Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Virus.Win64.ZAccess.a


  • This topic is locked This topic is locked
17 replies to this topic

#1 JmuCommSenior

JmuCommSenior

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 21 November 2012 - 05:55 PM

I have a virus that causes the random pop-ups and search engine link re-directs. I've run the tdskiller and it came up with the Virus.Win64.ZAccess.a as a problem but could not remove it. I have no idea what to do or how to get rid of it and would really like some help! =(


Here is the DDS log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16448 BrowserJavaVersion: 10.9.2
Run by Terence at 17:43:37 on 2012-11-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5609.3664 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Program Files (x86)\HP SimplePass\BioMonitor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\Terence\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Terence\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate08282012
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: HP SimplePass Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: HP SimplePass Toolbar: {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll
TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} -
uRun: [Google Update] "C:\Users\Terence\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Terence\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Terence\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{2086C5E6-AC53-4E9F-9E98-E578250D8A0B} : DHCPNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{2086C5E6-AC53-4E9F-9E98-E578250D8A0B}\07563747F6 : DHCPNameServer = 71.252.0.12 71.242.0.12
TCP: Interfaces\{2086C5E6-AC53-4E9F-9E98-E578250D8A0B}\849646560297F602B6964637C202869646560297F60275946494 : DHCPNameServer = 172.16.0.1
TCP: Interfaces\{2086C5E6-AC53-4E9F-9E98-E578250D8A0B}\84F4D454D243133423 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2086C5E6-AC53-4E9F-9E98-E578250D8A0B}\84F4D454D243648323 : DHCPNameServer = 68.87.66.249 68.87.64.245
TCP: Interfaces\{2086C5E6-AC53-4E9F-9E98-E578250D8A0B}\8646D696 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2086C5E6-AC53-4E9F-9E98-E578250D8A0B}\D49636B65697D4F6573756 : DHCPNameServer = 192.168.3.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: HP SimplePass Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: HP SimplePass Toolbar: {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {6032497A-4479-462B-ADB8-A0A372BB9A23} - msiexec /fu {6032497A-4479-462B-ADB8-A0A372BB9A23} /qn
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Terence\AppData\Roaming\Mozilla\Firefox\Profiles\yk6rxxpi.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Terence\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-21 15:53; adblockpopups@jessehakanen.net; C:\Users\Terence\AppData\Roaming\Mozilla\Firefox\Profiles\yk6rxxpi.default\extensions\adblockpopups@jessehakanen.net.xpi
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-10-6 8704]
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-12-13 82048]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-12-13 42624]
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-2-2 31872]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-2-25 235520]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-24 361984]
R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\drivers\appexDrv.sys [2012-8-1 189760]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2011-12-11 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-8-14 188760]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-10-26 102528]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-8-1 46136]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-10-26 219776]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-6 95248]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-8-1 134696]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-8-1 615464]
R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2012-8-1 89640]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-8-1 39976]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-8-1 259688]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-1 646248]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-8-1 56448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-15 1153368]
S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608]
S3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2011-10-13 20016]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2011-12-9 269640]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-29 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2074-05-18 21:44:52 607296 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2073-04-13 21:17:26 203576 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-11-16 17:43:45 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-15 05:40:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-15 05:17:37 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-11-15 05:14:05 253256 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-11-15 05:14:05 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-11-15 05:13:33 -------- d-----w- C:\ProgramData\PC Tools
2012-11-15 05:13:32 -------- d-----w- C:\Users\Terence\AppData\Roaming\TestApp
2012-11-13 04:52:51 -------- d-----w- C:\Users\Terence\AppData\Roaming\SUPERAntiSpyware.com
2012-11-13 04:52:44 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-11-13 04:52:44 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-11-12 23:19:45 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-11-12 23:12:40 220160 ----a-w- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-11-12 23:12:27 -------- d-----w- C:\Program Files (x86)\Mega Codec Pack
2012-11-06 22:51:42 -------- d-----w- C:\Program Files (x86)\VirtualDJ
2012-11-05 19:47:00 -------- d-----w- C:\Users\Terence\AppData\Local\Microsoft Games
2012-10-25 21:59:01 -------- d-----w- C:\Users\Terence\AppData\Roaming\2K Sports
2012-10-25 21:50:47 -------- d-----w- C:\Program Files (x86)\2K Sports
.
==================== Find3M ====================
.
2012-11-16 17:43:41 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-11-16 17:43:41 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-06 22:11:49 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-31 17:23:11 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-08-31 17:23:03 281152 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-08-31 17:23:03 281152 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-08-31 17:12:53 794408 ----a-w- C:\Windows\SysWow64\Pbsvc.exe
2012-08-29 17:16:43 95544 ----a-w- C:\Windows\System32\bcmwlcoi.dll
2012-08-29 17:16:43 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll
2012-08-29 17:16:43 4747840 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS
2012-08-29 17:16:43 3952640 ----a-w- C:\Windows\System32\bcmihvsrv64.dll
2012-08-29 17:16:43 3617792 ----a-w- C:\Windows\System32\bcmihvui64.dll
.
============= FINISH: 17:44:03.00 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:56 AM

Posted 21 November 2012 - 10:10 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 JmuCommSenior

JmuCommSenior
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 22 November 2012 - 01:38 AM

here is the security check log:




Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
JavaFX 2.1.1
Java 7 Update 9
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader X 10.1.0 Adobe Reader out of Date!
Mozilla Firefox (16.0)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#4 JmuCommSenior

JmuCommSenior
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 22 November 2012 - 01:52 AM

When I ran roguekiller and got to the delete part, I pressed delete and it said it needed to restart. When it rebooted I have a rkreport[1] and a rkreport[2].


