan system memory ========================
23:28:05.0303 2552 System memory - ok
23:28:05.0303 2552 ================ Scan services =============================
23:28:05.0537 2552 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
23:28:05.0552 2552 1394ohci - ok
23:28:05.0599 2552 [ 465B6BAABA53A628F7252846D0E900EE ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
23:28:05.0630 2552 Accelerometer - ok
23:28:05.0646 2552 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
23:28:05.0708 2552 ACPI - ok
23:28:05.0724 2552 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
23:28:05.0755 2552 AcpiPmi - ok
23:28:05.0864 2552 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:28:05.0927 2552 AdobeARMservice - ok
23:28:05.0942 2552 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:28:06.0051 2552 adp94xx - ok
23:28:06.0114 2552 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:28:06.0161 2552 adpahci - ok
23:28:06.0192 2552 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:28:06.0223 2552 adpu320 - ok
23:28:06.0254 2552 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:28:06.0254 2552 AeLookupSvc - ok
23:28:06.0317 2552 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Program Files\IDT\WDM\aestsrv.exe
23:28:06.0317 2552 AESTFilters - ok
23:28:06.0426 2552 [ 1D032AD8F6FFE4DB27B3960822AE3FAC ] AeXNSClient C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
23:28:06.0488 2552 AeXNSClient - ok
23:28:06.0551 2552 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
23:28:06.0582 2552 AFD - ok
23:28:06.0597 2552 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
23:28:06.0629 2552 agp440 - ok
23:28:06.0644 2552 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
23:28:06.0691 2552 aic78xx - ok
23:28:06.0707 2552 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
23:28:06.0707 2552 ALG - ok
23:28:06.0738 2552 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
23:28:06.0769 2552 aliide - ok
23:28:06.0863 2552 [ 0D198F3B9721951FFD4C5E3745ABA211 ] Altiris Deployment Agent c:\Program Files\Altiris\AClient\dagent.exe
23:28:06.0956 2552 Altiris Deployment Agent - ok
23:28:07.0003 2552 [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:28:07.0003 2552 AMD External Events Utility - ok
23:28:07.0019 2552 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
23:28:07.0081 2552 amdagp - ok
23:28:07.0097 2552 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
23:28:07.0143 2552 amdide - ok
23:28:07.0159 2552 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:28:07.0175 2552 AmdK8 - ok
23:28:07.0190 2552 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:28:07.0206 2552 AmdPPM - ok
23:28:07.0237 2552 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:28:07.0284 2552 amdsata - ok
23:28:07.0315 2552 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:28:07.0346 2552 amdsbs - ok
23:28:07.0362 2552 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:28:07.0455 2552 amdxata - ok
23:28:07.0487 2552 [ 22403504E15810E99A563782E9D45311 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
23:28:07.0518 2552 ApfiltrService - ok
23:28:07.0549 2552 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
23:28:07.0565 2552 AppID - ok
23:28:07.0596 2552 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:28:07.0611 2552 AppIDSvc - ok
23:28:07.0627 2552 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
23:28:07.0643 2552 Appinfo - ok
23:28:07.0689 2552 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:28:07.0752 2552 Apple Mobile Device - ok
23:28:07.0767 2552 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
23:28:07.0783 2552 AppMgmt - ok
23:28:07.0799 2552 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
23:28:07.0892 2552 arc - ok
23:28:07.0908 2552 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:28:07.0955 2552 arcsas - ok
23:28:08.0111 2552 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:28:08.0111 2552 aspnet_state - ok
23:28:08.0126 2552 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:28:08.0173 2552 AsyncMac - ok
23:28:08.0189 2552 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
23:28:08.0189 2552 atapi - ok
23:28:08.0235 2552 [ 42529B1CCC376B8DB8B40A52F9C13FAC ] atashost C:\Windows\system32\atashost.exe
23:28:08.0282 2552 atashost - ok
23:28:08.0423 2552 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:28:08.0501 2552 atikmdag - ok
23:28:08.0547 2552 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:28:08.0579 2552 AudioEndpointBuilder - ok
23:28:08.0594 2552 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:28:08.0594 2552 Audiosrv - ok
23:28:08.0610 2552 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:28:08.0625 2552 AxInstSV - ok
23:28:08.0657 2552 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
23:28:08.0688 2552 b06bdrv - ok
23:28:08.0703 2552 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
23:28:08.0719 2552 b57nd60x - ok
23:28:08.0828 2552 [ 3DA1C04EA8C09A9F77A951D5AE4F8CFC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
23:28:08.0875 2552 BCM43XX - ok
23:28:08.0906 2552 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
23:28:08.0906 2552 BDESVC - ok
23:28:08.0922 2552 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
23:28:08.0937 2552 Beep - ok
23:28:08.0969 2552 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
23:28:09.0078 2552 BFE - ok
23:28:09.0109 2552 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll
23:28:09.0140 2552 BITS - ok
23:28:09.0156 2552 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:28:09.0171 2552 blbdrive - ok
23:28:09.0218 2552 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:28:09.0296 2552 Bonjour Service - ok
23:28:09.0343 2552 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:28:09.0343 2552 bowser - ok
23:28:09.0359 2552 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:28:09.0390 2552 BrFiltLo - ok
23:28:09.0405 2552 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:28:09.0421 2552 BrFiltUp - ok
23:28:09.0452 2552 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
23:28:09.0468 2552 BridgeMP - ok
23:28:09.0499 2552 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
23:28:09.0515 2552 Browser - ok
23:28:09.0530 2552 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:28:09.0608 2552 Brserid - ok
23:28:09.0624 2552 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:28:09.0671 2552 BrSerWdm - ok
23:28:09.0686 2552 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:28:09.0702 2552 BrUsbMdm - ok
23:28:09.0717 2552 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:28:09.0733 2552 BrUsbSer - ok
23:28:09.0764 2552 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
23:28:09.0795 2552 BthEnum - ok
23:28:09.0811 2552 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:28:09.0827 2552 BTHMODEM - ok
23:28:09.0842 2552 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:28:09.0858 2552 BthPan - ok
23:28:09.0905 2552 [ 12E2C56656EC2B8B5E96D3584AEABD46 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
23:28:09.0936 2552 BTHPORT - ok
23:28:09.0983 2552 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
23:28:09.0998 2552 bthserv - ok
23:28:10.0014 2552 [ E41B011F3372606B9DE71698606F37AD ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
23:28:10.0029 2552 BTHUSB - ok
23:28:10.0061 2552 [ 525432CFD6D8C004860AF7ECD0A84234 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
23:28:10.0107 2552 btwampfl - ok
23:28:10.0139 2552 [ CF8799A563F734984D4E053CACEC1426 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
23:28:10.0170 2552 btwaudio - ok
23:28:10.0201 2552 [ 9ED9932043D599AEA04F6EA2D86964A1 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
23:28:10.0232 2552 btwavdt - ok
23:28:10.0295 2552 [ 110496CF8143FEA63B7A31DAD175829B ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:28:10.0295 2552 btwdins - ok
23:28:10.0310 2552 [ DE53089F0678CB5F0AFEB867ACB0FB05 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
23:28:10.0388 2552 btwl2cap - ok
23:28:10.0451 2552 [ 373D1BB0F7DC8F1931F9B7E0DE3E9A30 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
23:28:10.0482 2552 btwrchid - ok
23:28:10.0638 2552 catchme - ok
23:28:10.0700 2552 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
23:28:10.0763 2552 ccEvtMgr - ok
23:28:10.0778 2552 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
23:28:10.0778 2552 ccSetMgr - ok
23:28:10.0825 2552 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:28:10.0841 2552 cdfs - ok
23:28:10.0856 2552 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:28:10.0872 2552 cdrom - ok
23:28:10.0903 2552 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
23:28:10.0981 2552 CertPropSvc - ok
23:28:11.0012 2552 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:28:11.0043 2552 circlass - ok
23:28:11.0059 2552 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
23:28:11.0059 2552 CLFS - ok
23:28:11.0121 2552 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:28:11.0121 2552 clr_optimization_v2.0.50727_32 - ok
23:28:11.0153 2552 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:28:11.0168 2552 clr_optimization_v4.0.30319_32 - ok
23:28:11.0184 2552 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:28:11.0262 2552 CmBatt - ok
23:28:11.0277 2552 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
23:28:11.0355 2552 cmdide - ok
23:28:11.0402 2552 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
23:28:11.0433 2552 CNG - ok
23:28:11.0465 2552 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:28:11.0496 2552 Compbatt - ok
23:28:11.0511 2552 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:28:11.0527 2552 CompositeBus - ok
23:28:11.0543 2552 COMSysApp - ok
23:28:11.0558 2552 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:28:11.0605 2552 crcdisk - ok
23:28:11.0652 2552 [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:28:11.0667 2552 CryptSvc - ok
23:28:11.0699 2552 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
23:28:11.0777 2552 CSC - ok
23:28:11.0808 2552 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
23:28:11.0839 2552 CscService - ok
23:28:11.0901 2552 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
23:28:11.0933 2552 ctxusbm - ok
23:28:11.0964 2552 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
23:28:11.0995 2552 CVirtA - ok
23:28:12.0073 2552 [ 5CE32922F8F74A0D2D6ECC30CDAD01E0 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
23:28:12.0229 2552 CVPND - ok
23:28:12.0291 2552 [ D46B2E0EEAF349F2085F8B164E462156 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
23:28:12.0338 2552 CVPNDRVA - ok
23:28:12.0385 2552 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
