Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ad.xtendmedia.com and ib.adnxs.com Virus


  • This topic is locked This topic is locked
21 replies to this topic

#1 Gr8Lks

Gr8Lks

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 01 November 2012 - 09:00 PM

I appear to be infected with a malware program that generates an ad pop up in the lower left and right corner of my browser. This is happening in both IE 8 and Google Chrome.

I ran Malwarebytes and removed one item and rebooted but the pop ups continue to happen. I also ran McAfee anti virus software but did not detect anything. When I hover over the add on the left i see and address of ad.xtendmedia.com and the one on the right has an address of ib.adnxs.com.

I've seen some other posts in the forums with the same or similar issues and looking for any help or guidance on how to remove it.

Thanks in advance for the help.

DDS Log File:

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385
Run by nsurpren at 20:22:34 on 2012-11-01
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3979.2029 [GMT -5:00]
.
AV: Cisco Security Agent V6.0.2.130 *Disabled/Updated* {C0F416B2-FB86-4FC5-A9EB-5026B725D4B0}
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Cisco Security Agent V6.0.2.130 *Enabled/Updated* {7B95F756-DDBC-404B-935B-6B54CCA29E0D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: Cisco Security Agent V6.0.2.130 *Enabled* {F8CF9797-B1E9-4E9D-82B4-F91349F693CB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\CmgShieldSvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\Cisco\CSAgent\bin\CSAControl.exe
C:\Program Files (x86)\Cisco\CSAgent\bin\leventmgr.exe
C:\Program Files (x86)\Cisco\CSAgent\bin\dcgate.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco\CSAgent\bin\CSAControl.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\CmgShieldUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\WebEx\Productivity Tools\PTIM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\WebEx\Productivity Tools\ptSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Cisco\CSAgent\bin\okclient.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Altiris\Altiris Agent\AeXAgentUIHost.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer
uDefault_Page_URL = http://www.yaoo.com
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uRun: [PTIM.exe] C:\Program Files (x86)\WebEx\Productivity Tools\PTIM.exe
mRun: [AeXAgentLogon] C:\Program Files (x86)\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\ALLUSE~1\MICROS~1\Windows\STARTM~1\Programs\Startup\CISCOS~1.LNK - C:\Program Files (x86)\Cisco\CSAgent\bin\okclient.exe
StartupFolder: C:\ALLUSE~1\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/upgradeserver/client/ptool/T27L10NSP32_CP7-14499/ieatgpc1.cab
TCP: NameServer = 209.188.96.2 137.192.2.3
TCP: Interfaces\{CDDBBDB9-6964-49FE-B460-0C48A0A4B644} : DHCPNameServer = 209.188.96.2 137.192.2.3
TCP: Interfaces\{CDDBBDB9-6964-49FE-B460-0C48A0A4B644}\26C696A7A7162746 : DHCPNameServer = 171.70.168.183 173.36.131.10
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [CmgShieldUI] C:\Windows\System32\CMGShieldUI.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 217.23.13.202 www.google-analytics.com.
Hosts: 217.23.13.202 ad-emea.doubleclick.net.
Hosts: 217.23.13.202 www.statcounter.com.
Hosts: 198.15.104.132 www.google-analytics.com.
Hosts: 198.15.104.132 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 CmgHiber;CmgHiber;C:\Windows\System32\drivers\CmgHiber.sys [2010-6-30 92776]
R0 CmgShieldCEF;CmgShieldCEF;C:\Windows\System32\drivers\CMGShCEF.sys [2010-6-30 358504]
R0 CMGShieldReg;CMGShieldReg;C:\Windows\System32\drivers\CmgShREG.sys [2010-6-30 24168]
R0 csacenter;Cisco Security Agent Rule Engine;C:\Windows\System32\drivers\csacentr.sys [2011-7-21 335432]
R0 csafile;Cisco Security Agent File Access Controller;C:\Windows\System32\drivers\csafile.sys [2011-7-21 155208]
R0 csareg;Cisco Security Agent Registry Access Controller;C:\Windows\System32\drivers\csareg.sys [2011-7-21 61000]
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2012-3-23 31344]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-7-21 469400]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-4-27 25960]
R1 csafilt;Cisco Security Agent Network Access Controller and Packet Verifier;C:\Windows\System32\drivers\csafilt.sys [2011-7-21 564296]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-5-9 15472]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 CMGShield;CMGShield;C:\Windows\System32\CmgShieldSvc.exe [2010-7-1 2979240]
R2 CSAgent;Cisco Security Agent;C:\Program Files (x86)\Cisco\CSAgent\bin\csacontrol.exe [2011-7-21 365224]
R2 CSAgentMon;Cisco Security Agent Monitor;C:\Program Files (x86)\Cisco\CSAgent\bin\csacontrol.exe [2011-7-21 365224]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-5-9 45496]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-5-9 93032]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-1 399432]
R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-1-6 20792]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-7-21 103744]
R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2010-1-6 180968]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-1-6 66896]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-7-21 79504]
R2 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-3-23 143360]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2011-4-27 98816]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-5-9 114024]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-5-9 64440]
R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2011-4-27 166528]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-3-23 477032]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\System32\drivers\e1c62x64.sys [2011-4-27 316080]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-4-27 56344]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-7-21 120096]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2011-2-25 8153088]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-4-27 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-4-27 181248]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-1 116648]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-1 676936]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-3-23 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-1 116648]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-1 25928]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-7-21 78896]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-3-23 83304]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-11 1255736]
S4 EMS;EMS;EMSService.exe --> EMSService.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile="C:\Windows\System32\CScript.exe" "%1" %* [default=Open2]
FileExt: .vbs: VBSFile="C:\Windows\System32\CScript.exe" "%1" %* [default=Open2]
FileExt: .js: JSFile=C:\Windows\System32\CScript.exe "%1" %* [default=Open2]
FileExt: .jse: JSEFile=C:\Windows\System32\CScript.exe "%1" %* [default=Open2]
FileExt: .wsf: WSFFile="C:\Windows\System32\CScript.exe" "%1" %* [default=Open2]
.
=============== Created Last 30 ================
.
2012-11-01 22:30:30 -------- d-----w- C:\Users\nsurpren\AppData\Local\Deployment
2012-11-01 22:30:30 -------- d-----w- C:\Users\nsurpren\AppData\Local\Apps
2012-11-01 16:36:46 -------- d-----w- C:\Users\nsurpren\AppData\Roaming\Malwarebytes
2012-11-01 16:36:12 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-01 16:36:07 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-01 16:36:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-01 15:45:21 -------- d-----w- C:\Users\nsurpren\AppData\Local\{3D93C846-260C-4F73-8D05-95DE4EDB9DE3}
2012-10-31 14:25:15 -------- d-----w- C:\Users\nsurpren\AppData\Local\{104BD036-44C5-41B8-AC04-91FA035C2A93}
2012-10-30 23:46:53 -------- d-----w- C:\Users\nsurpren\AppData\Local\{A1202796-9A88-435E-B366-300E16B23E63}
2012-10-29 12:53:13 -------- d-----w- C:\Users\nsurpren\AppData\Local\{6D54CEC3-A56A-4B31-B178-11287CA669CF}
2012-10-28 17:02:10 -------- d-----w- C:\Users\nsurpren\AppData\Local\{52E8A2C2-8C72-4B7E-ADC9-30D9E772D831}
2012-10-26 14:55:36 -------- d-----w- C:\Users\nsurpren\AppData\Local\{2C1800E1-4510-4A54-A352-CDE9464AAC44}
2012-10-25 15:21:05 -------- d-----w- C:\Users\nsurpren\AppData\Local\{D0AB8A7D-3147-4F84-A7FA-EF52301E39E8}
2012-10-24 13:38:24 -------- d-----w- C:\Users\nsurpren\AppData\Local\{83B106DF-6849-4320-9D29-BAF911CC2222}
2012-10-23 13:38:17 -------- d-----w- C:\Users\nsurpren\AppData\Local\{805CA31D-BB90-4AE3-A764-08906A84FDE5}
2012-10-22 15:48:29 -------- d-----w- C:\Users\nsurpren\AppData\Local\{C52EEF46-B2D4-4D65-960E-A132DAD062FA}
2012-10-21 17:13:18 -------- d-----w- C:\Users\nsurpren\AppData\Local\{E434D05F-CE4C-4F4B-B236-AE7FACB0194D}
2012-10-21 16:33:46 -------- d-----w- C:\Windows\System32\EventProviders
2012-10-20 17:10:25 -------- d-----w- C:\Users\nsurpren\AppData\Local\{2BBFEE3C-E8EC-4A23-A8C6-C6788992A8E7}
2012-10-19 18:50:00 -------- d-----w- C:\Users\nsurpren\AppData\Local\{E14F98C9-CBCB-4935-B058-3638800A528B}
2012-10-18 15:04:03 -------- d-----w- C:\Users\nsurpren\AppData\Local\{E0394C9C-9951-4A9E-B94D-5ADD6BF874E2}
2012-10-17 13:43:52 -------- d-----w- C:\Users\nsurpren\AppData\Local\{636BB321-0475-430B-A535-1F9EDCE1A1DF}
2012-10-16 13:40:39 -------- d-----w- C:\Users\nsurpren\AppData\Local\{4AB4757A-617F-49B1-8C43-69083E7BDEB1}