Here's the adwcleaner log

# AdwCleaner v2.008 - Logfile created 11/22/2012 at 01:40:34
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Terence - TERENCE-HP
# Boot Mode : Normal
# Running from : C:\Users\Terence\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Web Assistant Updater

***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\Perion
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\Terence\AppData\Local\Temp\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0 (en-US)

Profile name : default
File : C:\Users\Terence\AppData\Roaming\Mozilla\Firefox\Profiles\yk6rxxpi.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Terence\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [8118 octets] - [22/11/2012 01:40:34]

########## EOF - C:\AdwCleaner[S1].txt - [8178 octets] ##########




here's the rkreport[1]

RogueKiller V8.3.1 [Nov 20 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Terence [Admin rights]
Mode : Scan -- Date : 11/22/2012 01:45:53

¤¤¤ Bad processes : 1 ¤¤¤
[RESIDUE] Dropbox.exe -- C:\Users\Terence\AppData\Roaming\Dropbox\bin\Dropbox.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\Terence\AppData\Local\Google\Update\GoogleUpdate.exe" /c) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3339255970-2605272895-3093883593-1002[...]\Run : Google Update ("C:\Users\Terence\AppData\Local\Google\Update\GoogleUpdate.exe" /c) -> FOUND
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-3339255970-2605272895-3093883593-1002UA.job : C:\Users\Terence\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> FOUND
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-3339255970-2605272895-3093883593-1002Core.job : C:\Users\Terence\AppData\Local\Google\Update\GoogleUpdate.exe /c -> FOUND
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-3339255970-2605272895-3093883593-1002Core : C:\Users\Terence\AppData\Local\Google\Update\GoogleUpdate.exe /c -> FOUND
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-3339255970-2605272895-3093883593-1002UA : C:\Users\Terence\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> FOUND
[TASK][SUSP PATH] Update Check : C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe /s /p 1 -> FOUND
[STARTUP][SUSP PATH] Dropbox.lnk @Terence : C:\Users\Terence\AppData\Roaming\Dropbox\bin\Dropbox.exe -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{1bc02a36-f909-e867-6c41-ccaabe7099fc}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{1bc02a36-f909-e867-6c41-ccaabe7099fc}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{1bc02a36-f909-e867-6c41-ccaabe7099fc}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST640LM0 00 HM641JI SATA Disk Device +++++
--- User ---
[MBR] 06f0e900ff28fbd07f6d4fdd03ec65e7
[BSP] 64b910be8d7ee242f93cd740d0858b6a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 589911 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1208547328 | Size: 20265 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11222012_02d0145.txt >>
RKreport[1]_S_11222012_02d0145.txt

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:56 AM

Posted 22 November 2012 - 02:03 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 JmuCommSenior

JmuCommSenior
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 22 November 2012 - 02:38 AM

I did not have any problems running combofix. The computer seems much better now. Google links are no longer re-directing, I have not had a popup and internet browsing is faster.