23:28:12.0385 2552 DcomLaunch - ok
23:28:12.0416 2552 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
23:28:12.0447 2552 defragsvc - ok
23:28:12.0494 2552 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:28:12.0510 2552 DfsC - ok
23:28:12.0541 2552 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:28:12.0572 2552 Dhcp - ok
23:28:12.0588 2552 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
23:28:12.0588 2552 discache - ok
23:28:12.0619 2552 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:28:12.0650 2552 Disk - ok
23:28:12.0713 2552 [ 694616F813FB627A32C9E32DEC133078 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
23:28:12.0713 2552 DNE - ok
23:28:12.0744 2552 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:28:12.0759 2552 Dnscache - ok
23:28:12.0775 2552 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
23:28:12.0791 2552 dot3svc - ok
23:28:12.0806 2552 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
23:28:12.0822 2552 DPS - ok
23:28:12.0853 2552 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:28:12.0978 2552 drmkaud - ok
23:28:13.0025 2552 [ B2C3F71B86E25C3DF78339DDB40A7562 ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
23:28:13.0025 2552 dsNcAdpt - ok
23:28:13.0087 2552 [ 3C2971DEE117DA4D4C147B6737B3463E ] dsNcService C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
23:28:13.0087 2552 dsNcService - ok
23:28:13.0134 2552 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:28:13.0181 2552 DXGKrnl - ok
23:28:13.0212 2552 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
23:28:13.0227 2552 EapHost - ok
23:28:13.0321 2552 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
23:28:13.0477 2552 ebdrv - ok
23:28:13.0508 2552 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:28:13.0555 2552 eeCtrl - ok
23:28:13.0586 2552 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
23:28:13.0586 2552 EFS - ok
23:28:13.0649 2552 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:28:13.0664 2552 ehRecvr - ok
23:28:13.0680 2552 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
23:28:13.0680 2552 ehSched - ok
23:28:13.0711 2552 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:28:13.0758 2552 elxstor - ok
23:28:13.0805 2552 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:28:13.0851 2552 EraserUtilRebootDrv - ok
23:28:13.0851 2552 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
23:28:13.0867 2552 ErrDev - ok
23:28:13.0929 2552 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
23:28:13.0929 2552 EventSystem - ok
23:28:13.0961 2552 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
23:28:13.0976 2552 exfat - ok
23:28:14.0023 2552 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:28:14.0039 2552 fastfat - ok
23:28:14.0070 2552 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
23:28:14.0070 2552 Fax - ok
23:28:14.0085 2552 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:28:14.0101 2552 fdc - ok
23:28:14.0117 2552 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
23:28:14.0132 2552 fdPHost - ok
23:28:14.0132 2552 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
23:28:14.0163 2552 FDResPub - ok
23:28:14.0179 2552 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:28:14.0195 2552 FileInfo - ok
23:28:14.0210 2552 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:28:14.0226 2552 Filetrace - ok
23:28:14.0241 2552 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:28:14.0304 2552 flpydisk - ok
23:28:14.0335 2552 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:28:14.0351 2552 FltMgr - ok
23:28:14.0413 2552 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
23:28:14.0460 2552 FontCache - ok
23:28:14.0507 2552 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:28:14.0507 2552 FontCache3.0.0.0 - ok
23:28:14.0522 2552 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:28:14.0538 2552 FsDepends - ok
23:28:14.0569 2552 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:28:14.0585 2552 Fs_Rec - ok
23:28:14.0616 2552 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:28:14.0631 2552 fvevol - ok
23:28:14.0663 2552 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:28:14.0694 2552 gagp30kx - ok
23:28:14.0741 2552 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:28:14.0787 2552 GEARAspiWDM - ok
23:28:14.0834 2552 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
23:28:14.0865 2552 gpsvc - ok
23:28:14.0881 2552 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:28:14.0897 2552 hcw85cir - ok
23:28:14.0928 2552 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:28:14.0959 2552 HdAudAddService - ok
23:28:14.0975 2552 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:28:14.0990 2552 HDAudBus - ok
23:28:14.0990 2552 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:28:15.0006 2552 HidBatt - ok
23:28:15.0021 2552 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:28:15.0037 2552 HidBth - ok
23:28:15.0053 2552 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:28:15.0068 2552 HidIr - ok
23:28:15.0099 2552 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
23:28:15.0115 2552 hidserv - ok
23:28:15.0115 2552 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:28:15.0131 2552 HidUsb - ok
23:28:15.0146 2552 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:28:15.0162 2552 hkmsvc - ok
23:28:15.0177 2552 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:28:15.0209 2552 HomeGroupListener - ok
23:28:15.0224 2552 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:28:15.0255 2552 HomeGroupProvider - ok
23:28:15.0287 2552 [ D5C35E6416A379C445CDA826B9FE452F ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
23:28:15.0318 2552 hpdskflt - ok
23:28:15.0333 2552 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
23:28:15.0349 2552 HpSAMD - ok
23:28:15.0365 2552 [ 00DC55481FAD2841284ED09E7D69CD11 ] hpsrv C:\Windows\system32\Hpservice.exe
23:28:15.0365 2552 hpsrv - ok
23:28:15.0396 2552 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:28:15.0411 2552 HTTP - ok
23:28:15.0427 2552 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:28:15.0427 2552 hwpolicy - ok
23:28:15.0443 2552 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:28:15.0458 2552 i8042prt - ok
23:28:15.0505 2552 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:28:15.0552 2552 iaStorV - ok
23:28:15.0661 2552 [ FF6BBD85B056DEAA0D44099DC094A61D ] iClarityQoSService C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe
23:28:15.0708 2552 iClarityQoSService - ok
23:28:15.0770 2552 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:28:15.0833 2552 idsvc - ok
23:28:15.0848 2552 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:28:15.0879 2552 iirsp - ok
23:28:15.0911 2552 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
23:28:15.0957 2552 IKEEXT - ok
23:28:15.0989 2552 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
23:28:16.0020 2552 intelide - ok
23:28:16.0051 2552 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:28:16.0067 2552 intelppm - ok
23:28:16.0082 2552 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:28:16.0176 2552 IPBusEnum - ok
23:28:16.0176 2552 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:28:16.0191 2552 IpFilterDriver - ok
23:28:16.0223 2552 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:28:16.0254 2552 iphlpsvc - ok
23:28:16.0269 2552 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:28:16.0285 2552 IPMIDRV - ok
23:28:16.0285 2552 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:28:16.0301 2552 IPNAT - ok
23:28:16.0363 2552 [ 6351B24DC3CB7DFFDE917D1276EE166C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:28:16.0441 2552 iPod Service - ok
23:28:16.0457 2552 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:28:16.0472 2552 IRENUM - ok
23:28:16.0488 2552 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
23:28:16.0503 2552 isapnp - ok
23:28:16.0535 2552 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:28:16.0581 2552 iScsiPrt - ok
23:28:16.0597 2552 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:28:16.0644 2552 kbdclass - ok
23:28:16.0675 2552 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:28:16.0691 2552 kbdhid - ok
23:28:16.0706 2552 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
23:28:16.0706 2552 KeyIso - ok
23:28:16.0753 2552 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:28:16.0769 2552 KSecDD - ok
23:28:16.0784 2552 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:28:16.0815 2552 KSecPkg - ok
23:28:16.0847 2552 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
23:28:16.0878 2552 KtmRm - ok
23:28:16.0893 2552 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\System32\srvsvc.dll
23:28:16.0925 2552 LanmanServer - ok
23:28:16.0940 2552 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:28:16.0956 2552 LanmanWorkstation - ok
23:28:17.0096 2552 [ E34152D03CAAAAA81DD66D803F392522 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
23:28:17.0299 2552 LiveUpdate - ok
23:28:17.0424 2552 [ 2FEB923B00505DC165AE46F80A287711 ] LkWebLink C:\Users\TJBrown\Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe
23:28:17.0439 2552 LkWebLink - ok
23:28:17.0486 2552 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:28:17.0502 2552 lltdio - ok
23:28:17.0517 2552 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:28:17.0549 2552 lltdsvc - ok
23:28:17.0549 2552 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
23:28:17.0564 2552 lmhosts - ok
23:28:17.0611 2552 [ D7822A8FDABEF4C80B37ADD4A3763B2C ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
23:28:17.0673 2552 LMIGuardianSvc - ok
23:28:17.0689 2552 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
23:28:17.0705 2552 LMIInfo - ok
23:28:17.0720 2552 [ 0E29071FE101278681B3875409C72D43 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
23:28:17.0783 2552 LMIMaint - ok
23:28:17.0798 2552 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
23:28:17.0861 2552 lmimirr - ok
23:28:17.0861 2552 LMIRfsClientNP - ok
23:28:17.0892 2552 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
23:28:17.0923 2552 LMIRfsDriver - ok
23:28:17.0939 2552 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
23:28:18.0032 2552 LogMeIn - ok
23:28:18.0079 2552 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:28:18.0110 2552 LSI_FC - ok
23:28:18.0126 2552 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:28:18.0157 2552 LSI_SAS - ok
23:28:18.0173 2552 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:28:18.0188 2552 LSI_SAS2 - ok
23:28:18.0219 2552 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:28:18.0266 2552 LSI_SCSI - ok