2012-10-15 13:54:04 -------- d-----w- C:\Users\nsurpren\AppData\Local\{F038434E-447A-49FA-A19C-85ACCCFECE56}
2012-10-14 23:18:36 -------- d-----w- C:\Users\nsurpren\AppData\Local\{B3818F7B-FC2C-405D-8723-2CEE79BDBE09}
2012-10-13 18:06:53 -------- d-----w- C:\Users\nsurpren\AppData\Local\{98039871-BE9F-4C78-8760-094CB443E8D3}
2012-10-12 13:38:15 -------- d-----w- C:\Users\nsurpren\AppData\Local\{860A2992-775F-468C-89D4-28FB356CD555}
2012-10-11 14:09:56 -------- d-----w- C:\Users\nsurpren\AppData\Local\{A370A16F-0D48-4D35-B5DE-9788404F49DD}
2012-10-10 20:23:14 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-10 20:22:02 425984 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-10 20:22:01 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-10 20:22:01 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-10 20:20:58 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-10-10 20:20:58 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-10-10 20:20:33 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 20:20:33 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 20:20:22 714752 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 20:20:22 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 20:20:06 1462784 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 20:20:04 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 20:20:04 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 20:20:04 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 20:20:03 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 20:20:03 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-10 15:25:05 -------- d-----w- C:\Users\nsurpren\AppData\Local\{6D6DD850-A024-48E5-8744-F0F1240AB7A7}
2012-10-09 14:07:15 -------- d-----w- C:\Users\nsurpren\AppData\Local\{F4AE7BE5-AF76-4D33-9646-D9A3E9493FE1}
2012-10-09 02:06:52 -------- d-----w- C:\Users\nsurpren\AppData\Local\{AC3F8A95-A1B1-4FD7-9B37-7EBFA8F92F93}
2012-10-08 14:06:29 -------- d-----w- C:\Users\nsurpren\AppData\Local\{D8877C52-5F39-44BB-BBF0-2777BDBC6D31}
2012-10-07 15:50:07 -------- d-----w- C:\Users\nsurpren\AppData\Local\{5B80FE2E-F0FF-479B-86D0-4F5F9FFA3945}
2012-10-06 16:28:55 -------- d-----w- C:\Users\nsurpren\AppData\Local\{DA2DDD99-F6EB-45CF-8879-A468D2B115C9}
2012-10-05 14:27:39 -------- d-----w- C:\Users\nsurpren\AppData\Local\{A66F032B-D74A-40AD-BD64-ABFD832DA49C}
2012-10-05 02:01:16 -------- d-----w- C:\Users\nsurpren\AppData\Local\{1912CD2A-DEFD-4BFA-A36A-5EAD7E364A88}
2012-10-04 13:59:58 -------- d-----w- C:\Users\nsurpren\AppData\Local\{5CCE344E-346A-48B1-9AB7-92216EF18553}
2012-10-03 15:57:14 -------- d-----w- C:\Users\nsurpren\AppData\Local\{4132E823-5D45-42D3-88BE-8057F7BA995A}
.
==================== Find3M ====================
.
2012-08-30 18:11:29 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 18:05:27 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 18:02:20 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-08-24 17:10:47 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 17:08:47 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-08-24 16:45:23 482816 ----a-w- C:\Windows\System32\html.iec
2012-08-24 16:02:45 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 16:01:45 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-08-24 15:27:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 20:23:18.38 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 AM

Posted 01 November 2012 - 09:59 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Gr8Lks

Gr8Lks
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 02 November 2012 - 10:25 AM

Per your request.

Security Check:
Results of screen317's Security Check version 0.99.54
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Cisco Security Agent V6.0.2.130
McAfee VirusScan Enterprise
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
McAfee AntiSpyware Enterprise Module
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 22
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (3.6.3) Firefox out of Date!
Google Chrome 22.0.1229.96
````````Process Check: objlist.exe by Laurent````````
McAfee VirusScan Enterprise x64 engineserver.exe
McAfee VirusScan Enterprise vstskmgr.exe
McAfee VirusScan Enterprise x64 mcshield.exe
McAfee VirusScan Enterprise x64 mfeann.exe
McAfee VirusScan Enterprise shstat.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````


AdwCleaner:
# AdwCleaner v2.006 - Logfile created 11/02/2012 at 10:11:24
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Enterprise (64 bits)
# User : nsurpren - JSURPREN-WS
# Boot Mode : Normal
# Running from : C:\Users\nsurpren\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\nsurpren\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [713 octets] - [02/11/2012 10:11:24]

########## EOF - C:\AdwCleaner[S1].txt - [772 octets] ##########

RogueKiller:
RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : nsurpren [Admin rights]
Mode : Scan -- Date : 11/02/2012 10:18:58

Bad processes : 0

Registry Entries : 5
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
217.23.13.202 www.google-analytics.com.
217.23.13.202 ad-emea.doubleclick.net.
217.23.13.202 www.statcounter.com.
198.15.104.132 www.google-analytics.com.
198.15.104.132 ad-emea.doubleclick.net.
198.15.104.132 www.statcounter.com.


MBR Check:

+++++ PhysicalDrive0: INTEL SSDSA2BW160G3L +++++
--- User ---
[MBR] 79620e0a9b17cda35691ace1db216480
[BSP] 606720ae9787eebc4040d462f440bea8 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 AM

Posted 03 November 2012 - 06:10 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Gr8Lks

Gr8Lks
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 03 November 2012 - 12:58 PM

I'm having an issue after running Combofix. The Windows log on screen comes up but when I push Ctrl, Alt, Delete nothing happens. I let the computer sit for 15 minutes with the same result. I forced a shut down through the power button and got the same result. I rebooted in Safe Mode and get the same result.

When I ran Combo fix I disable Malwarebytes and McAfee. However I was not aware I had a security agent software which Combofix alerted me to disable before proceeding, which I did. Combofix ran 50 processes and was deleting a file/folder before the reboot process.

Edited by Gr8Lks, 03 November 2012 - 12:59 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 AM

Posted 04 November 2012 - 05:20 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Gr8Lks

Gr8Lks
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 04 November 2012 - 01:24 PM

I'm having a problem with the computer recognizing the USB drive. I downloaded the frst64.exe file onto the flash from another computer and connected to the USB port before starting the boot up process. When I'm in notepad and select File>Open>Computer it does not show the USB Flash drive. I've tried 3 different USB flash drives which all work in the other computer. I burned a DVD with frst64.exe file and was able to run it from the command prompt. After it completed the scan I'm not sure where it saved the log file as I'm guessing it was supposed to save it to the location it was run from but given it was a DVD it was not write able. I looked in the BIOS settings and everything under USB is enabled.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 AM

Posted 04 November 2012 - 09:21 PM

check to see if it saved it on the the root of the drive (C:/) if not try to run it from the DVD and see if you can save it to the root of the drive (C:/)
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Gr8Lks

Gr8Lks
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 05 November 2012 - 09:45 AM

Not real sure what happened but I was not able to get the FRST log files from the root drive. I decided to choose the restore to last known good configuration from the menu that comes up when pressing F8 during the boot. This booted up the system and allowed me to log in and on the screen was the Combofix window. I let it run as it said do not start any programs while running. After a few minutes the log file from Combofix opened which you can find below.

Once the ComboFix window closed after the log file opened I opened IE and Chrome and so far no ad popups have come up while navigating several sites. I'm going to reboot after sending this update to make sure I can login as normal. After rebooting I can not login as it does not accept CTRL>Alt>Delete. I had to reboot with the last know good config option from the menu to log back in.

ComboFix Log:
ComboFix 12-11-03.02 - nsurpren 11/03/2012 12:08:37.1.8 - x64
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3979.2012 [GMT -5:00]
Running from: c:\users\nsurpren\Desktop\ComboFix.exe
AV: Cisco Security Agent V6.0.2.130 *Disabled/Updated* {C0F416B2-FB86-4FC5-A9EB-5026B725D4B0}
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: Cisco Security Agent V6.0.2.130 *Disabled* {F8CF9797-B1E9-4E9D-82B4-F91349F693CB}
SP: Cisco Security Agent V6.0.2.130 *Disabled/Updated* {7B95F756-DDBC-404B-935B-6B54CCA29E0D}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\QuickTime\QTTask.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\windows\SysWow64\bin
c:\windows\SysWow64\bin\MSVCRT.DLL
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WDF01000
-------\Service_Wdf01000
.
.
((((((((((((((((((((((((( Files Created from 2012-10-05 to 2012-11-05 )))))))))))))))))))))))))))))))
.
.