Here is the combofix log

ComboFix 12-11-21.01 - Terence 11/22/2012 2:15.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5609.4148 [GMT -5:00]
Running from: c:\users\Terence\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 )))))))))))))))))))))))))))))))
.
.
2074-05-18 21:44 . 2008-03-21 18:46 607296 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2073-04-13 21:17 . 2006-11-22 00:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-11-22 07:24 . 2012-11-22 07:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-16 17:44 . 2012-11-16 17:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-16 17:43 . 2012-11-16 17:43 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-16 17:43 . 2012-11-16 17:43 -------- d-----w- c:\program files (x86)\Java
2012-11-15 05:40 . 2012-11-21 22:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-15 05:17 . 2012-11-15 05:17 -------- d-----w- c:\program files (x86)\PC Tools
2012-11-15 05:14 . 2012-11-21 21:35 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-11-15 05:14 . 2012-11-01 20:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-11-15 05:13 . 2012-11-15 05:39 -------- d-----w- c:\programdata\PC Tools
2012-11-15 05:13 . 2012-11-15 05:13 -------- d-----w- c:\users\Terence\AppData\Roaming\TestApp
2012-11-13 04:52 . 2012-11-13 04:52 -------- d-----w- c:\users\Terence\AppData\Roaming\SUPERAntiSpyware.com
2012-11-13 04:52 . 2012-11-13 04:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-11-13 04:52 . 2012-11-13 04:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-11-12 23:19 . 2012-11-12 23:19 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-11-12 23:12 . 2012-11-12 23:12 220160 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-11-12 23:12 . 2012-11-12 23:12 -------- d-----w- c:\program files (x86)\Mega Codec Pack
2012-11-06 22:51 . 2012-11-06 22:51 -------- d-----w- c:\program files (x86)\VirtualDJ
2012-11-05 19:47 . 2012-11-05 19:47 -------- d-----w- c:\users\Terence\AppData\Local\Microsoft Games
2012-10-25 21:59 . 2012-10-25 21:59 -------- d-----w- c:\users\Terence\AppData\Roaming\2K Sports
2012-10-25 21:50 . 2012-10-25 21:50 -------- d-----w- c:\program files (x86)\2K Sports
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 17:43 . 2012-08-14 06:27 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-16 17:43 . 2012-08-14 06:27 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-06 22:11 . 2012-03-10 02:08 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-31 17:23 . 2012-08-31 17:12 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-08-31 17:23 . 2012-08-31 17:17 281152 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-31 17:23 . 2012-08-31 17:12 281152 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-31 17:12 . 2012-08-31 17:12 794408 ----a-w- c:\windows\SysWow64\Pbsvc.exe
2012-08-29 17:16 . 2012-08-02 00:09 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-08-29 17:16 . 2012-08-02 00:09 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-08-29 17:16 . 2012-08-02 00:09 4747840 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-08-29 17:16 . 2012-08-02 00:09 3952640 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-08-29 17:16 . 2012-08-02 00:09 3617792 ----a-w- c:\windows\system32\bcmihvui64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2012-11-12 23:12 220160 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Terence\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Terence\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Terence\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Terence\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-24 630912]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-12-29 1380128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
R3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys [2011-10-14 20016]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe [2011-12-09 269640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-29 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-12-13 82048]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-12-13 42624]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys [2012-02-02 31872]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-25 235520]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-24 361984]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys [2012-02-05 189760]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [2011-12-11 260424]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2011-10-26 102528]
S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys [2010-02-18 46136]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2011-10-26 219776]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-06 95248]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-12-29 134696]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-12-29 615464]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-12-29 89640]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-12-29 39976]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-10-27 259688]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-30 646248]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-01-14 56448]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-10 02:08]
.
2012-11-21 c:\windows\Tasks\HPCeeScheduleForTerence.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Terence\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Terence\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Terence\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Terence\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-04 1425408]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate08282012
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
FF - ProfilePath - c:\users\Terence\AppData\Roaming\Mozilla\Firefox\Profiles\yk6rxxpi.default\
FF - ExtSQL: 2012-11-21 15:53; adblockpopups@jessehakanen.net; c:\users\Terence\AppData\Roaming\Mozilla\Firefox\Profiles\yk6rxxpi.default\extensions\adblockpopups@jessehakanen.net.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PunkBusterSvc - c:\windows\system32\Pbsvc.exe
AddRemove-WildTangentGDF-hp-bals - c:\program files (x86)\HP Games\Web Link - Build-A-Lot Metropolis\Uninstall.exe
AddRemove-WildTangentGDF-hp-battlestargalacticaonline - c:\program files (x86)\HP Games\Web Link - Battlestar Galactica Online\Uninstall.exe
AddRemove-WildTangentGDF-hp-clubpenguin - c:\program files (x86)\HP Games\Web Link - Club Penguin\Uninstall.exe
AddRemove-WildTangentGDF-hp-darkorbit - c:\program files (x86)\HP Games\Web Link - Dark Orbit\Uninstall.exe
AddRemove-WildTangentGDF-hp-gunbros - c:\program files (x86)\HP Games\Web Link - Gun Bros\Uninstall.exe
AddRemove-WildTangentGDF-hp-itgirl - c:\program files (x86)\HP Games\Web Link - It Girl!\Uninstall.exe
AddRemove-WildTangentGDF-hp-mahjonggdarkdimensions - c:\program files (x86)\HP Games\Web Link - Mahjongg Dark Dimensions\Uninstall.exe
AddRemove-WildTangentGDF-hp-oddmanor - c:\program files (x86)\HP Games\Web Link - Odd Manor\Uninstall.exe
AddRemove-WildTangentGDF-hp-organizedcrime - c:\program files (x86)\HP Games\Web Link - Organized Crime\Uninstall.exe
AddRemove-WildTangentGDF-hp-penguinworldsocial - c:\program files (x86)\HP Games\Web Link - Penguin World\Uninstall.exe
AddRemove-WildTangentGDF-hp-polarbowlerfacebook - c:\program files (x86)\HP Games\Web Link - Polar Bowler Strike!\Uninstall.exe
AddRemove-WildTangentGDF-hp-salonstreetsocial - c:\program files (x86)\HP Games\Web Link - Salon Street\Uninstall.exe
AddRemove-WildTangentGDF-hp-seafight - c:\program files (x86)\HP Games\Web Link - Seafight\Uninstall.exe
AddRemove-WildTangentGDF-hp-shaiya - c:\program files (x86)\HP Games\Web Link - Shaiya\Uninstall.exe
AddRemove-WildTangentGDF-hp-worldofwarcraft - c:\program files (x86)\HP Games\Web Link - World of Warcraft\Uninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3339255970-2605272895-3093883593-1002\Software\SecuROM\License information*]
"datasecu"=hex:34,9c,e1,cd,e1,0c,90,53,06,9b,93,96,22,8b,02,98,b9,3d,19,90,d0,
f7,45,56,1f,25,6f,9d,77,42,85,10,0b,14,b1,c1,71,66,a1,23,9e,f5,13,d8,4c,77,\
"rkeysecu"=hex:7f,6c,ab,85,21,02,b5,4a,71,7a,4f,b0,db,a3,e0,19
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_160_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_160_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_160.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_160.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_160.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_160.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-11-22 02:30:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-22 07:30
.
Pre-Run: 433,028,730,880 bytes free
Post-Run: 433,142,120,448 bytes free
.
- - End Of File - - 394BC18056BDE936FAA74C81BE50477B