23:28:18.0297 2552 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
23:28:18.0313 2552 luafv - ok
23:28:18.0360 2552 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:28:18.0422 2552 MBAMProtector - ok
23:28:18.0500 2552 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:28:18.0563 2552 MBAMScheduler - ok
23:28:18.0578 2552 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:28:18.0656 2552 MBAMService - ok
23:28:18.0687 2552 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:28:18.0765 2552 Mcx2Svc - ok
23:28:18.0812 2552 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:28:18.0812 2552 megasas - ok
23:28:18.0843 2552 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:28:18.0875 2552 MegaSR - ok
23:28:18.0890 2552 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
23:28:18.0890 2552 MMCSS - ok
23:28:18.0906 2552 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
23:28:18.0921 2552 Modem - ok
23:28:18.0937 2552 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:28:18.0937 2552 monitor - ok
23:28:18.0953 2552 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:28:18.0999 2552 mouclass - ok
23:28:19.0031 2552 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:28:19.0046 2552 mouhid - ok
23:28:19.0062 2552 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:28:19.0124 2552 mountmgr - ok
23:28:19.0140 2552 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
23:28:19.0171 2552 mpio - ok
23:28:19.0187 2552 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:28:19.0202 2552 mpsdrv - ok
23:28:19.0233 2552 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
23:28:19.0249 2552 MpsSvc - ok
23:28:19.0265 2552 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:28:19.0265 2552 MRxDAV - ok
23:28:19.0280 2552 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:28:19.0311 2552 mrxsmb - ok
23:28:19.0343 2552 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:28:19.0389 2552 mrxsmb10 - ok
23:28:19.0421 2552 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:28:19.0436 2552 mrxsmb20 - ok
23:28:19.0452 2552 [ 5D9E758BAEFB5A4F3639E755C66625AA ] msahci C:\Windows\system32\DRIVERS\msahci.sys
23:28:19.0499 2552 msahci - ok
23:28:19.0514 2552 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
23:28:19.0545 2552 msdsm - ok
23:28:19.0561 2552 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
23:28:19.0561 2552 MSDTC - ok
23:28:19.0592 2552 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:28:19.0608 2552 Msfs - ok
23:28:19.0623 2552 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:28:19.0623 2552 mshidkmdf - ok
23:28:19.0639 2552 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
23:28:19.0686 2552 msisadrv - ok
23:28:19.0701 2552 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:28:19.0717 2552 MSiSCSI - ok
23:28:19.0733 2552 msiserver - ok
23:28:19.0748 2552 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:28:19.0764 2552 MSKSSRV - ok
23:28:19.0779 2552 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:28:19.0795 2552 MSPCLOCK - ok
23:28:19.0795 2552 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:28:19.0811 2552 MSPQM - ok
23:28:19.0826 2552 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:28:19.0857 2552 MsRPC - ok
23:28:19.0889 2552 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:28:19.0889 2552 mssmbios - ok
23:28:19.0904 2552 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:28:19.0904 2552 MSTEE - ok
23:28:19.0935 2552 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:28:19.0935 2552 MTConfig - ok
23:28:19.0967 2552 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
23:28:19.0998 2552 Mup - ok
23:28:20.0029 2552 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
23:28:20.0060 2552 napagent - ok
23:28:20.0091 2552 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:28:20.0123 2552 NativeWifiP - ok
23:28:20.0201 2552 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20121016.009\NAVENG.SYS
23:28:20.0232 2552 NAVENG - ok
23:28:20.0294 2552 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20121016.009\NAVEX15.SYS
23:28:20.0403 2552 NAVEX15 - ok
23:28:20.0450 2552 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:28:20.0497 2552 NDIS - ok
23:28:20.0513 2552 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:28:20.0528 2552 NdisCap - ok
23:28:20.0559 2552 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:28:20.0575 2552 NdisTapi - ok
23:28:20.0591 2552 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:28:20.0606 2552 Ndisuio - ok
23:28:20.0622 2552 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:28:20.0653 2552 NdisWan - ok
23:28:20.0669 2552 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:28:20.0684 2552 NDProxy - ok
23:28:20.0700 2552 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:28:20.0715 2552 NetBIOS - ok
23:28:20.0731 2552 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:28:20.0731 2552 NetBT - ok
23:28:20.0762 2552 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
23:28:20.0762 2552 Netlogon - ok
23:28:20.0793 2552 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
23:28:20.0825 2552 Netman - ok
23:28:20.0871 2552 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:28:20.0871 2552 NetMsmqActivator - ok
23:28:20.0871 2552 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:28:20.0871 2552 NetPipeActivator - ok
23:28:20.0903 2552 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
23:28:20.0903 2552 netprofm - ok
23:28:20.0918 2552 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:28:20.0918 2552 NetTcpActivator - ok
23:28:20.0934 2552 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:28:20.0934 2552 NetTcpPortSharing - ok
23:28:20.0949 2552 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:28:20.0981 2552 nfrd960 - ok
23:28:20.0996 2552 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
23:28:21.0074 2552 NlaSvc - ok
23:28:21.0137 2552 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\Windows\system32\drivers\npf.sys
23:28:21.0183 2552 NPF - ok
23:28:21.0199 2552 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:28:21.0215 2552 Npfs - ok
23:28:21.0230 2552 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
23:28:21.0246 2552 nsi - ok
23:28:21.0246 2552 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:28:21.0261 2552 nsiproxy - ok
23:28:21.0324 2552 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:28:21.0371 2552 Ntfs - ok
23:28:21.0386 2552 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
23:28:21.0402 2552 Null - ok
23:28:21.0449 2552 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:28:21.0480 2552 nvraid - ok
23:28:21.0527 2552 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:28:21.0558 2552 nvstor - ok
23:28:21.0573 2552 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
23:28:21.0605 2552 nv_agp - ok
23:28:21.0683 2552 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:28:21.0792 2552 odserv - ok
23:28:21.0854 2552 [ 8AD9D9002FD37458CFD9903739434A9B ] OfficeSafe C:\Program Files\Allworx\OfficeSafe Service\OfficeSafeService.exe
23:28:21.0870 2552 OfficeSafe - ok
23:28:21.0901 2552 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:28:21.0917 2552 ohci1394 - ok
23:28:21.0948 2552 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:28:22.0104 2552 ose - ok
23:28:22.0135 2552 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:28:22.0166 2552 p2pimsvc - ok
23:28:22.0182 2552 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
23:28:22.0244 2552 p2psvc - ok
23:28:22.0275 2552 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:28:22.0291 2552 Parport - ok
23:28:22.0322 2552 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:28:22.0353 2552 partmgr - ok
23:28:22.0369 2552 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
23:28:22.0385 2552 Parvdm - ok
23:28:22.0431 2552 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:28:22.0447 2552 PcaSvc - ok
23:28:22.0463 2552 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
23:28:22.0463 2552 pci - ok
23:28:22.0478 2552 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
23:28:22.0509 2552 pciide - ok
23:28:22.0525 2552 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:28:22.0572 2552 pcmcia - ok
23:28:22.0603 2552 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
23:28:22.0634 2552 pcw - ok
23:28:22.0681 2552 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:28:22.0712 2552 PEAUTH - ok
23:28:22.0743 2552 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:28:22.0790 2552 PeerDistSvc - ok
23:28:22.0868 2552 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
23:28:22.0962 2552 pla - ok
23:28:23.0009 2552 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:28:23.0040 2552 PlugPlay - ok
23:28:23.0055 2552 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:28:23.0087 2552 PNRPAutoReg - ok
23:28:23.0102 2552 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:28:23.0102 2552 PNRPsvc - ok
23:28:23.0149 2552 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:28:23.0180 2552 PolicyAgent - ok
23:28:23.0211 2552 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
23:28:23.0274 2552 Power - ok
23:28:23.0321 2552 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:28:23.0336 2552 PptpMiniport - ok
23:28:23.0352 2552 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:28:23.0367 2552 Processor - ok
23:28:23.0399 2552 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
23:28:23.0430 2552 ProfSvc - ok
23:28:23.0461 2552 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:28:23.0461 2552 ProtectedStorage - ok
23:28:23.0477 2552 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:28:23.0477 2552 Psched - ok
23:28:23.0508 2552 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
23:28:23.0539 2552 PxHelp20 - ok
23:28:23.0570 2552 [ 9F9F6F299AAA4728A29536DA2073121B ] qcfilterhp2k C:\Windows\system32\DRIVERS\qcfilterhp2k.sys
23:28:23.0586 2552 qcfilterhp2k - ok
23:28:23.0601 2552 [ EEB81B71117FC9C7C1840DDE8A871AE7 ] qcusbnethp2k C:\Windows\system32\DRIVERS\qcusbnethp2k.sys
23:28:23.0648 2552 qcusbnethp2k - ok
23:28:23.0664 2552 [ 49D19809C20B0922C9F7690B51197F2C ] qcusbserhp2k C:\Windows\system32\DRIVERS\qcusbserhp2k.sys
23:28:23.0679 2552 qcusbserhp2k - ok
23:28:23.0726 2552 [ 6A06859A2482E85344C6809076A95D78 ] QDLService2kHP C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe
23:28:23.0773 2552 QDLService2kHP - ok
23:28:23.0835 2552 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:28:23.0929 2552 ql2300 - ok
23:28:23.0945 2552 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:28:24.0054 2552 ql40xx - ok
23:28:24.0085 2552 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