2012-11-05 15:23 . 2012-11-05 15:23 -------- d-----w- c:\users\nsurpren\AppData\Local\VirtualStore
2012-11-04 20:48 . 2012-11-04 20:48 -------- d-----w- C:\FRST
2012-11-03 22:22 . 2012-11-03 22:22 -------- d-----w- C:\Temp
2012-11-03 17:21 . 2012-11-03 17:21 -------- d-----w- c:\users\jsurpren\AppData\Local\temp
2012-11-03 17:21 . 2012-11-03 17:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-03 17:21 . 2012-11-03 17:21 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-11-01 22:30 . 2012-11-01 22:30 -------- d-----w- c:\users\nsurpren\AppData\Local\Deployment
2012-11-01 22:30 . 2012-11-01 22:30 -------- d-----w- c:\users\nsurpren\AppData\Local\Apps
2012-11-01 16:36 . 2012-11-01 16:36 -------- d-----w- c:\users\nsurpren\AppData\Roaming\Malwarebytes
2012-11-01 16:36 . 2012-11-01 16:36 -------- d-----w- c:\programdata\Malwarebytes
2012-11-01 16:36 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-01 16:36 . 2012-11-01 16:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-21 16:34 . 2012-09-28 05:18 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-21 16:33 . 2012-10-21 16:33 -------- d-----w- c:\windows\system32\EventProviders
2012-10-21 16:30 . 2012-10-21 16:30 -------- d-----w- c:\users\jsurpren\AppData\Local\Downloaded Installations
2012-10-10 20:23 . 2012-08-31 18:02 1656688 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 20:22 . 2012-08-18 15:37 425984 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-10 20:22 . 2012-08-18 15:37 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-10-10 20:22 . 2012-08-18 15:42 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-10-10 20:22 . 2012-08-18 15:34 338432 ----a-w- c:\windows\system32\conhost.exe
2012-10-10 20:20 . 2012-08-30 17:18 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 20:20 . 2012-08-30 17:18 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 20:20 . 2012-09-14 19:23 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 20:20 . 2012-09-14 18:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 20:20 . 2012-08-11 00:53 714752 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 20:20 . 2012-08-10 23:54 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 20:20 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 20:20 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 20:20 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 20:20 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 20:20 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 20:20 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-24 18:05 . 2012-09-22 17:58 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 18:05 . 2012-09-22 17:58 1501696 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 18:05 . 2012-09-22 17:58 134144 ----a-w- c:\windows\system32\url.dll
2012-08-24 18:03 . 2012-09-22 17:58 1026560 ----a-w- c:\windows\system32\mstime.dll
2012-08-24 18:02 . 2012-09-22 17:58 9375744 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 18:02 . 2012-09-22 17:58 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 18:02 . 2012-09-22 17:58 736256 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 18:02 . 2012-09-22 17:58 82944 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-08-24 18:02 . 2012-09-22 17:58 57856 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-24 18:02 . 2012-09-22 17:58 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 18:01 . 2012-09-22 17:58 247808 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 18:01 . 2012-09-22 17:58 2458624 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 18:01 . 2012-09-22 17:58 12404736 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 18:01 . 2012-09-22 17:58 256000 ----a-w- c:\windows\system32\iepeers.dll
2012-08-24 18:01 . 2012-09-22 17:58 445952 ----a-w- c:\windows\system32\iedkcs32.dll
2012-08-24 17:59 . 2012-09-22 17:58 12288 ----a-w- c:\windows\system32\msfeedssync.exe
2012-08-24 17:10 . 2012-09-22 17:58 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 17:08 . 2012-09-22 17:58 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-08-24 16:45 . 2012-09-22 17:58 482816 ----a-w- c:\windows\system32\html.iec
2012-08-24 16:02 . 2012-09-22 17:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 16:01 . 2012-09-22 17:58 386048 ----a-w- c:\windows\SysWow64\html.iec
2012-08-24 15:27 . 2012-09-22 17:58 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-18 11:19 . 2012-10-10 20:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTIM.exe"="c:\program files (x86)\WebEx\Productivity Tools\PTIM.exe" [2012-04-13 406632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AeXAgentLogon"="c:\program files (x86)\Altiris\Altiris Agent\AeXAgentActivate.exe" [2010-02-26 152872]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-01-07 124240]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\UdaterUI.exe" [2009-01-23 136512]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-04-19 1551208]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Cisco Security Agent.lnk - c:\program files (x86)\Cisco\CSAgent\bin\okclient.exe [2011-7-21 671744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-01-07 78896]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-04-19 83304]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-10 1255736]
R4 EMS;EMS;EMSService.exe [x]
S0 CmgHiber;CmgHiber;c:\windows\system32\DRIVERS\CmgHiber.sys [2010-06-30 92776]
S0 CmgShieldCEF;CmgShieldCEF;c:\windows\system32\DRIVERS\CMGShCEF.sys [2010-06-30 358504]
S0 CMGShieldReg;CMGShieldReg;c:\windows\system32\DRIVERS\CmgShREG.sys [2010-06-30 24168]
S0 csacenter;Cisco Security Agent Rule Engine;c:\windows\system32\drivers\csacentr.sys [2010-05-26 335432]
S0 csafile;Cisco Security Agent File Access Controller;c:\windows\system32\drivers\csafile.sys [2010-05-26 155208]
S0 csareg;Cisco Security Agent Registry Access Controller;c:\windows\system32\drivers\csareg.sys [2010-05-26 61000]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2011-04-19 31344]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-04 25960]
S1 csafilt;Cisco Security Agent Network Access Controller and Packet Verifier;c:\windows\system32\drivers\csafilt.sys [2010-05-26 564296]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 CMGShield;CMGShield;c:\windows\system32\CmgShieldSvc.exe [2010-07-01 2979240]
S2 CSAgent;Cisco Security Agent;c:\program files (x86)\Cisco\CSAgent\bin\CSAControl.exe [2010-05-26 365224]
S2 CSAgentMon;Cisco Security Agent Monitor;c:\program files (x86)\Cisco\CSAgent\bin\CSAControl.exe [2010-05-26 365224]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-01-07 20792]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-01-07 79504]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-04-19 143360]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2010-12-15 98816]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2010-12-23 166528]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-04-19 477032]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01 22:30]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01 22:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-10 418840]
"CmgShieldUI"="c:\windows\System32\CMGShieldUI.exe" [2010-07-01 373160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\system32\nvinitx.dll csauser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Trusted Zone: cisco.com\www
Trusted Zone: cisco.com\wwwin
Trusted Zone: cisco.com\wwwin-asiapac
Trusted Zone: cisco.com\wwwin-emea
TCP: DhcpNameServer = 209.188.96.2 137.192.2.3
FF - ProfilePath -
.
.
------- File Associations -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-QuickTime Task - c:\program files (x86)\QuickTime\QTTask.exe
Wow6432Node-HKLM-Run-QuickTime Task - c:\program files (x86)\QuickTime\QTTask.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Altiris\Altiris Agent\AeXNSAgent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\iPass\iPassConnect\iPassPeriodicUpdateService.exe
c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe
c:\program files (x86)\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files (x86)\WebEx\Productivity Tools\ptSrv.exe
c:\windows\SysWOW64\rundll32.exe
c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe
.
**************************************************************************
.
Completion time: 2012-11-05 07:26:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-05 15:26
.
Pre-Run: 73,710,309,376 bytes free
Post-Run: 73,127,735,296 bytes free
.
- - End Of File - - 4D9565D024D9E695450D81FF9D2D64CB

Edited by Gr8Lks, 05 November 2012 - 09:53 AM.