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:56 AM

Posted 22 November 2012 - 02:57 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 JmuCommSenior

JmuCommSenior
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 22 November 2012 - 12:22 PM

11:52:17.0378 2972 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:52:18.0423 2972 ============================================================
11:52:18.0423 2972 Current date / time: 2012/11/22 11:52:18.0423
11:52:18.0423 2972 SystemInfo:
11:52:18.0423 2972
11:52:18.0423 2972 OS Version: 6.1.7601 ServicePack: 1.0
11:52:18.0423 2972 Product type: Workstation
11:52:18.0423 2972 ComputerName: TERENCE-HP
11:52:18.0423 2972 UserName: Terence
11:52:18.0423 2972 Windows directory: C:\Windows
11:52:18.0423 2972 System windows directory: C:\Windows
11:52:18.0423 2972 Running under WOW64
11:52:18.0423 2972 Processor architecture: Intel x64
11:52:18.0423 2972 Number of processors: 4
11:52:18.0423 2972 Page size: 0x1000
11:52:18.0423 2972 Boot type: Normal boot
11:52:18.0423 2972 ============================================================
11:52:18.0829 2972 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:52:18.0844 2972 ============================================================
11:52:18.0844 2972 \Device\Harddisk0\DR0:
11:52:18.0844 2972 MBR partitions:
11:52:18.0844 2972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:52:18.0844 2972 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x4802B800
11:52:18.0844 2972 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4808F800, BlocksNum 0x2794800
11:52:18.0844 2972 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33800
11:52:18.0844 2972 ============================================================
11:52:18.0875 2972 C: <-> \Device\Harddisk0\DR0\Partition2
11:52:18.0938 2972 D: <-> \Device\Harddisk0\DR0\Partition3
11:52:18.0938 2972 ============================================================
11:52:18.0938 2972 Initialize success
11:52:18.0938 2972 ============================================================
11:52:26.0426 4520 ============================================================
11:52:26.0426 4520 Scan started
11:52:26.0426 4520 Mode: Manual;
11:52:26.0426 4520 ============================================================
11:52:26.0660 4520 ================ Scan system memory ========================
11:52:26.0660 4520 System memory - ok
11:52:26.0660 4520 ================ Scan services =============================
11:52:26.0785 4520 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
11:52:26.0785 4520 !SASCORE - ok
11:52:27.0019 4520 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:52:27.0019 4520 1394ohci - ok
11:52:27.0066 4520 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\drivers\Accelerometer.sys
11:52:27.0066 4520 Accelerometer - ok
11:52:27.0112 4520 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:52:27.0112 4520 ACPI - ok
11:52:27.0159 4520 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:52:27.0159 4520 AcpiPmi - ok
11:52:27.0253 4520 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:52:27.0253 4520 AdobeARMservice - ok
11:52:27.0346 4520 [ 300B79DECEEF4F385523765ACC4F351A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:52:27.0362 4520 AdobeFlashPlayerUpdateSvc - ok
11:52:27.0409 4520 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:52:27.0424 4520 adp94xx - ok
11:52:27.0487 4520 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:52:27.0502 4520 adpahci - ok
11:52:27.0549 4520 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:52:27.0549 4520 adpu320 - ok
11:52:27.0580 4520 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:52:27.0580 4520 AeLookupSvc - ok
11:52:27.0627 4520 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:52:27.0643 4520 AFD - ok
11:52:27.0674 4520 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:52:27.0674 4520 agp440 - ok
11:52:27.0705 4520 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:52:27.0705 4520 ALG - ok
11:52:27.0752 4520 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:52:27.0752 4520 aliide - ok
11:52:27.0783 4520 [ 2E80E4F006B9F7D683E541C9F68C93B0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:52:27.0783 4520 AMD External Events Utility - ok
11:52:27.0830 4520 AMD FUEL Service - ok
11:52:27.0877 4520 [ 2EF1BA6D5DC79FCE5E9216C8C2D3F193 ] amdhub30 C:\Windows\system32\drivers\amdhub30.sys
11:52:27.0877 4520 amdhub30 - ok
11:52:27.0892 4520 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:52:27.0892 4520 amdide - ok
11:52:27.0924 4520 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\drivers\amdiox64.sys
11:52:27.0924 4520 amdiox64 - ok
11:52:27.0986 4520 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:52:27.0986 4520 AmdK8 - ok
11:52:28.0298 4520 [ 296CD4FC5F710B85E73D796FCB977E0C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:52:28.0423 4520 amdkmdag - ok
11:52:28.0470 4520 [ 62BD719EE2A2B27F6357A941FFBCCCDF ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:52:28.0470 4520 amdkmdap - ok
11:52:28.0516 4520 [ 554FB0F28C411FB1EAFD4EA46A8CAAA4 ] amdkmpfd C:\Windows\system32\drivers\amdkmpfd.sys
11:52:28.0516 4520 amdkmpfd - ok
11:52:28.0548 4520 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
11:52:28.0548 4520 AmdPPM - ok
11:52:28.0594 4520 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:52:28.0594 4520 amdsata - ok
11:52:28.0626 4520 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:52:28.0626 4520 amdsbs - ok
11:52:28.0641 4520 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:52:28.0641 4520 amdxata - ok