23:28:24.0116 2552 QWAVE - ok
23:28:24.0147 2552 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:28:24.0147 2552 QWAVEdrv - ok
23:28:24.0163 2552 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:28:24.0194 2552 RasAcd - ok
23:28:24.0210 2552 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:28:24.0225 2552 RasAgileVpn - ok
23:28:24.0241 2552 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
23:28:24.0257 2552 RasAuto - ok
23:28:24.0272 2552 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:28:24.0288 2552 Rasl2tp - ok
23:28:24.0303 2552 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
23:28:24.0350 2552 RasMan - ok
23:28:24.0366 2552 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:28:24.0381 2552 RasPppoe - ok
23:28:24.0397 2552 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:28:24.0413 2552 RasSstp - ok
23:28:24.0428 2552 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:28:24.0459 2552 rdbss - ok
23:28:24.0459 2552 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:28:24.0475 2552 rdpbus - ok
23:28:24.0491 2552 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:28:24.0491 2552 RDPCDD - ok
23:28:24.0506 2552 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:28:24.0522 2552 RDPDR - ok
23:28:24.0553 2552 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:28:24.0553 2552 RDPENCDD - ok
23:28:24.0553 2552 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:28:24.0569 2552 RDPREFMP - ok
23:28:24.0600 2552 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:28:24.0615 2552 RDPWD - ok
23:28:24.0631 2552 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:28:24.0740 2552 rdyboost - ok
23:28:24.0756 2552 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
23:28:24.0771 2552 RemoteAccess - ok
23:28:24.0787 2552 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:28:24.0803 2552 RemoteRegistry - ok
23:28:24.0818 2552 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:28:24.0834 2552 RFCOMM - ok
23:28:25.0146 2552 [ 85F9924FB26D924C4A10DC620AE2C350 ] RoxMediaDB10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
23:28:25.0239 2552 RoxMediaDB10 - ok
23:28:25.0286 2552 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
23:28:25.0349 2552 rpcapd - ok
23:28:25.0364 2552 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:28:25.0380 2552 RpcEptMapper - ok
23:28:25.0411 2552 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
23:28:25.0411 2552 RpcLocator - ok
23:28:25.0427 2552 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
23:28:25.0442 2552 RpcSs - ok
23:28:25.0473 2552 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:28:25.0489 2552 rspndr - ok
23:28:25.0536 2552 [ 867BEB23207BA425C85293BB0D3EA971 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
23:28:25.0567 2552 RSUSBSTOR - ok
23:28:25.0598 2552 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
23:28:25.0614 2552 RTL8167 - ok
23:28:25.0629 2552 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
23:28:25.0629 2552 s3cap - ok
23:28:25.0645 2552 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
23:28:25.0645 2552 SamSs - ok
23:28:25.0739 2552 [ 224049C51E2C2D07B02B1BED262976A1 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
23:28:25.0754 2552 SbieDrv - ok
23:28:25.0801 2552 [ 3129023CEF1A2225665D44F9545DAED4 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
23:28:25.0895 2552 SbieSvc - ok
23:28:25.0926 2552 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
23:28:25.0941 2552 sbp2port - ok
23:28:25.0973 2552 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:28:25.0988 2552 SCardSvr - ok
23:28:26.0004 2552 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:28:26.0019 2552 scfilter - ok
23:28:26.0051 2552 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
23:28:26.0113 2552 Schedule - ok
23:28:26.0144 2552 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:28:26.0144 2552 SCPolicySvc - ok
23:28:26.0160 2552 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:28:26.0175 2552 SDRSVC - ok
23:28:26.0207 2552 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:28:26.0238 2552 secdrv - ok
23:28:26.0253 2552 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
23:28:26.0269 2552 seclogon - ok
23:28:26.0285 2552 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
23:28:26.0285 2552 SENS - ok
23:28:26.0300 2552 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:28:26.0316 2552 SensrSvc - ok
23:28:26.0347 2552 [ AC1F2A09B76B57356F906EEDA43CCC2A ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl.sys
23:28:26.0363 2552 Ser2pl - ok
23:28:26.0378 2552 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:28:26.0394 2552 Serenum - ok
23:28:26.0409 2552 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:28:26.0425 2552 Serial - ok
23:28:26.0441 2552 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:28:26.0456 2552 sermouse - ok
23:28:26.0487 2552 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
23:28:26.0503 2552 SessionEnv - ok
23:28:26.0519 2552 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:28:26.0550 2552 sffdisk - ok
23:28:26.0565 2552 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:28:26.0581 2552 sffp_mmc - ok
23:28:26.0612 2552 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:28:26.0612 2552 sffp_sd - ok
23:28:26.0628 2552 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:28:26.0643 2552 sfloppy - ok
23:28:26.0690 2552 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:28:26.0737 2552 SharedAccess - ok
23:28:26.0753 2552 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:28:26.0768 2552 ShellHWDetection - ok
23:28:26.0784 2552 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
23:28:26.0799 2552 sisagp - ok
23:28:26.0831 2552 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:28:26.0862 2552 SiSRaid2 - ok
23:28:26.0877 2552 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:28:26.0893 2552 SiSRaid4 - ok
23:28:26.0924 2552 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:28:26.0940 2552 Smb - ok
23:28:27.0049 2552 [ A58C1A086D9C09C6572C948F22CC0E94 ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
23:28:27.0174 2552 SmcService - ok
23:28:27.0221 2552 [ D2C222441255131E29DE351475F98F6D ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
23:28:27.0377 2552 SNAC - ok
23:28:27.0408 2552 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:28:27.0408 2552 SNMPTRAP - ok
23:28:27.0470 2552 [ E621BB5839CF45FA477F48092EDD2B40 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
23:28:27.0533 2552 SPBBCDrv - ok
23:28:27.0548 2552 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
23:28:27.0579 2552 spldr - ok
23:28:27.0595 2552 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\Windows\System32\spoolsv.exe
23:28:27.0611 2552 Spooler - ok
23:28:27.0689 2552 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
23:28:27.0720 2552 sppsvc - ok
23:28:27.0735 2552 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:28:27.0751 2552 sppuinotify - ok
23:28:27.0813 2552 [ 2ABF82C8452AB0B9FFC74A2D5DA91989 ] SRTSP C:\Windows\system32\Drivers\SRTSP.SYS
23:28:27.0829 2552 SRTSP - ok
23:28:27.0845 2552 [ E2F9E5887BEA5BD8784D337E06EDA31B ] SRTSPL C:\Windows\system32\Drivers\SRTSPL.SYS
23:28:27.0891 2552 SRTSPL - ok
23:28:27.0938 2552 [ 3B974C158FABD910186F98DF8D3E23F3 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX.SYS
23:28:27.0954 2552 SRTSPX - ok
23:28:28.0001 2552 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:28:28.0032 2552 srv - ok
23:28:28.0079 2552 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:28:28.0110 2552 srv2 - ok
23:28:28.0125 2552 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:28:28.0157 2552 srvnet - ok
23:28:28.0188 2552 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:28:28.0203 2552 SSDPSRV - ok
23:28:28.0219 2552 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:28:28.0235 2552 SstpSvc - ok
23:28:28.0297 2552 [ F076FFE8AF8398FDF2028F6EAC5F1778 ] STacSV C:\Program Files\IDT\WDM\STacSV.exe
23:28:28.0297 2552 STacSV - ok
23:28:28.0328 2552 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:28:28.0359 2552 stexstor - ok
23:28:28.0391 2552 [ F71736DC79731C98698B93326E01A6BD ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
23:28:28.0437 2552 STHDA - ok
23:28:28.0469 2552 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
23:28:28.0484 2552 StiSvc - ok
23:28:28.0531 2552 [ AD989072596AB313D7FA13BCF69573F7 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
23:28:28.0625 2552 stllssvr - ok
23:28:28.0640 2552 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
23:28:28.0656 2552 storflt - ok
23:28:28.0671 2552 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
23:28:28.0703 2552 StorSvc - ok
23:28:28.0718 2552 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
23:28:28.0749 2552 storvsc - ok
23:28:28.0765 2552 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:28:28.0796 2552 swenum - ok
23:28:28.0827 2552 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
23:28:28.0859 2552 swprv - ok
23:28:28.0952 2552 [ BA2FB8F8AB24D0279CAA98A4C118150E ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
23:28:29.0015 2552 Symantec AntiVirus - ok
23:28:29.0030 2552 [ A54FF04BD6E75DC4D8CB6F3E352635E0 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
23:28:29.0061 2552 SymEvent - ok
23:28:29.0108 2552 [ 394B2368212114D538316812AF60FDDD ] SYMREDRV C:\Windows\System32\Drivers\SYMREDRV.SYS
23:28:29.0155 2552 SYMREDRV - ok
23:28:29.0186 2552 [ D46676BB414C7531BDFFE637A33F5033 ] SYMTDI C:\Windows\System32\Drivers\SYMTDI.SYS
23:28:29.0202 2552 SYMTDI - ok
23:28:29.0233 2552 [ 067CB9D745407A8C1B26E89A6A2CE152 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:28:29.0264 2552 SynTP - ok
23:28:29.0311 2552 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
23:28:29.0358 2552 SysMain - ok
23:28:29.0373 2552 [ 1295B1DA3E2A2C24C7D176F6E97AFBD1 ] SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys
23:28:29.0389 2552 SysPlant - ok
23:28:29.0405 2552 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:28:29.0420 2552 TabletInputService - ok
23:28:29.0436 2552 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
23:28:29.0451 2552 TapiSrv - ok
23:28:29.0467 2552 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
23:28:29.0483 2552 TBS - ok
23:28:29.0545 2552 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:28:29.0607 2552 Tcpip - ok
23:28:29.0639 2552 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:28:29.0654 2552 TCPIP6 - ok
23:28:29.0685 2552 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:28:29.0701 2552 tcpipreg - ok