#10 Gr8Lks

Gr8Lks
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 05 November 2012 - 01:36 PM

Rebooted the computer one more time and was able to log in as i normally would. Performed several more reboots just to make sure and seems to be functioning normally. So far no add pop ups in IE and Chrome after running ComboFix.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 AM

Posted 05 November 2012 - 02:54 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Gr8Lks

Gr8Lks
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 06 November 2012 - 01:27 PM

TDSSKiller Report:

12:24:05.0886 6316 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:24:06.0265 6316 ============================================================
12:24:06.0265 6316 Current date / time: 2012/11/06 12:24:06.0265
12:24:06.0265 6316 SystemInfo:
12:24:06.0265 6316
12:24:06.0265 6316 OS Version: 6.1.7600 ServicePack: 0.0
12:24:06.0265 6316 Product type: Workstation
12:24:06.0266 6316 ComputerName: JSURPREN-WS
12:24:06.0266 6316 UserName: nsurpren
12:24:06.0266 6316 Windows directory: C:\Windows
12:24:06.0266 6316 System windows directory: C:\Windows
12:24:06.0266 6316 Running under WOW64
12:24:06.0266 6316 Processor architecture: Intel x64
12:24:06.0266 6316 Number of processors: 8
12:24:06.0266 6316 Page size: 0x1000
12:24:06.0266 6316 Boot type: Normal boot
12:24:06.0266 6316 ============================================================
12:24:06.0718 6316 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:24:06.0730 6316 ============================================================
12:24:06.0730 6316 \Device\Harddisk0\DR0:
12:24:06.0730 6316 MBR partitions:
12:24:06.0730 6316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
12:24:06.0730 6316 ============================================================
12:24:06.0733 6316 C: <-> \Device\Harddisk0\DR0\Partition1
12:24:06.0733 6316 ============================================================
12:24:06.0733 6316 Initialize success
12:24:06.0733 6316 ============================================================
12:24:15.0287 7236 ============================================================
12:24:15.0287 7236 Scan started
12:24:15.0287 7236 Mode: Manual;
12:24:15.0287 7236 ============================================================
12:24:15.0508 7236 ================ Scan system memory ========================
12:24:15.0508 7236 System memory - ok
12:24:15.0509 7236 ================ Scan services =============================
12:24:15.0549 7236 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
12:24:15.0555 7236 1394ohci - ok
12:24:15.0563 7236 [ 6FC47AA89B4ABD3E2F8766E55A52E426 ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
12:24:15.0621 7236 5U877 - ok
12:24:15.0629 7236 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
12:24:15.0634 7236 ACPI - ok
12:24:15.0637 7236 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
12:24:15.0641 7236 AcpiPmi - ok
12:24:15.0651 7236 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:24:15.0664 7236 adp94xx - ok
12:24:15.0671 7236 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:24:15.0683 7236 adpahci - ok
12:24:15.0689 7236 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:24:15.0695 7236 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\adpu320.sys. md5: E109549C90F62FB570B9540C4B148E54
12:24:15.0696 7236 adpu320 ( LockedFile.Multi.Generic ) - warning
12:24:15.0696 7236 adpu320 - detected LockedFile.Multi.Generic (1)
12:24:15.0701 7236 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:24:15.0704 7236 AeLookupSvc - ok
12:24:15.0724 7236 [ 9203AD68320587889DDDDC0DF6648C29 ] AeXNSClient C:\Program Files (x86)\Altiris\Altiris Agent\AeXNSAgent.exe
12:24:15.0733 7236 AeXNSClient - ok
12:24:15.0744 7236 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
12:24:15.0748 7236 AFD - ok
12:24:15.0752 7236 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
12:24:15.0757 7236 agp440 - ok
12:24:15.0760 7236 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:24:15.0764 7236 ALG - ok
12:24:15.0767 7236 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
12:24:15.0771 7236 aliide - ok
12:24:15.0774 7236 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
12:24:15.0777 7236 amdide - ok
12:24:15.0781 7236 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:24:15.0786 7236 AmdK8 - ok
12:24:15.0790 7236 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:24:15.0795 7236 AmdPPM - ok
12:24:15.0799 7236 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:24:15.0842 7236 amdsata - ok
12:24:15.0848 7236 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:24:15.0857 7236 amdsbs - ok
12:24:15.0860 7236 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:24:15.0902 7236 amdxata - ok
12:24:15.0907 7236 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
12:24:15.0913 7236 AppID - ok
12:24:15.0917 7236 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:24:15.0918 7236 AppIDSvc - ok
12:24:15.0922 7236 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
12:24:15.0925 7236 Appinfo - ok
12:24:15.0931 7236 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:24:15.0933 7236 Apple Mobile Device - ok
12:24:15.0939 7236 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
12:24:15.0941 7236 AppMgmt - ok
12:24:15.0945 7236 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:24:15.0949 7236 arc - ok
12:24:15.0953 7236 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:24:15.0960 7236 arcsas - ok
12:24:15.0964 7236 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:24:15.0966 7236 AsyncMac - ok
12:24:15.0969 7236 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
12:24:15.0973 7236 atapi - ok
12:24:15.0986 7236 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:24:15.0995 7236 AudioEndpointBuilder - ok
12:24:16.0007 7236 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:24:16.0012 7236 AudioSrv - ok
12:24:16.0016 7236 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:24:16.0018 7236 AxInstSV - ok
12:24:16.0028 7236 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:24:16.0039 7236 b06bdrv - ok
12:24:16.0047 7236 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:24:16.0055 7236 b57nd60a - ok
12:24:16.0063 7236 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
12:24:16.0065 7236 BBSvc - ok
12:24:16.0071 7236 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
12:24:16.0073 7236 BBUpdate - ok
12:24:16.0077 7236 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:24:16.0079 7236 BDESVC - ok
12:24:16.0083 7236 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:24:16.0088 7236 Beep - ok
12:24:16.0100 7236 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
12:24:16.0110 7236 BFE - ok
12:24:16.0125 7236 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
12:24:16.0137 7236 BITS - ok
12:24:16.0141 7236 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:24:16.0147 7236 blbdrive - ok
12:24:16.0157 7236 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:24:16.0203 7236 Bonjour Service - ok
12:24:16.0207 7236 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:24:16.0237 7236 bowser - ok
12:24:16.0240 7236 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:24:16.0245 7236 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\BrFiltLo.sys. md5: F09EEE9EDC320B5E1501F749FDE686C8
12:24:16.0245 7236 BrFiltLo ( LockedFile.Multi.Generic ) - warning
12:24:16.0245 7236 BrFiltLo - detected LockedFile.Multi.Generic (1)
12:24:16.0248 7236 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:24:16.0253 7236 BrFiltUp - ok
12:24:16.0257 7236 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
12:24:16.0260 7236 Browser - ok
12:24:16.0266 7236 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:24:16.0273 7236 Brserid - ok
12:24:16.0277 7236 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:24:16.0282 7236 BrSerWdm - ok
12:24:16.0285 7236 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:24:16.0288 7236 BrUsbMdm - ok
12:24:16.0291 7236 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:24:16.0294 7236 BrUsbSer - ok
12:24:16.0297 7236 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:24:16.0301 7236 BTHMODEM - ok
12:24:16.0305 7236 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:24:16.0307 7236 bthserv - ok
12:24:16.0310 7236 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:24:16.0315 7236 cdfs - ok
12:24:16.0319 7236 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:24:16.0325 7236 cdrom - ok
12:24:16.0329 7236 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
12:24:16.0331 7236 CertPropSvc - ok
12:24:16.0334 7236 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:24:16.0337 7236 circlass - ok
12:24:16.0344 7236 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:24:16.0347 7236 CLFS - ok
12:24:16.0355 7236 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:24:16.0361 7236 clr_optimization_v2.0.50727_32 - ok
12:24:16.0367 7236 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:24:16.0369 7236 clr_optimization_v2.0.50727_64 - ok
12:24:16.0376 7236 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:24:16.0378 7236 clr_optimization_v4.0.30319_32 - ok
12:24:16.0392 7236 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:24:16.0394 7236 clr_optimization_v4.0.30319_64 - ok
12:24:16.0397 7236 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:24:16.0401 7236 CmBatt - ok
12:24:16.0404 7236 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
12:24:16.0407 7236 cmdide - ok
12:24:16.0411 7236 [ 7BDA160826BF9BDFE8B8EB11952F5B1E ] CmgHiber C:\Windows\system32\DRIVERS\CmgHiber.sys
12:24:16.0442 7236 CmgHiber - ok
12:24:16.0477 7236 [ 4B38FAD35C2FFDB57F0035062BF2092C ] CMGShield C:\Windows\system32\CmgShieldSvc.exe
12:24:16.0505 7236 CMGShield - ok
12:24:16.0512 7236 [ CD9CC5CE9506EA4EF2B84EC0A364B875 ] CmgShieldCEF C:\Windows\system32\DRIVERS\CMGShCEF.sys
12:24:16.0550 7236 CmgShieldCEF - ok
12:24:16.0555 7236 [ 47C65E54138464F93A860DF28E0C3854 ] CMGShieldReg C:\Windows\system32\DRIVERS\CmgShREG.sys
12:24:16.0586 7236 CMGShieldReg - ok
12:24:16.0595 7236 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
12:24:16.0625 7236 CNG - ok
12:24:16.0644 7236 [ D01E9A7C1A51D5CEFAE45CDB9A3F7EDC ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
12:24:16.0736 7236 CnxtHdAudService - ok
12:24:16.0742 7236 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:24:16.0749 7236 Compbatt - ok
12:24:16.0754 7236 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
12:24:16.0761 7236 CompositeBus - ok
12:24:16.0765 7236 COMSysApp - ok
12:24:16.0771 7236 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:24:16.0776 7236 crcdisk - ok
12:24:16.0788 7236 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:24:16.0791 7236 CryptSvc - ok
12:24:16.0801 7236 [ F37991966B4796F7F174452B87D52D9C ] csacenter C:\Windows\system32\drivers\csacentr.sys
12:24:16.0874 7236 csacenter - ok
12:24:16.0882 7236 [ D1ADEAAF8E3BBC811D5C00ABB23BA90F ] csafile C:\Windows\system32\drivers\csafile.sys
12:24:16.0927 7236 csafile - ok
12:24:16.0937 7236 [ A5CD5CA37AC28161AFBE4EF2FAE97858 ] csafilt C:\Windows\system32\drivers\csafilt.sys
12:24:16.0978 7236 csafilt - ok