11:52:28.0672 4520 [ 541A6C49C792ED71FB3EFF8C815CFE60 ] amdxhc C:\Windows\system32\drivers\amdxhc.sys
11:52:28.0672 4520 amdxhc - ok
11:52:28.0719 4520 [ A1434F35B7B171CB697D74D33F7D029F ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
11:52:28.0719 4520 amd_sata - ok
11:52:28.0719 4520 [ E9B5A82FA268BB2D1B012030D5F4E096 ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
11:52:28.0719 4520 amd_xata - ok
11:52:28.0766 4520 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:52:28.0766 4520 AppID - ok
11:52:28.0797 4520 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:52:28.0797 4520 AppIDSvc - ok
11:52:28.0828 4520 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:52:28.0828 4520 Appinfo - ok
11:52:28.0875 4520 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:52:28.0891 4520 Apple Mobile Device - ok
11:52:28.0938 4520 [ BC6526297C2E1377949F79A3AC622BAD ] APXACC C:\Windows\system32\DRIVERS\appexDrv.sys
11:52:28.0938 4520 APXACC - ok
11:52:28.0969 4520 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
11:52:28.0969 4520 arc - ok
11:52:29.0000 4520 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:52:29.0000 4520 arcsas - ok
11:52:29.0094 4520 aspnet_state - ok
11:52:29.0109 4520 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:52:29.0109 4520 AsyncMac - ok
11:52:29.0156 4520 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:52:29.0156 4520 atapi - ok
11:52:29.0203 4520 [ 2B3B05C0A7768BF033217EB8F33F9C35 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
11:52:29.0203 4520 AtiHDAudioService - ok
11:52:29.0265 4520 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:52:29.0265 4520 AudioEndpointBuilder - ok
11:52:29.0281 4520 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:52:29.0296 4520 AudioSrv - ok
11:52:29.0328 4520 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:52:29.0343 4520 AxInstSV - ok
11:52:29.0390 4520 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
11:52:29.0390 4520 b06bdrv - ok
11:52:29.0421 4520 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:52:29.0437 4520 b57nd60a - ok
11:52:29.0484 4520 [ 638AC077E7EF7D27D03062E486E8BF01 ] bcbtums C:\Windows\system32\drivers\bcbtums.sys
11:52:29.0484 4520 bcbtums - ok
11:52:29.0640 4520 [ D41E6CCB9752F551049D2E0C437DD03D ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
11:52:29.0702 4520 BCM43XX - ok
11:52:29.0733 4520 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:52:29.0733 4520 BDESVC - ok
11:52:29.0764 4520 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:52:29.0764 4520 Beep - ok
11:52:29.0827 4520 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:52:29.0842 4520 BFE - ok
11:52:29.0920 4520 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
11:52:29.0936 4520 BITS - ok
11:52:29.0983 4520 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
11:52:29.0983 4520 blbdrive - ok
11:52:30.0030 4520 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:52:30.0030 4520 Bonjour Service - ok
11:52:30.0061 4520 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:52:30.0061 4520 bowser - ok
11:52:30.0092 4520 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:52:30.0108 4520 BrFiltLo - ok
11:52:30.0108 4520 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:52:30.0123 4520 BrFiltUp - ok
11:52:30.0154 4520 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:52:30.0154 4520 BridgeMP - ok
11:52:30.0201 4520 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:52:30.0201 4520 Browser - ok
11:52:30.0248 4520 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:52:30.0248 4520 Brserid - ok
11:52:30.0264 4520 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:52:30.0264 4520 BrSerWdm - ok
11:52:30.0295 4520 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:52:30.0295 4520 BrUsbMdm - ok
11:52:30.0310 4520 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:52:30.0326 4520 BrUsbSer - ok
11:52:30.0357 4520 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
11:52:30.0357 4520 BthEnum - ok
11:52:30.0404 4520 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:52:30.0404 4520 BTHMODEM - ok
11:52:30.0420 4520 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
11:52:30.0420 4520 BthPan - ok
11:52:30.0466 4520 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
11:52:30.0466 4520 BTHPORT - ok
11:52:30.0513 4520 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:52:30.0513 4520 bthserv - ok
11:52:30.0513 4520 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
11:52:30.0529 4520 BTHUSB - ok
11:52:30.0576 4520 [ 1711C5E8EE4C5DA02E1CFD4CFE900EF1 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
11:52:30.0591 4520 btwampfl - ok
11:52:30.0591 4520 [ E4F1A48BBC677C220F520D5791827439 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
11:52:30.0607 4520 btwaudio - ok
11:52:30.0654 4520 [ 9C7A3858D87F3A2574C1D326CA6C1461 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
11:52:30.0654 4520 btwavdt - ok
11:52:30.0732 4520 [ 3FF5B4A9603F1DF525DC6C2645876E0E ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:52:30.0732 4520 btwdins - ok
11:52:30.0778 4520 [ AC602E3B6940B48E454D90545D85E8C3 ] BTWDPAN C:\Windows\system32\DRIVERS\btwdpan.sys
11:52:30.0794 4520 BTWDPAN - ok
11:52:30.0810 4520 [ B1ACFD00CDD13B48D86F46BFEC153BF9 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
11:52:30.0810 4520 btwl2cap - ok
11:52:30.0841 4520 [ BB892C59D453E127797F8C5B203678DC ] btwrchid C:\Windows\system32\drivers\btwrchid.sys
11:52:30.0841 4520 btwrchid - ok
11:52:30.0856 4520 catchme - ok
11:52:30.0888 4520 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:52:30.0903 4520 cdfs - ok