23:28:29.0717 2552 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:28:29.0732 2552 TDPIPE - ok
23:28:29.0763 2552 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:28:29.0779 2552 TDTCP - ok
23:28:29.0795 2552 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:28:29.0810 2552 tdx - ok
23:28:29.0826 2552 [ 1DE2E1357552A79F39BFF003A11C533E ] Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys
23:28:29.0857 2552 Teefer2 - ok
23:28:29.0873 2552 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:28:29.0951 2552 TermDD - ok
23:28:29.0982 2552 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
23:28:29.0997 2552 TermService - ok
23:28:29.0997 2552 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
23:28:30.0029 2552 Themes - ok
23:28:30.0060 2552 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
23:28:30.0060 2552 THREADORDER - ok
23:28:30.0075 2552 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
23:28:30.0107 2552 TrkWks - ok
23:28:30.0169 2552 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:28:30.0185 2552 TrustedInstaller - ok
23:28:30.0200 2552 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:28:30.0200 2552 tssecsrv - ok
23:28:30.0216 2552 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:28:30.0231 2552 tunnel - ok
23:28:30.0247 2552 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:28:30.0263 2552 uagp35 - ok
23:28:30.0294 2552 [ 6557D75E8B7D6A06CDC21CD39DBF255C ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:28:30.0309 2552 udfs - ok
23:28:30.0325 2552 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:28:30.0341 2552 UI0Detect - ok
23:28:30.0356 2552 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
23:28:30.0387 2552 uliagpkx - ok
23:28:30.0419 2552 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:28:30.0419 2552 umbus - ok
23:28:30.0434 2552 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:28:30.0450 2552 UmPass - ok
23:28:30.0465 2552 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
23:28:30.0543 2552 UmRdpService - ok
23:28:30.0575 2552 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
23:28:30.0590 2552 upnphost - ok
23:28:30.0621 2552 [ 5C2BDC152BBAB34F36473DEAF7713F22 ] USBAAPL C:\Windows\System32\Drivers\usbaapl.sys
23:28:30.0637 2552 USBAAPL - ok
23:28:30.0653 2552 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:28:30.0668 2552 usbccgp - ok
23:28:30.0699 2552 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
23:28:30.0699 2552 usbcir - ok
23:28:30.0746 2552 [ 5B71019A6ACA0116FD21B368F19C0B91 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:28:30.0762 2552 usbehci - ok
23:28:30.0762 2552 [ 5823D3965C2A4F6F785ED1A3B403F3B8 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:28:30.0793 2552 usbhub - ok
23:28:30.0809 2552 [ E753ED6C49DA13967EBABF9EA616454A ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:28:30.0809 2552 usbohci - ok
23:28:30.0840 2552 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:28:30.0855 2552 usbprint - ok
23:28:30.0902 2552 [ 88701ECA76145E2C011C0EEFF0F7B70E ] usbser C:\Windows\system32\DRIVERS\usbser.sys
23:28:30.0918 2552 usbser - ok
23:28:30.0933 2552 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:28:30.0933 2552 USBSTOR - ok
23:28:30.0965 2552 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:28:30.0965 2552 usbuhci - ok
23:28:31.0011 2552 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:28:31.0027 2552 usbvideo - ok
23:28:31.0043 2552 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
23:28:31.0058 2552 UxSms - ok
23:28:31.0058 2552 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
23:28:31.0074 2552 VaultSvc - ok
23:28:31.0074 2552 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
23:28:31.0105 2552 vdrvroot - ok
23:28:31.0136 2552 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
23:28:31.0136 2552 vds - ok
23:28:31.0152 2552 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:28:31.0167 2552 vga - ok
23:28:31.0183 2552 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:28:31.0199 2552 VgaSave - ok
23:28:31.0214 2552 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
23:28:31.0245 2552 vhdmp - ok
23:28:31.0261 2552 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
23:28:31.0277 2552 viaagp - ok
23:28:31.0292 2552 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
23:28:31.0308 2552 ViaC7 - ok
23:28:31.0308 2552 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
23:28:31.0339 2552 viaide - ok
23:28:31.0355 2552 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
23:28:31.0386 2552 vmbus - ok
23:28:31.0417 2552 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
23:28:31.0417 2552 VMBusHID - ok
23:28:31.0433 2552 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
23:28:31.0464 2552 volmgr - ok
23:28:31.0495 2552 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:28:31.0495 2552 volmgrx - ok
23:28:31.0526 2552 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
23:28:31.0573 2552 volsnap - ok
23:28:31.0604 2552 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:28:31.0620 2552 vsmraid - ok
23:28:31.0667 2552 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
23:28:31.0682 2552 VSS - ok
23:28:31.0698 2552 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:28:31.0729 2552 vwifibus - ok
23:28:31.0760 2552 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:28:31.0760 2552 vwififlt - ok
23:28:31.0791 2552 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:28:31.0791 2552 vwifimp - ok
23:28:31.0823 2552 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
23:28:31.0823 2552 W32Time - ok
23:28:31.0838 2552 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:28:31.0854 2552 WacomPen - ok
23:28:31.0869 2552 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:28:31.0885 2552 WANARP - ok
23:28:31.0901 2552 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:28:31.0901 2552 Wanarpv6 - ok
23:28:31.0963 2552 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:28:31.0994 2552 WatAdminSvc - ok
23:28:32.0025 2552 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
23:28:32.0103 2552 wbengine - ok
23:28:32.0135 2552 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:28:32.0150 2552 WbioSrvc - ok
23:28:32.0181 2552 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:28:32.0228 2552 wcncsvc - ok
23:28:32.0244 2552 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:28:32.0275 2552 WcsPlugInService - ok
23:28:32.0275 2552 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:28:32.0291 2552 Wd - ok
23:28:32.0322 2552 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:28:32.0400 2552 Wdf01000 - ok
23:28:32.0431 2552 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:28:32.0447 2552 WdiServiceHost - ok
23:28:32.0462 2552 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:28:32.0462 2552 WdiSystemHost - ok
23:28:32.0478 2552 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
23:28:32.0509 2552 WebClient - ok
23:28:32.0540 2552 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:28:32.0556 2552 Wecsvc - ok
23:28:32.0571 2552 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:28:32.0681 2552 wercplsupport - ok
23:28:32.0712 2552 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
23:28:32.0727 2552 WerSvc - ok
23:28:32.0759 2552 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:28:32.0774 2552 WfpLwf - ok
23:28:32.0774 2552 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:28:32.0821 2552 WIMMount - ok
23:28:32.0868 2552 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:28:32.0899 2552 WinDefend - ok
23:28:32.0930 2552 WinHttpAutoProxySvc - ok
23:28:32.0961 2552 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:28:32.0993 2552 Winmgmt - ok
23:28:33.0039 2552 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
23:28:33.0086 2552 WinRM - ok
23:28:33.0133 2552 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:28:33.0149 2552 Wlansvc - ok
23:28:33.0164 2552 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:28:33.0180 2552 WmiAcpi - ok
23:28:33.0195 2552 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:28:33.0195 2552 wmiApSrv - ok
23:28:33.0242 2552 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:28:33.0320 2552 WMPNetworkSvc - ok
23:28:33.0351 2552 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:28:33.0367 2552 WPCSvc - ok
23:28:33.0383 2552 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:28:33.0414 2552 WPDBusEnum - ok
23:28:33.0445 2552 [ C1620EBB375D3B02E31FD311C44FEDEB ] WPS C:\Windows\system32\drivers\wpsdrvnt.sys
23:28:33.0492 2552 WPS - ok
23:28:33.0539 2552 [ C306D2037EC147C7C663994F12B87F1E ] WpsHelper C:\Windows\system32\drivers\WpsHelper.sys
23:28:33.0554 2552 WpsHelper - ok
23:28:33.0554 2552 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:28:33.0570 2552 ws2ifsl - ok
23:28:33.0617 2552 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\system32\wscsvc.dll
23:28:33.0632 2552 wscsvc - ok
23:28:33.0632 2552 WSearch - ok
23:28:33.0726 2552 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:28:33.0835 2552 wuauserv - ok
23:28:33.0851 2552 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:28:33.0866 2552 WudfPf - ok
23:28:33.0897 2552 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:28:33.0913 2552 WUDFRd - ok
23:28:33.0929 2552 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:28:33.0944 2552 wudfsvc - ok
23:28:33.0975 2552 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
23:28:34.0038 2552 WwanSvc - ok
23:28:34.0100 2552 ================ Scan global ===============================
23:28:34.0131 2552 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
23:28:34.0178 2552 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
23:28:34.0194 2552 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
23:28:34.0225 2552 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:28:34.0256 2552 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:28:34.0256 2552 [Global] - ok
23:28:34.0256 2552 ================ Scan MBR ==================================
23:28:34.0272 2552 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:28:34.0599 2552 \Device\Harddisk0\DR0 - ok
23:28:34.0599 2552 ================ Scan VBR ==================================
23:28:34.0615 2552 [ 79592E6CD0A4085E48E4B8E42F4CBAED ] \Device\Harddisk0\DR0\Partition1
23:28:34.0615 2552 \Device\Harddisk0\DR0\Partition1 - ok
23:28:34.0615 2552 ============================================================
23:28:34.0615 2552 Scan finished
23:28:34.0615 2552 ============================================================
23:28:34.0631 4156 Detected object count: 0
23:28:34.0631 4156 Actual detected object count: 0







aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-16 23:30:57
-----------------------------
23:30:57.911 OS Version: Windows 6.1.7600
23:30:57.911 Number of processors: 2 586 0x603
23:30:57.926 ComputerName: JPBROWN-PAVDM1 UserName: LocalAdmin
23:30:58.940 Initialize success
23:34:59.655 AVAST engine defs: 12101601
23:35:12.182 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:35:12.197 Disk 0 Vendor: WDC_WD3200BEKT-60PVMT0 01.01A01 Size: 305245MB BusType: 11
23:35:12.213 Disk 0 MBR read successfully
23:35:12.213 Disk 0 MBR scan
23:35:12.229 Disk 0 Windows 7 default MBR code
23:35:12.229 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
23:35:12.244 Disk 0 scanning sectors +625139712
23:35:12.338 Disk 0 scanning C:\Windows\system32\drivers
23:35:28.328 Service scanning
23:35:54.770 Service SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
23:35:55.503 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
23:35:59.762 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
23:36:00.386 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
23:36:02.149 Modules scanning
23:36:12.039 Disk 0 trace - called modules:
23:36:12.055 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
23:36:12.070 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85eaaa00]
23:36:12.086 3 CLASSPNP.SYS[88bad59e] -> nt!IofCallDriver -> [0x85ea95a8]
23:36:12.086 5 hpdskflt.sys[88b5f0be] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85a0c908]
23:36:13.568 AVAST engine scan C:\Windows
23:36:28.762 AVAST engine scan C:\Windows\system32
23:42:27.110 AVAST engine scan C:\Windows\system32\drivers
23:42:51.057 AVAST engine scan C:\Users\LocalAdmin
23:43:12.865 AVAST engine scan C:\ProgramData
23:45:03.813 Scan finished successfully
23:45:32.642 Disk 0 MBR has been saved successfully to "C:\Users\LocalAdmin\Desktop\MBR.dat"
23:45:32.657 The log file has been saved successfully to "C:\Users\LocalAdmin\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:36 PM