12:24:16.0988 7236 [ 25B61F917E66FCC91D4FBF5EF10263F5 ] CSAgent C:\Program Files (x86)\Cisco\CSAgent\bin\CSAControl.exe
12:24:17.0029 7236 CSAgent - ok
12:24:17.0035 7236 [ 25B61F917E66FCC91D4FBF5EF10263F5 ] CSAgentMon C:\Program Files (x86)\Cisco\CSAgent\bin\CSAControl.exe
12:24:17.0038 7236 CSAgentMon - ok
12:24:17.0043 7236 [ 94EA87BECC86ECF44BC5ABACFAAC4601 ] csareg C:\Windows\system32\drivers\csareg.sys
12:24:17.0076 7236 csareg - ok
12:24:17.0086 7236 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
12:24:17.0097 7236 CSC - ok
12:24:17.0109 7236 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
12:24:17.0116 7236 CscService - ok
12:24:17.0119 7236 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
12:24:17.0151 7236 CVirtA - ok
12:24:17.0172 7236 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
12:24:17.0181 7236 CVPND - ok
12:24:17.0188 7236 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
12:24:17.0225 7236 CVPNDRVA - ok
12:24:17.0236 7236 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:24:17.0245 7236 DcomLaunch - ok
12:24:17.0251 7236 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:24:17.0254 7236 defragsvc - ok
12:24:17.0257 7236 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:24:17.0288 7236 DfsC - ok
12:24:17.0296 7236 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
12:24:17.0299 7236 Dhcp - ok
12:24:17.0302 7236 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:24:17.0303 7236 discache - ok
12:24:17.0306 7236 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:24:17.0311 7236 Disk - ok
12:24:17.0316 7236 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
12:24:17.0317 7236 DNE - ok
12:24:17.0323 7236 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:24:17.0327 7236 Dnscache - ok
12:24:17.0333 7236 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
12:24:17.0335 7236 dot3svc - ok
12:24:17.0345 7236 [ E6987F7818154791A6937BCC6655599B ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
12:24:17.0350 7236 DozeSvc - ok
12:24:17.0355 7236 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
12:24:17.0357 7236 DPS - ok
12:24:17.0372 7236 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:24:17.0420 7236 DXGKrnl - ok
12:24:17.0424 7236 [ CE4CFFD9F64B86BCEB1C343FC9924D72 ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys
12:24:17.0455 7236 DzHDD64 - ok
12:24:17.0462 7236 [ DC1776D086AA9733B1929A3D979D9FDD ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
12:24:17.0464 7236 e1cexpress - ok
12:24:17.0468 7236 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:24:17.0471 7236 EapHost - ok
12:24:17.0508 7236 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:24:17.0548 7236 ebdrv - ok
12:24:17.0552 7236 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
12:24:17.0555 7236 EFS - ok
12:24:17.0568 7236 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:24:17.0572 7236 ehRecvr - ok
12:24:17.0575 7236 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:24:17.0577 7236 ehSched - ok
12:24:17.0587 7236 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:24:17.0598 7236 elxstor - ok
12:24:17.0600 7236 EMS - ok
12:24:17.0603 7236 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
12:24:17.0606 7236 ErrDev - ok
12:24:17.0615 7236 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:24:17.0621 7236 EventSystem - ok
12:24:17.0625 7236 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:24:17.0632 7236 exfat - ok
12:24:17.0637 7236 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:24:17.0644 7236 fastfat - ok
12:24:17.0657 7236 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
12:24:17.0667 7236 Fax - ok
12:24:17.0670 7236 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:24:17.0673 7236 fdc - ok
12:24:17.0676 7236 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:24:17.0678 7236 fdPHost - ok
12:24:17.0681 7236 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:24:17.0683 7236 FDResPub - ok
12:24:17.0686 7236 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:24:17.0689 7236 FileInfo - ok
12:24:17.0692 7236 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:24:17.0695 7236 Filetrace - ok
12:24:17.0699 7236 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:24:17.0703 7236 flpydisk - ok
12:24:17.0709 7236 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:24:17.0717 7236 FltMgr - ok
12:24:17.0733 7236 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
12:24:17.0745 7236 FontCache - ok
12:24:17.0749 7236 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:24:17.0750 7236 FontCache3.0.0.0 - ok
12:24:17.0753 7236 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:24:17.0757 7236 FsDepends - ok
12:24:17.0761 7236 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
12:24:17.0794 7236 fssfltr - ok
12:24:17.0815 7236 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
12:24:17.0867 7236 Suspicious file (NoAccess): C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe. md5: 28DDEEEC44E988657B732CF404D504CB
12:24:17.0868 7236 fsssvc ( LockedFile.Multi.Generic ) - warning
12:24:17.0868 7236 fsssvc - detected LockedFile.Multi.Generic (1)
12:24:17.0873 7236 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:24:17.0906 7236 Fs_Rec - ok
12:24:17.0911 7236 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:24:17.0943 7236 fvevol - ok
12:24:17.0947 7236 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:24:17.0952 7236 gagp30kx - ok
12:24:17.0955 7236 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:24:17.0986 7236 GEARAspiWDM - ok
12:24:17.0998 7236 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
12:24:18.0006 7236 gpsvc - ok
12:24:18.0010 7236 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:24:18.0013 7236 gupdate - ok
12:24:18.0016 7236 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:24:18.0018 7236 gupdatem - ok
12:24:18.0021 7236 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:24:18.0024 7236 hcw85cir - ok
12:24:18.0028 7236 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:24:18.0030 7236 HDAudBus - ok
12:24:18.0033 7236 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:24:18.0037 7236 HidBatt - ok
12:24:18.0041 7236 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:24:18.0045 7236 HidBth - ok
12:24:18.0048 7236 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:24:18.0053 7236 HidIr - ok
12:24:18.0056 7236 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:24:18.0058 7236 hidserv - ok
12:24:18.0061 7236 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:24:18.0064 7236 HidUsb - ok
12:24:18.0068 7236 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:24:18.0071 7236 hkmsvc - ok
12:24:18.0076 7236 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:24:18.0083 7236 HomeGroupListener - ok
12:24:18.0088 7236 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:24:18.0091 7236 HomeGroupProvider - ok
12:24:18.0094 7236 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
12:24:18.0099 7236 HpSAMD - ok
12:24:18.0110 7236 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:24:18.0115 7236 HTTP - ok
12:24:18.0119 7236 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:24:18.0120 7236 hwpolicy - ok
12:24:18.0124 7236 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:24:18.0129 7236 i8042prt - ok
12:24:18.0137 7236 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:24:18.0140 7236 iaStor - ok
12:24:18.0148 7236 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:24:18.0188 7236 iaStorV - ok
12:24:18.0192 7236 [ 29ED470689B7C597A9701D6A4C57A578 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
12:24:18.0224 7236 IBMPMDRV - ok
12:24:18.0228 7236 [ BC7AF43EEC24E995D770EC92A441D5D8 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
12:24:18.0231 7236 IBMPMSVC - ok
12:24:18.0244 7236 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:24:18.0260 7236 idsvc - ok
12:24:18.0438 7236 [ 66DC0CE2D1867B8178EAA0E11930DBD7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:24:18.0621 7236 igfx - ok
12:24:18.0629 7236 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:24:18.0637 7236 iirsp - ok
12:24:18.0655 7236 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
12:24:18.0669 7236 IKEEXT - ok
12:24:18.0677 7236 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
12:24:18.0682 7236 intelide - ok
12:24:18.0686 7236 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:24:18.0690 7236 intelppm - ok
12:24:18.0721 7236 [ D2EE48CE5AD3EBC113E38C8B9A527FFA ] iPassConnectEngine C:\Program Files (x86)\iPass\iPassConnect\iPassConnectEngine.exe
12:24:18.0737 7236 iPassConnectEngine - ok
12:24:18.0744 7236 [ 8C915408255714AFC87EEBC63C56BEA3 ] iPassPeriodicUpdateApp C:\Program Files (x86)\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
12:24:18.0749 7236 iPassPeriodicUpdateApp - ok
12:24:18.0754 7236 [ 21A3BA0615E35B341DD895DA54E6026B ] iPassPeriodicUpdateService C:\Program Files (x86)\iPass\iPassConnect\iPassPeriodicUpdateService.exe
12:24:18.0758 7236 iPassPeriodicUpdateService - ok
12:24:18.0764 7236 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:24:18.0767 7236 IPBusEnum - ok
12:24:18.0772 7236 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:24:18.0778 7236 IpFilterDriver - ok
12:24:18.0791 7236 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:24:18.0798 7236 iphlpsvc - ok
12:24:18.0803 7236 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:24:18.0811 7236 IPMIDRV - ok
12:24:18.0816 7236 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:24:18.0826 7236 IPNAT - ok
12:24:18.0842 7236 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:24:18.0921 7236 iPod Service - ok
12:24:18.0925 7236 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:24:18.0931 7236 IRENUM - ok
12:24:18.0935 7236 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
12:24:18.0940 7236 isapnp - ok
12:24:18.0947 7236 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:24:18.0956 7236 iScsiPrt - ok
12:24:18.0961 7236 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:24:18.0968 7236 kbdclass - ok
12:24:18.0972 7236 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:24:18.0977 7236 kbdhid - ok
12:24:18.0981 7236 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
12:24:18.0984 7236 KeyIso - ok
12:24:18.0989 7236 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:24:18.0993 7236 KSecDD - ok
12:24:18.0999 7236 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:24:19.0060 7236 KSecPkg - ok
12:24:19.0064 7236 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:24:19.0067 7236 ksthunk - ok
12:24:19.0075 7236 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:24:19.0086 7236 KtmRm - ok
12:24:19.0091 7236 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:24:19.0096 7236 LanmanServer - ok
12:24:19.0100 7236 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:24:19.0104 7236 LanmanWorkstation - ok
12:24:19.0109 7236 [ FCE735941DA27929DBFC1918F286FFD8 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
12:24:19.0111 7236 LENOVO.MICMUTE - ok
12:24:19.0113 7236 [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
12:24:19.0145 7236 lenovo.smi - ok
12:24:19.0149 7236 [ 6F2CC57EB5836D2AC9BD37F3554D55F8 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