11:52:30.0950 4520 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:52:30.0950 4520 cdrom - ok
11:52:31.0012 4520 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:52:31.0012 4520 CertPropSvc - ok
11:52:31.0044 4520 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
11:52:31.0044 4520 circlass - ok
11:52:31.0075 4520 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:52:31.0090 4520 CLFS - ok
11:52:31.0137 4520 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:52:31.0137 4520 clr_optimization_v2.0.50727_32 - ok
11:52:31.0200 4520 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:52:31.0200 4520 clr_optimization_v2.0.50727_64 - ok
11:52:31.0278 4520 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:52:31.0278 4520 clr_optimization_v4.0.30319_32 - ok
11:52:31.0324 4520 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:52:31.0324 4520 clr_optimization_v4.0.30319_64 - ok
11:52:31.0356 4520 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
11:52:31.0356 4520 clwvd - ok
11:52:31.0387 4520 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
11:52:31.0387 4520 CmBatt - ok
11:52:31.0402 4520 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:52:31.0402 4520 cmdide - ok
11:52:31.0449 4520 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:52:31.0449 4520 CNG - ok
11:52:31.0480 4520 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:52:31.0496 4520 Compbatt - ok
11:52:31.0527 4520 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:52:31.0527 4520 CompositeBus - ok
11:52:31.0543 4520 COMSysApp - ok
11:52:31.0558 4520 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:52:31.0558 4520 crcdisk - ok
11:52:31.0605 4520 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:52:31.0605 4520 CryptSvc - ok
11:52:31.0652 4520 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:52:31.0652 4520 DcomLaunch - ok
11:52:31.0683 4520 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:52:31.0699 4520 defragsvc - ok
11:52:31.0730 4520 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:52:31.0730 4520 DfsC - ok
11:52:31.0777 4520 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:52:31.0792 4520 Dhcp - ok
11:52:31.0808 4520 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:52:31.0808 4520 discache - ok
11:52:31.0839 4520 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
11:52:31.0855 4520 Disk - ok
11:52:31.0886 4520 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:52:31.0886 4520 Dnscache - ok
11:52:31.0902 4520 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:52:31.0917 4520 dot3svc - ok
11:52:31.0933 4520 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:52:31.0933 4520 DPS - ok
11:52:31.0980 4520 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:52:31.0980 4520 drmkaud - ok
11:52:32.0026 4520 [ 0040A0132AAC1004E50055F8FBB14C08 ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
11:52:32.0026 4520 dsNcAdpt - ok
11:52:32.0089 4520 [ F39BDED701656DC27F5A2E9BF7B5C59F ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
11:52:32.0104 4520 dsNcService - ok
11:52:32.0136 4520 [ CE7743807258A7D383C427E3C178A49E ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:52:32.0151 4520 DXGKrnl - ok
11:52:32.0198 4520 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:52:32.0198 4520 EapHost - ok
11:52:32.0292 4520 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
11:52:32.0354 4520 ebdrv - ok
11:52:32.0385 4520 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:52:32.0385 4520 EFS - ok
11:52:32.0448 4520 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:52:32.0463 4520 ehRecvr - ok
11:52:32.0479 4520 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:52:32.0494 4520 ehSched - ok
11:52:32.0541 4520 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:52:32.0541 4520 elxstor - ok
11:52:32.0572 4520 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:52:32.0572 4520 ErrDev - ok
11:52:32.0635 4520 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:52:32.0635 4520 EventSystem - ok
11:52:32.0666 4520 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:52:32.0666 4520 exfat - ok
11:52:32.0697 4520 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:52:32.0697 4520 fastfat - ok
11:52:32.0728 4520 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:52:32.0744 4520 Fax - ok
11:52:32.0791 4520 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
11:52:32.0791 4520 fdc - ok
11:52:32.0806 4520 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:52:32.0822 4520 fdPHost - ok
11:52:32.0838 4520 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:52:32.0838 4520 FDResPub - ok
11:52:32.0869 4520 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:52:32.0869 4520 FileInfo - ok
11:52:32.0900 4520 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:52:32.0900 4520 Filetrace - ok
11:52:32.0916 4520 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:52:32.0916 4520 flpydisk - ok
11:52:32.0947 4520 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:52:32.0947 4520 FltMgr - ok
11:52:32.0994 4520 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:52:33.0009 4520 FontCache - ok
11:52:33.0056 4520 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:52:33.0056 4520 FontCache3.0.0.0 - ok
11:52:33.0118 4520 [ BA0F98B69D84EFAE63EA80A957F9EF31 ] FPLService C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
11:52:33.0118 4520 FPLService - ok
11:52:33.0150 4520 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:52:33.0150 4520 FsDepends - ok
11:52:33.0181 4520 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:52:33.0196 4520 Fs_Rec - ok
11:52:33.0228 4520 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:52:33.0228 4520 fvevol - ok