Posted 17 October 2012 - 12:57 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 COHemi

COHemi
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 17 October 2012 - 01:25 AM

Only thing I noticed is that it kept telling me that Symantec was still enabled even though it was not. I even enabled and then disabled and it still said it was active. Not sure why?? Other than that the PC and IE seem to be working very well now.




ComboFix 12-10-16.02 - LocalAdmin 10/17/2012 0:09.2.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.1787.796 [GMT -6:00]
Running from: c:\users\LocalAdmin\Desktop\ComboFix.exe
Command switches used :: c:\users\LocalAdmin\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\tjb45495\AppData\Local\chromeupdate.crx
.
.
((((((((((((((((((((((((( Files Created from 2012-09-17 to 2012-10-17 )))))))))))))))))))))))))))))))
.
.
2012-10-17 06:19 . 2012-10-17 06:19 -------- d-----w- c:\users\vpnmover\AppData\Local\temp
2012-10-17 06:19 . 2012-10-17 06:19 -------- d-----w- c:\users\TJBrown\AppData\Local\temp
2012-10-17 06:19 . 2012-10-17 06:19 -------- d-----w- c:\users\dnorris.xeta\AppData\Local\temp
2012-10-17 06:19 . 2012-10-17 06:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-17 06:19 . 2012-10-17 06:19 -------- d-----w- c:\users\altiris.paetec-dm\AppData\Local\temp
2012-10-17 06:19 . 2012-10-17 06:19 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-15 16:07 . 2012-10-15 16:07 -------- d-----r- C:\Sandbox
2012-10-15 15:20 . 2012-10-15 15:20 -------- d-----w- c:\program files\Sandboxie
2012-10-15 15:19 . 2012-10-16 22:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-15 15:19 . 2012-10-15 21:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-03 09:00 . 2012-08-24 17:10 981504 ----a-w- c:\windows\system32\wininet.dll
2012-10-03 09:00 . 2012-08-24 16:01 386048 ----a-w- c:\windows\system32\html.iec
2012-10-03 09:00 . 2012-08-24 17:15 672872 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-10-03 09:00 . 2012-08-24 17:08 860672 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-10-03 09:00 . 2012-08-24 17:08 524800 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-10-01 22:42 . 2012-10-01 22:42 -------- d-----w- c:\users\tjb45495\AppData\Roaming\Malwarebytes
2012-10-01 22:40 . 2012-10-01 22:40 -------- d-----w- c:\users\LocalAdmin\AppData\Roaming\Malwarebytes
2012-10-01 22:39 . 2012-10-01 22:39 -------- d-----w- c:\programdata\Malwarebytes
2012-10-01 22:39 . 2012-10-01 22:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-01 22:39 . 2012-09-07 23:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-03 05:32 . 2011-09-30 13:50 174056 ----a-w- c:\windows\system32\drivers\wpshelper.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-08-25 545552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="-HideWindow" [X]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2012-05-15 5164120]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-06-09 495708]
"DagentUI"="c:\program files\Altiris\AClient\dagentui.exe" [2010-03-22 554320]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-09-07 115560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"SecureConnector"="c:\program files\ForeScout SecureConnector\SecureConnector.exe" [2012-04-02 994904]
"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2009-09-30 152872]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-07 766536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2011-12-9 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 1 (0x1)
"PromptOnSecureDesktop"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPublishingWizard"= 1 (0x1)
"NoWebServices"= 1 (0x1)
"NoAutorun"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-154013260-982405162-577866162-1866\Scripts\Logon\0\0]
"Script"=\\dc3\sysvol\corp.xeta.com\scripts\Staff_Shared_Drives.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2117276672-2013200570-311576647-66346\Scripts\Logon\0\0]
"Script"=Kintana-Fix.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2117276672-2013200570-311576647-66346\Scripts\Logon\1\0]
"Script"=Kintana-Fix.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 06:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2011-01-12 00:04 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 17:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 OfficeSafe;OfficeSafe;c:\program files\Allworx\OfficeSafe Service\OfficeSafeService.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 LkWebLink;Inter-Tel Collaboration Remote Client;c:\users\TJBrown\Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 Altiris Deployment Agent;Altiris Deployment Agent;c:\program files\Altiris\AClient\dagent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 QDLService2kHP;Qualcomm Gobi 2000 Download Service (HP);c:\program files\QUALCOMM\QDLService2k\QDLService2kHP.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 qcfilterhp2k;Gobi 2000 USB Composite Device Filter Driver(03F0-251D);c:\windows\system32\DRIVERS\qcfilterhp2k.sys [x]
S3 qcusbnethp2k;Gobi 2000 USB-NDIS miniport(03F0-251D);c:\windows\system32\DRIVERS\qcusbnethp2k.sys [x]
S3 qcusbserhp2k;Gobi 2000 USB Device for Legacy Serial Communication(03F0-251D);c:\windows\system32\DRIVERS\qcusbserhp2k.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 81515797
*NewlyCreated* - ASWMBR
*NewlyCreated* - TRUESIGHT
*Deregistered* - 81515797
*Deregistered* - aswMBR
*Deregistered* - TrueSight
.
.
------- Supplementary Scan -------
.
Trusted Zone: xeta.com\applprd
Trusted Zone: xeta.com\onexp.corp
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{CE05E8A7-16EC-400D-AD0A-FAF2E52B2396}: NameServer = 198.224.160.135 198.224.164.135
DPF: {71D73A47-975F-11D1-AA77-00A0C98D86D4} - hxxp://10.1.101.218/shorewaredirector/VoiceMessage.ocx
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} - hxxp://66.133.171.11/rcm/webcontrols/telnet/wodTelnetDLX.cab
DPF: {FA6424B7-D971-11D1-9697-00A0C928D512} - hxxp://10.1.101.218/shorewaredirector/TwentyFour7.ocx
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.EXE'(3588)
c:\windows\system32\AMINIT.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\WinSCP\DragExt.dll
c:\progra~1\Spybot - Search & Destroy\SDHelper.dll
c:\users\LocalAdmin\AppData\Local\Temp\catchme.dll
.
Completion time: 2012-10-17 00:22:46
ComboFix-quarantined-files.txt 2012-10-17 06:22
ComboFix2.txt 2012-10-17 05:01
.
Pre-Run: 216,109,039,616 bytes free
Post-Run: 216,044,273,664 bytes free
.
- - End Of File - - 07FB40D50130E093BB08CB5604F0D2C1