12:24:19.0150 7236 Lenovo.VIRTSCRLSVC - ok
12:24:19.0154 7236 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:24:19.0158 7236 lltdio - ok
12:24:19.0165 7236 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:24:19.0173 7236 lltdsvc - ok
12:24:19.0177 7236 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:24:19.0179 7236 lmhosts - ok
12:24:19.0183 7236 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:24:19.0188 7236 LSI_FC - ok
12:24:19.0191 7236 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:24:19.0196 7236 LSI_SAS - ok
12:24:19.0199 7236 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:24:19.0202 7236 LSI_SAS2 - ok
12:24:19.0206 7236 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:24:19.0210 7236 LSI_SCSI - ok
12:24:19.0214 7236 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:24:19.0218 7236 luafv - ok
12:24:19.0221 7236 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:24:19.0259 7236 MBAMProtector - ok
12:24:19.0268 7236 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:24:19.0312 7236 MBAMScheduler - ok
12:24:19.0325 7236 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:24:19.0375 7236 MBAMService - ok
12:24:19.0381 7236 [ 048D4FC02F0F7394887C0ABA2CB6B8C2 ] McAfeeFramework C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
12:24:19.0383 7236 McAfeeFramework - ok
12:24:19.0389 7236 [ 3243E462DE3D307B8B1F85707BE0CBFC ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
12:24:19.0426 7236 McShield - ok
12:24:19.0433 7236 [ 462EB5733C52471DB574727B5D1F77E4 ] McTaskManager C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
12:24:19.0437 7236 McTaskManager - ok
12:24:19.0441 7236 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:24:19.0445 7236 Mcx2Svc - ok
12:24:19.0452 7236 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
12:24:19.0457 7236 MDM - ok
12:24:19.0460 7236 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:24:19.0465 7236 megasas - ok
12:24:19.0471 7236 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:24:19.0480 7236 MegaSR - ok
12:24:19.0484 7236 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
12:24:19.0516 7236 MEIx64 - ok
12:24:19.0522 7236 [ A8010E2442349DF1EDE61258415406DE ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
12:24:19.0554 7236 mfeapfk - ok
12:24:19.0561 7236 [ 0152DBEF3AC1BFDCFEB67488FECFFBF7 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
12:24:19.0598 7236 mfeavfk - ok
12:24:19.0601 7236 mfeavfk01 - ok
12:24:19.0612 7236 [ DD61B7472629163AC86C73FF5CB8C090 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
12:24:19.0654 7236 mfehidk - ok
12:24:19.0657 7236 [ 63AF163F785600BE49C35429ADADCEB2 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
12:24:19.0689 7236 mferkdet - ok
12:24:19.0695 7236 [ 832FF782C16081535956403C488A9391 ] mfevtp C:\Windows\system32\mfevtps.exe
12:24:19.0699 7236 mfevtp - ok
12:24:19.0704 7236 [ A07AE92232E9C1023D8011F5F48723C5 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
12:24:19.0742 7236 mfewfpk - ok
12:24:19.0746 7236 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:24:19.0748 7236 MMCSS - ok
12:24:19.0752 7236 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:24:19.0754 7236 Modem - ok
12:24:19.0758 7236 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:24:19.0759 7236 monitor - ok
12:24:19.0762 7236 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:24:19.0767 7236 mouclass - ok
12:24:19.0769 7236 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:24:19.0774 7236 mouhid - ok
12:24:19.0779 7236 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:24:19.0780 7236 mountmgr - ok
12:24:19.0784 7236 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
12:24:19.0790 7236 mpio - ok
12:24:19.0794 7236 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:24:19.0799 7236 mpsdrv - ok
12:24:19.0811 7236 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:24:19.0822 7236 MpsSvc - ok
12:24:19.0826 7236 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:24:19.0831 7236 MRxDAV - ok
12:24:19.0837 7236 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:24:19.0870 7236 mrxsmb - ok
12:24:19.0877 7236 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:24:19.0914 7236 mrxsmb10 - ok
12:24:19.0919 7236 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:24:19.0951 7236 mrxsmb20 - ok
12:24:19.0955 7236 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
12:24:19.0960 7236 msahci - ok
12:24:19.0964 7236 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
12:24:19.0970 7236 msdsm - ok
12:24:19.0975 7236 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:24:19.0979 7236 MSDTC - ok
12:24:19.0984 7236 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:24:19.0988 7236 Msfs - ok
12:24:19.0991 7236 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:24:19.0995 7236 mshidkmdf - ok
12:24:19.0998 7236 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
12:24:20.0001 7236 msisadrv - ok
12:24:20.0006 7236 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:24:20.0013 7236 MSiSCSI - ok
12:24:20.0016 7236 msiserver - ok
12:24:20.0019 7236 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:24:20.0023 7236 MSKSSRV - ok
12:24:20.0027 7236 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:24:20.0031 7236 MSPCLOCK - ok
12:24:20.0034 7236 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:24:20.0037 7236 MSPQM - ok
12:24:20.0045 7236 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:24:20.0056 7236 MsRPC - ok
12:24:20.0062 7236 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:24:20.0064 7236 mssmbios - ok
12:24:20.0068 7236 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:24:20.0071 7236 MSTEE - ok
12:24:20.0076 7236 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:24:20.0080 7236 MTConfig - ok
12:24:20.0083 7236 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:24:20.0087 7236 Mup - ok
12:24:20.0096 7236 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
12:24:20.0104 7236 napagent - ok
12:24:20.0110 7236 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:24:20.0119 7236 NativeWifiP - ok
12:24:20.0134 7236 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
12:24:20.0140 7236 NDIS - ok
12:24:20.0143 7236 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:24:20.0148 7236 NdisCap - ok
12:24:20.0150 7236 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:24:20.0155 7236 NdisTapi - ok
12:24:20.0157 7236 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:24:20.0161 7236 Ndisuio - ok
12:24:20.0166 7236 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:24:20.0168 7236 NdisWan - ok
12:24:20.0171 7236 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:24:20.0174 7236 NDProxy - ok
12:24:20.0177 7236 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:24:20.0182 7236 NetBIOS - ok
12:24:20.0187 7236 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:24:20.0189 7236 NetBT - ok
12:24:20.0192 7236 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
12:24:20.0194 7236 Netlogon - ok
12:24:20.0201 7236 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:24:20.0207 7236 Netman - ok
12:24:20.0215 7236 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:24:20.0219 7236 netprofm - ok
12:24:20.0222 7236 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:24:20.0227 7236 NetTcpPortSharing - ok
12:24:20.0352 7236 [ 9AA75919D0A5F33BEA0DF7B9DB09B755 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
12:24:20.0512 7236 NETwNs64 - ok
12:24:20.0518 7236 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:24:20.0523 7236 nfrd960 - ok
12:24:20.0530 7236 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:24:20.0536 7236 NlaSvc - ok
12:24:20.0539 7236 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:24:20.0542 7236 Npfs - ok
12:24:20.0545 7236 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:24:20.0548 7236 nsi - ok
12:24:20.0550 7236 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:24:20.0552 7236 nsiproxy - ok
12:24:20.0577 7236 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:24:20.0626 7236 Ntfs - ok
12:24:20.0629 7236 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:24:20.0633 7236 Null - ok
12:24:20.0636 7236 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
12:24:20.0667 7236 nusb3hub - ok
12:24:20.0672 7236 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:24:20.0705 7236 nusb3xhc - ok
12:24:20.0909 7236 [ 0C24C7403DBBAD616FEFA479C3D66DD2 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:24:21.0155 7236 nvlddmkm - ok
12:24:21.0161 7236 [ D607B05EBB6D65A22AAB9014DAFA06E4 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
12:24:21.0194 7236 nvpciflt - ok
12:24:21.0199 7236 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:24:21.0233 7236 nvraid - ok
12:24:21.0238 7236 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:24:21.0274 7236 nvstor - ok
12:24:21.0290 7236 [ CEA337A460199E88A9469EE6CEA6E662 ] NVSvc C:\Windows\system32\nvvsvc.exe
12:24:21.0297 7236 NVSvc - ok
12:24:21.0301 7236 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
12:24:21.0307 7236 nv_agp - ok
12:24:21.0315 7236 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:24:21.0359 7236 odserv - ok
12:24:21.0363 7236 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
12:24:21.0368 7236 ohci1394 - ok
12:24:21.0373 7236 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:24:21.0413 7236 ose - ok
12:24:21.0496 7236 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:24:21.0616 7236 osppsvc - ok
12:24:21.0629 7236 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:24:21.0635 7236 p2pimsvc - ok
12:24:21.0646 7236 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:24:21.0652 7236 p2psvc - ok
12:24:21.0657 7236 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:24:21.0664 7236 Parport - ok
12:24:21.0668 7236 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:24:21.0710 7236 partmgr - ok
12:24:21.0716 7236 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:24:21.0721 7236 PcaSvc - ok
12:24:21.0727 7236 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
12:24:21.0734 7236 pci - ok
12:24:21.0737 7236 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
12:24:21.0742 7236 pciide - ok
12:24:21.0748 7236 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:24:21.0755 7236 pcmcia - ok
12:24:21.0758 7236 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:24:21.0763 7236 pcw - ok
12:24:21.0774 7236 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:24:21.0789 7236 PEAUTH - ok
12:24:21.0812 7236 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:24:21.0824 7236 PeerDistSvc - ok
12:24:21.0842 7236 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:24:21.0844 7236 PerfHost - ok
12:24:21.0872 7236 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
12:24:21.0884 7236 pla - ok
12:24:21.0895 7236 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:24:21.0903 7236 PlugPlay - ok
12:24:21.0907 7236 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:24:21.0911 7236 PNRPAutoReg - ok
12:24:21.0919 7236 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:24:21.0924 7236 PNRPsvc - ok