11:52:33.0274 4520 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:52:33.0274 4520 gagp30kx - ok
11:52:33.0321 4520 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:52:33.0321 4520 GEARAspiWDM - ok
11:52:33.0368 4520 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:52:33.0368 4520 gpsvc - ok
11:52:33.0399 4520 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:52:33.0399 4520 hcw85cir - ok
11:52:33.0446 4520 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:52:33.0462 4520 HdAudAddService - ok
11:52:33.0493 4520 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:52:33.0493 4520 HDAudBus - ok
11:52:33.0508 4520 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:52:33.0524 4520 HidBatt - ok
11:52:33.0555 4520 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:52:33.0555 4520 HidBth - ok
11:52:33.0586 4520 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:52:33.0586 4520 HidIr - ok
11:52:33.0602 4520 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
11:52:33.0618 4520 hidserv - ok
11:52:33.0633 4520 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:52:33.0633 4520 HidUsb - ok
11:52:33.0742 4520 [ 00C71C3FB915BA353740999ADF447927 ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
11:52:33.0742 4520 HiPatchService - ok
11:52:33.0774 4520 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:52:33.0774 4520 hkmsvc - ok
11:52:33.0805 4520 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:52:33.0805 4520 HomeGroupListener - ok
11:52:33.0836 4520 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:52:33.0852 4520 HomeGroupProvider - ok
11:52:33.0914 4520 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:52:33.0914 4520 HP Support Assistant Service - ok
11:52:33.0945 4520 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
11:52:33.0945 4520 HPClientSvc - ok
11:52:33.0976 4520 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\drivers\hpdskflt.sys
11:52:33.0976 4520 hpdskflt - ok
11:52:34.0070 4520 [ 5298E3B4844328A11C9EB6C001CF0529 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
11:52:34.0086 4520 hpqwmiex - ok
11:52:34.0117 4520 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:52:34.0117 4520 HpSAMD - ok
11:52:34.0148 4520 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
11:52:34.0148 4520 hpsrv - ok
11:52:34.0195 4520 [ 2BEC76BDCD1BC080210325E7B5094834 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
11:52:34.0195 4520 HPWMISVC - ok
11:52:34.0273 4520 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:52:34.0273 4520 HTTP - ok
11:52:34.0288 4520 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:52:34.0288 4520 hwpolicy - ok
11:52:34.0351 4520 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:52:34.0351 4520 i8042prt - ok
11:52:34.0398 4520 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:52:34.0413 4520 iaStorV - ok
11:52:34.0491 4520 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:52:34.0491 4520 IDriverT - ok
11:52:34.0554 4520 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:52:34.0569 4520 idsvc - ok
11:52:34.0600 4520 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:52:34.0600 4520 iirsp - ok
11:52:34.0647 4520 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:52:34.0663 4520 IKEEXT - ok
11:52:34.0694 4520 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:52:34.0694 4520 intelide - ok
11:52:34.0725 4520 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
11:52:34.0741 4520 intelppm - ok
11:52:34.0756 4520 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:52:34.0756 4520 IPBusEnum - ok
11:52:34.0788 4520 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:52:34.0788 4520 IpFilterDriver - ok
11:52:34.0850 4520 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:52:34.0866 4520 iphlpsvc - ok
11:52:34.0897 4520 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:52:34.0897 4520 IPMIDRV - ok
11:52:34.0928 4520 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:52:34.0928 4520 IPNAT - ok
11:52:34.0990 4520 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:52:35.0006 4520 iPod Service - ok
11:52:35.0037 4520 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:52:35.0053 4520 IRENUM - ok
11:52:35.0068 4520 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:52:35.0068 4520 isapnp - ok
11:52:35.0100 4520 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:52:35.0100 4520 iScsiPrt - ok
11:52:35.0131 4520 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
11:52:35.0131 4520 kbdclass - ok
11:52:35.0162 4520 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
11:52:35.0162 4520 kbdhid - ok
11:52:35.0178 4520 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:52:35.0178 4520 KeyIso - ok
11:52:35.0209 4520 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:52:35.0224 4520 KSecDD - ok
11:52:35.0240 4520 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:52:35.0240 4520 KSecPkg - ok
11:52:35.0271 4520 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:52:35.0271 4520 ksthunk - ok
11:52:35.0318 4520 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:52:35.0334 4520 KtmRm - ok
11:52:35.0380 4520 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:52:35.0396 4520 LanmanServer - ok
11:52:35.0427 4520 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:52:35.0427 4520 LanmanWorkstation - ok
11:52:35.0490 4520 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:52:35.0490 4520 lltdio - ok
11:52:35.0521 4520 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:52:35.0536 4520 lltdsvc - ok
11:52:35.0552 4520 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:52:35.0552 4520 lmhosts - ok