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:36 PM

Posted 17 October 2012 - 01:34 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 7 Update 4
JavaFX 2.1.0
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 COHemi

COHemi
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 17 October 2012 - 02:13 AM

Here ya go. MBAM and Hijack

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.17.05

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
LocalAdmin :: JPBROWN-PAVDM1 [administrator]

10/17/2012 1:04:50 AM
mbam-log-2012-10-17 (01-04-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 324903
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:12:14 AM, on 10/17/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17115)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\LocalAdmin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [DagentUI] c:\Program Files\Altiris\AClient\dagentui.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] -HideWindow
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SecureConnector] "C:\Program Files\ForeScout SecureConnector\SecureConnector.exe"
O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe -update activex
O4 - HKUS\S-1-5-21-2117276672-2013200570-311576647-66346\..\Run: [mcadef] "C:\Windows\System32\rundll32.exe" "C:\Users\tjb45495\AppData\Roaming\mcadef.dll",_In (User 'tjb45495')
O4 - HKUS\S-1-5-21-2117276672-2013200570-311576647-66346\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" (User 'tjb45495')
O4 - HKUS\S-1-5-21-2117276672-2013200570-311576647-66346\..\Run: [cdrle] rundll32.exe "C:\Users\tjb45495\AppData\Roaming\cdrle.dll",HrStreamSeekSet (User 'tjb45495')
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: http://applprd.xeta.com (HKLM)
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O16 - DPF: {71D73A47-975F-11D1-AA77-00A0C98D86D4} (VoiceMessage Control) - http://10.1.101.218/shorewaredirector/VoiceMessage.ocx
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} (WNICheck2 Class) - http://www.convergysworkathome.com/AppHardT.CAB
O16 - DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} (wodTelnetDLX Class) - http://66.133.171.11/rcm/webcontrols/telnet/wodTelnetDLX.cab
O16 - DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://applprd.xeta.com:8001/OA_HTML/oaj2se.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cisco.webex.com/client/WBXclient-T27L10NSP25EP4-11889/webex/ieatgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://remote.xeta.com/dana-cached/sc/JuniperSetupClient.cab
O16 - DPF: {FA6424B7-D971-11D1-9697-00A0C928D512} (TwentyFour7 Class) - http://10.1.101.218/shorewaredirector/TwentyFour7.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com//activex/ractrl.cab?lmi=928
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.paetec.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.paetec.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE05E8A7-16EC-400D-AD0A-FAF2E52B2396}: NameServer = 198.224.160.135 198.224.164.135
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.paetec.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = corp.xeta.com,corp.paetec.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.paetec.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = corp.xeta.com,corp.paetec.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = corp.xeta.com,corp.paetec.com
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Altiris Deployment Agent - Altiris, Inc. - c:\Program Files\Altiris\AClient\dagent.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - Cisco WebEx LLC - C:\Windows\system32\atashost.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: iClarityQoSService - Avaya Inc. - C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: OfficeSafe - Allworx Corp. - C:\Program Files\Allworx\OfficeSafe Service\OfficeSafeService.exe
O23 - Service: Qualcomm Gobi 2000 Download Service (HP) (QDLService2kHP) - QUALCOMM, Inc. - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kHP.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 12458 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:36 PM

Posted 17 October 2012 - 03:19 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe -update activex
      O4 - HKUS\S-1-5-21-2117276672-2013200570-311576647-66346\..\Run: [mcadef] "C:\Windows\System32\rundll32.exe" "C:\Users\tjb45495\AppData\Roaming\mcadef.dll",_In (User 'tjb45495')
      O4 - HKUS\S-1-5-21-2117276672-2013200570-311576647-66346\..\Run: [cdrle] rundll32.exe "C:\Users\tjb45495\AppData\Roaming\cdrle.dll",HrStreamSeekSet (User 'tjb45495')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 COHemi

COHemi
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 17 October 2012 - 09:20 AM

Gringo, ok did what you suggested. Nothing showed up form the Eset scanner. Everything seems to still be working just great at this point.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users