12:24:21.0936 7236 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:24:21.0945 7236 PolicyAgent - ok
12:24:21.0953 7236 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:24:21.0957 7236 Power - ok
12:24:21.0962 7236 [ 5BDA59A2D27F18663C00AEBADABAED07 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
12:24:22.0019 7236 Power Manager DBC Service - ok
12:24:22.0025 7236 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:24:22.0029 7236 PptpMiniport - ok
12:24:22.0033 7236 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:24:22.0037 7236 Processor - ok
12:24:22.0042 7236 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
12:24:22.0047 7236 ProfSvc - ok
12:24:22.0049 7236 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:24:22.0052 7236 ProtectedStorage - ok
12:24:22.0056 7236 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:24:22.0058 7236 Psched - ok
12:24:22.0061 7236 [ 091E25DEF0BF73D129FE22E6767FFBE8 ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
12:24:22.0063 7236 PwmEWSvc - ok
12:24:22.0085 7236 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:24:22.0110 7236 ql2300 - ok
12:24:22.0114 7236 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:24:22.0118 7236 ql40xx - ok
12:24:22.0124 7236 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:24:22.0127 7236 QWAVE - ok
12:24:22.0131 7236 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:24:22.0136 7236 QWAVEdrv - ok
12:24:22.0138 7236 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:24:22.0142 7236 RasAcd - ok
12:24:22.0145 7236 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:24:22.0148 7236 RasAgileVpn - ok
12:24:22.0152 7236 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:24:22.0155 7236 RasAuto - ok
12:24:22.0159 7236 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:24:22.0164 7236 Rasl2tp - ok
12:24:22.0171 7236 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
12:24:22.0174 7236 RasMan - ok
12:24:22.0178 7236 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:24:22.0179 7236 RasPppoe - ok
12:24:22.0183 7236 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:24:22.0186 7236 RasSstp - ok
12:24:22.0192 7236 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:24:22.0200 7236 rdbss - ok
12:24:22.0203 7236 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:24:22.0207 7236 rdpbus - ok
12:24:22.0209 7236 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:24:22.0211 7236 RDPCDD - ok
12:24:22.0217 7236 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:24:22.0223 7236 RDPDR - ok
12:24:22.0226 7236 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:24:22.0227 7236 RDPENCDD - ok
12:24:22.0231 7236 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:24:22.0233 7236 RDPREFMP - ok
12:24:22.0239 7236 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:24:22.0242 7236 RDPWD - ok
12:24:22.0247 7236 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:24:22.0255 7236 rdyboost - ok
12:24:22.0260 7236 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:24:22.0262 7236 RemoteAccess - ok
12:24:22.0267 7236 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:24:22.0270 7236 RemoteRegistry - ok
12:24:22.0274 7236 [ FF501F212E5D5A97F8339928320F269E ] risdxc C:\Windows\system32\DRIVERS\risdxc64.sys
12:24:22.0305 7236 risdxc - ok
12:24:22.0309 7236 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:24:22.0313 7236 RpcEptMapper - ok
12:24:22.0316 7236 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:24:22.0318 7236 RpcLocator - ok
12:24:22.0328 7236 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
12:24:22.0333 7236 RpcSs - ok
12:24:22.0337 7236 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:24:22.0341 7236 rspndr - ok
12:24:22.0344 7236 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
12:24:22.0348 7236 s3cap - ok
12:24:22.0351 7236 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
12:24:22.0353 7236 SamSs - ok
12:24:22.0356 7236 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
12:24:22.0361 7236 sbp2port - ok
12:24:22.0366 7236 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:24:22.0372 7236 SCardSvr - ok
12:24:22.0375 7236 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:24:22.0379 7236 scfilter - ok
12:24:22.0396 7236 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
12:24:22.0410 7236 Schedule - ok
12:24:22.0414 7236 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:24:22.0416 7236 SCPolicySvc - ok
12:24:22.0421 7236 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:24:22.0424 7236 SDRSVC - ok
12:24:22.0427 7236 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:24:22.0431 7236 secdrv - ok
12:24:22.0434 7236 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
12:24:22.0437 7236 seclogon - ok
12:24:22.0440 7236 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:24:22.0443 7236 SENS - ok
12:24:22.0446 7236 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:24:22.0448 7236 SensrSvc - ok
12:24:22.0452 7236 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:24:22.0455 7236 Serenum - ok
12:24:22.0459 7236 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:24:22.0463 7236 Serial - ok
12:24:22.0465 7236 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:24:22.0469 7236 sermouse - ok
12:24:22.0477 7236 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
12:24:22.0480 7236 SessionEnv - ok
12:24:22.0482 7236 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
12:24:22.0486 7236 sffdisk - ok
12:24:22.0490 7236 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:24:22.0494 7236 sffp_mmc - ok
12:24:22.0497 7236 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
12:24:22.0502 7236 sffp_sd - ok
12:24:22.0505 7236 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:24:22.0508 7236 sfloppy - ok
12:24:22.0516 7236 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:24:22.0519 7236 SharedAccess - ok
12:24:22.0528 7236 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:24:22.0532 7236 ShellHWDetection - ok
12:24:22.0536 7236 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:24:22.0540 7236 SiSRaid2 - ok
12:24:22.0544 7236 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:24:22.0548 7236 SiSRaid4 - ok
12:24:22.0553 7236 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:24:22.0559 7236 Smb - ok
12:24:22.0565 7236 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:24:22.0568 7236 SNMPTRAP - ok
12:24:22.0572 7236 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:24:22.0576 7236 spldr - ok
12:24:22.0586 7236 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
12:24:22.0595 7236 Spooler - ok
12:24:22.0641 7236 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
12:24:22.0664 7236 sppsvc - ok
12:24:22.0668 7236 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:24:22.0672 7236 sppuinotify - ok
12:24:22.0681 7236 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:24:22.0718 7236 srv - ok
12:24:22.0727 7236 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:24:22.0762 7236 srv2 - ok
12:24:22.0769 7236 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
12:24:22.0777 7236 SrvHsfHDA - ok
12:24:22.0797 7236 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
12:24:22.0821 7236 SrvHsfV92 - ok
12:24:22.0833 7236 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
12:24:22.0847 7236 SrvHsfWinac - ok
12:24:22.0852 7236 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:24:22.0884 7236 srvnet - ok
12:24:22.0891 7236 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:24:22.0894 7236 SSDPSRV - ok
12:24:22.0898 7236 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:24:22.0901 7236 SstpSvc - ok
12:24:22.0904 7236 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:24:22.0908 7236 stexstor - ok
12:24:22.0919 7236 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
12:24:22.0929 7236 stisvc - ok
12:24:22.0933 7236 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
12:24:22.0937 7236 storflt - ok
12:24:22.0940 7236 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
12:24:22.0943 7236 StorSvc - ok
12:24:22.0946 7236 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
12:24:22.0950 7236 storvsc - ok
12:24:22.0954 7236 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:24:22.0957 7236 swenum - ok
12:24:22.0967 7236 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:24:22.0977 7236 swprv - ok
12:24:22.0997 7236 [ 8DF6C536ECE3B538978B53C223AB905D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:24:23.0044 7236 SynTP - ok
12:24:23.0069 7236 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
12:24:23.0103 7236 SysMain - ok
12:24:23.0113 7236 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:24:23.0121 7236 TabletInputService - ok
12:24:23.0134 7236 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
12:24:23.0145 7236 TapiSrv - ok
12:24:23.0153 7236 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:24:23.0160 7236 TBS - ok
12:24:23.0203 7236 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:24:23.0305 7236 Tcpip - ok
12:24:23.0338 7236 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:24:23.0357 7236 TCPIP6 - ok
12:24:23.0365 7236 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:24:23.0370 7236 tcpipreg - ok
12:24:23.0377 7236 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:24:23.0385 7236 TDPIPE - ok
12:24:23.0390 7236 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:24:23.0442 7236 TDTCP - ok
12:24:23.0447 7236 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:24:23.0451 7236 tdx - ok
12:24:23.0454 7236 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:24:23.0459 7236 TermDD - ok
12:24:23.0471 7236 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
12:24:23.0476 7236 TermService - ok
12:24:23.0480 7236 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:24:23.0483 7236 Themes - ok
12:24:23.0486 7236 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:24:23.0489 7236 THREADORDER - ok
12:24:23.0493 7236 [ 63626012E44CAAA162677B57B6DCB542 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
12:24:23.0495 7236 TPHKLOAD - ok
12:24:23.0498 7236 [ 9E6E4A9789F76593CC5A6A5AF8FC5929 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
12:24:23.0499 7236 TPHKSVC - ok
12:24:23.0502 7236 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
12:24:23.0506 7236 TPM - ok
12:24:23.0509 7236 [ 7165B5A9B4867F64A6D6935F57D4196B ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
12:24:23.0541 7236 TPPWRIF - ok
12:24:23.0546 7236 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:24:23.0551 7236 TrkWks - ok
12:24:23.0556 7236 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:24:23.0558 7236 TrustedInstaller - ok
12:24:23.0562 7236 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:24:23.0563 7236 tssecsrv - ok
12:24:23.0567 7236 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:24:23.0573 7236 tunnel - ok
12:24:23.0577 7236 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:24:23.0581 7236 uagp35 - ok
12:24:23.0587 7236 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:24:23.0597 7236 udfs - ok
12:24:23.0602 7236 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:24:23.0606 7236 UI0Detect - ok
12:24:23.0609 7236 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
12:24:23.0613 7236 uliagpkx - ok
12:24:23.0616 7236 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:24:23.0621 7236 umbus - ok
12:24:23.0624 7236 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:24:23.0627 7236 UmPass - ok
12:24:23.0632 7236 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
12:24:23.0636 7236 UmRdpService - ok
12:24:23.0644 7236 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:24:23.0648 7236 upnphost - ok
12:24:23.0652 7236 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:24:23.0682 7236 USBAAPL64 - ok
12:24:23.0687 7236 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:24:23.0718 7236 usbccgp - ok
12:24:23.0723 7236 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
12:24:23.0728 7236 usbcir - ok
12:24:23.0731 7236 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:24:23.0734 7236 usbehci - ok
12:24:23.0741 7236 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:24:23.0745 7236 usbhub - ok
12:24:23.0749 7236 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:24:23.0781 7236 usbohci - ok
12:24:23.0785 7236 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:24:23.0788 7236 usbprint - ok
12:24:23.0792 7236 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:24:23.0824 7236 USBSTOR - ok
12:24:23.0828 7236 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:24:23.0859 7236 usbuhci - ok
12:24:23.0863 7236 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:24:23.0866 7236 UxSms - ok
12:24:23.0870 7236 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
12:24:23.0872 7236 VaultSvc - ok
12:24:23.0875 7236 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
12:24:23.0880 7236 vdrvroot - ok
12:24:23.0890 7236 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
12:24:23.0899 7236 vds - ok
12:24:23.0903 7236 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:24:23.0906 7236 vga - ok
12:24:23.0910 7236 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:24:23.0914 7236 VgaSave - ok
12:24:23.0919 7236 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
12:24:23.0926 7236 vhdmp - ok
12:24:23.0930 7236 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
12:24:23.0934 7236 viaide - ok
12:24:23.0940 7236 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
12:24:23.0948 7236 vmbus - ok
12:24:23.0951 7236 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
12:24:23.0955 7236 VMBusHID - ok
12:24:23.0959 7236 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
12:24:23.0962 7236 volmgr - ok
12:24:23.0969 7236 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:24:23.0972 7236 volmgrx - ok
12:24:23.0979 7236 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
12:24:23.0987 7236 volsnap - ok
12:24:23.0992 7236 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:24:23.0999 7236 vsmraid - ok
12:24:24.0022 7236 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
12:24:24.0043 7236 VSS - ok
12:24:24.0047 7236 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:24:24.0050 7236 vwifibus - ok
12:24:24.0053 7236 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:24:24.0058 7236 vwififlt - ok
12:24:24.0061 7236 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:24:24.0066 7236 vwifimp - ok
12:24:24.0074 7236 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:24:24.0078 7236 W32Time - ok
12:24:24.0082 7236 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:24:24.0087 7236 WacomPen - ok
12:24:24.0091 7236 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:24:24.0095 7236 WANARP - ok
12:24:24.0098 7236 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:24:24.0099 7236 Wanarpv6 - ok
12:24:24.0115 7236 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:24:24.0129 7236 WatAdminSvc - ok
12:24:24.0152 7236 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
12:24:24.0163 7236 wbengine - ok
12:24:24.0169 7236 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:24:24.0172 7236 WbioSrvc - ok
12:24:24.0180 7236 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:24:24.0184 7236 wcncsvc - ok
12:24:24.0188 7236 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:24:24.0191 7236 WcsPlugInService - ok
12:24:24.0194 7236 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:24:24.0198 7236 Wd - ok
12:24:24.0210 7236 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:24:24.0224 7236 Wdf01000 - ok
12:24:24.0228 7236 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:24:24.0232 7236 WdiServiceHost - ok
12:24:24.0235 7236 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:24:24.0238 7236 WdiSystemHost - ok
12:24:24.0244 7236 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
12:24:24.0249 7236 WebClient - ok
12:24:24.0255 7236 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:24:24.0259 7236 Wecsvc - ok
12:24:24.0263 7236 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:24:24.0266 7236 wercplsupport - ok
12:24:24.0270 7236 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:24:24.0273 7236 WerSvc - ok
12:24:24.0276 7236 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:24:24.0279 7236 WfpLwf - ok
12:24:24.0282 7236 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:24:24.0286 7236 WIMMount - ok
12:24:24.0288 7236 WinDefend - ok
12:24:24.0292 7236 WinHttpAutoProxySvc - ok
12:24:24.0302 7236 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:24:24.0306 7236 Winmgmt - ok
12:24:24.0334 7236 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
12:24:24.0348 7236 WinRM - ok
12:24:24.0356 7236 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
12:24:24.0359 7236 WinUsb - ok
12:24:24.0376 7236 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:24:24.0388 7236 Wlansvc - ok
12:24:24.0392 7236 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:24:24.0424 7236 wlcrasvc - ok
12:24:24.0454 7236 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:24:24.0479 7236 wlidsvc - ok
12:24:24.0483 7236 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:24:24.0485 7236 WmiAcpi - ok
12:24:24.0492 7236 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:24:24.0495 7236 wmiApSrv - ok
12:24:24.0497 7236 WMPNetworkSvc - ok
12:24:24.0501 7236 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:24:24.0504 7236 WPCSvc - ok
12:24:24.0508 7236 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:24:24.0512 7236 WPDBusEnum - ok
12:24:24.0516 7236 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:24:24.0519 7236 ws2ifsl - ok
12:24:24.0523 7236 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
12:24:24.0527 7236 wscsvc - ok
12:24:24.0530 7236 WSearch - ok
12:24:24.0560 7236 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:24:24.0586 7236 wuauserv - ok
12:24:24.0591 7236 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:24:24.0596 7236 WudfPf - ok
12:24:24.0601 7236 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:24:24.0603 7236 WUDFRd - ok
12:24:24.0607 7236 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:24:24.0611 7236 wudfsvc - ok
12:24:24.0617 7236 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:24:24.0621 7236 WwanSvc - ok
12:24:24.0629 7236 ================ Scan global ===============================
12:24:24.0632 7236 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:24:24.0638 7236 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
12:24:24.0648 7236 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
12:24:24.0653 7236 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:24:24.0663 7236 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:24:24.0668 7236 [Global] - ok
12:24:24.0669 7236 ================ Scan MBR ==================================
12:24:24.0671 7236 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:24:24.0795 7236 \Device\Harddisk0\DR0 - ok
12:24:24.0796 7236 ================ Scan VBR ==================================
12:24:24.0800 7236 [ A1BD5719F135312B5A8CCB2391282762 ] \Device\Harddisk0\DR0\Partition1
12:24:24.0803 7236 \Device\Harddisk0\DR0\Partition1 - ok
12:24:24.0804 7236 ============================================================
12:24:24.0804 7236 Scan finished
12:24:24.0804 7236 ============================================================
12:24:24.0819 1788 Detected object count: 3
12:24:24.0819 1788 Actual detected object count: 3
12:24:53.0095 1788 adpu320 ( LockedFile.Multi.Generic ) - skipped by user
12:24:53.0096 1788 adpu320 ( LockedFile.Multi.Generic ) - User select action: Skip
12:24:53.0096 1788 BrFiltLo ( LockedFile.Multi.Generic ) - skipped by user
12:24:53.0096 1788 BrFiltLo ( LockedFile.Multi.Generic ) - User select action: Skip
12:24:53.0099 1788 fsssvc ( LockedFile.Multi.Generic ) - skipped by user
12:24:53.0099 1788 fsssvc ( LockedFile.Multi.Generic ) - User select action: Skip



aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-06 12:28:47
-----------------------------
12:28:47.250 OS Version: Windows x64 6.1.7600
12:28:47.251 Number of processors: 8 586 0x2A07
12:28:47.253 ComputerName: JSURPREN-WS UserName: nsurpren
12:28:47.573 Initialize success
12:31:00.937 AVAST engine defs: 12110601
12:32:20.043 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:32:20.047 Disk 0 Vendor: INTEL_SS 4PC1 Size: 152627MB BusType: 3
12:32:20.055 Disk 0 MBR read successfully
12:32:20.060 Disk 0 MBR scan
12:32:20.081 Disk 0 Windows 7 default MBR code
12:32:20.086 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 2048
12:32:20.130 Disk 0 scanning C:\Windows\system32\drivers
12:32:26.882 Service scanning
12:32:46.194 Modules scanning
12:32:46.206 Disk 0 trace - called modules:
12:32:46.213
12:32:46.490 AVAST engine scan C:\Windows
12:32:54.902 AVAST engine scan C:\Windows\system32
12:36:33.764 AVAST engine scan C:\Windows\system32\drivers
12:36:44.545 AVAST engine scan C:\Users\nsurpren
12:40:47.552 AVAST engine scan C:\ProgramData
12:41:16.778 Scan finished successfully
12:42:29.154 Disk 0 MBR has been saved successfully to "C:\Users\nsurpren\Desktop\MBR.dat"
12:42:29.166 The log file has been saved successfully to "C:\Users\nsurpren\Desktop\aswMBR.txt"

Edited by Gr8Lks, 06 November 2012 - 01:44 PM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 AM

Posted 06 November 2012 - 01:44 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Gr8Lks

Gr8Lks
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 06 November 2012 - 02:47 PM

Computer blue screened prior to running the Run CFScript instructions.

Upon reboot the computer sits on the Starting Windows screen and eventually blue screens with the following message.

A problem has been detected and windows has been shut down to prevent damage to your computer.

BAD_SYSTEM_CONFIG_INFO

Tried booting in safe mode but blue screened.

Tried booting in safe mode with command prompt but blue screened.

Tried booting with last known good configuration but blue screens there as well.

Appears to hang after Loaded:\windows\system32\drivers\classpnp.sys appears on screen.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 AM

Posted 06 November 2012 - 02:54 PM

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select System Restore and restore to before this happened


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users