11:52:35.0599 4520 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:52:35.0599 4520 LSI_FC - ok
11:52:35.0614 4520 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:52:35.0614 4520 LSI_SAS - ok
11:52:35.0630 4520 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:52:35.0630 4520 LSI_SAS2 - ok
11:52:35.0646 4520 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:52:35.0661 4520 LSI_SCSI - ok
11:52:35.0692 4520 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:52:35.0692 4520 luafv - ok
11:52:35.0739 4520 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:52:35.0739 4520 Mcx2Svc - ok
11:52:35.0770 4520 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
11:52:35.0770 4520 megasas - ok
11:52:35.0802 4520 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:52:35.0817 4520 MegaSR - ok
11:52:35.0833 4520 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:52:35.0848 4520 MMCSS - ok
11:52:35.0864 4520 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:52:35.0864 4520 Modem - ok
11:52:35.0895 4520 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:52:35.0895 4520 monitor - ok
11:52:35.0911 4520 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:52:35.0911 4520 mouclass - ok
11:52:35.0958 4520 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:52:35.0958 4520 mouhid - ok
11:52:35.0973 4520 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:52:35.0989 4520 mountmgr - ok
11:52:36.0051 4520 [ 0D265CCCCEB68C43C595C03150F0BFD0 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:52:36.0051 4520 MozillaMaintenance - ok
11:52:36.0082 4520 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:52:36.0082 4520 mpio - ok
11:52:36.0114 4520 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:52:36.0114 4520 mpsdrv - ok
11:52:36.0160 4520 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:52:36.0176 4520 MpsSvc - ok
11:52:36.0223 4520 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:52:36.0223 4520 MRxDAV - ok
11:52:36.0223 4520 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:52:36.0238 4520 mrxsmb - ok
11:52:36.0270 4520 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:52:36.0270 4520 mrxsmb10 - ok
11:52:36.0301 4520 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:52:36.0301 4520 mrxsmb20 - ok
11:52:36.0316 4520 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:52:36.0316 4520 msahci - ok
11:52:36.0332 4520 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:52:36.0332 4520 msdsm - ok
11:52:36.0348 4520 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:52:36.0363 4520 MSDTC - ok
11:52:36.0379 4520 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:52:36.0379 4520 Msfs - ok
11:52:36.0410 4520 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:52:36.0410 4520 mshidkmdf - ok
11:52:36.0441 4520 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:52:36.0441 4520 msisadrv - ok
11:52:36.0472 4520 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:52:36.0488 4520 MSiSCSI - ok
11:52:36.0488 4520 msiserver - ok
11:52:36.0535 4520 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:52:36.0535 4520 MSKSSRV - ok
11:52:36.0550 4520 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:52:36.0550 4520 MSPCLOCK - ok
11:52:36.0566 4520 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:52:36.0566 4520 MSPQM - ok
11:52:36.0597 4520 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:52:36.0597 4520 MsRPC - ok
11:52:36.0613 4520 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:52:36.0613 4520 mssmbios - ok
11:52:36.0628 4520 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:52:36.0628 4520 MSTEE - ok
11:52:36.0660 4520 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:52:36.0660 4520 MTConfig - ok
11:52:36.0691 4520 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:52:36.0691 4520 Mup - ok
11:52:36.0738 4520 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:52:36.0753 4520 napagent - ok
11:52:36.0800 4520 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:52:36.0816 4520 NativeWifiP - ok
11:52:36.0878 4520 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:52:36.0878 4520 NDIS - ok
11:52:36.0909 4520 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:52:36.0909 4520 NdisCap - ok
11:52:36.0940 4520 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:52:36.0940 4520 NdisTapi - ok
11:52:36.0972 4520 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:52:36.0972 4520 Ndisuio - ok
11:52:36.0987 4520 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:52:36.0987 4520 NdisWan - ok
11:52:37.0018 4520 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:52:37.0018 4520 NDProxy - ok
11:52:37.0050 4520 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:52:37.0050 4520 NetBIOS - ok
11:52:37.0065 4520 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:52:37.0081 4520 NetBT - ok
11:52:37.0096 4520 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:52:37.0096 4520 Netlogon - ok
11:52:37.0128 4520 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:52:37.0143 4520 Netman - ok
11:52:37.0174 4520 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:52:37.0174 4520 NetMsmqActivator - ok
11:52:37.0190 4520 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:52:37.0190 4520 NetPipeActivator - ok
11:52:37.0221 4520 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:52:37.0221 4520 netprofm - ok
11:52:37.0237 4520 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:52:37.0237 4520 NetTcpActivator - ok
11:52:37.0252 4520 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:52:37.0252 4520 NetTcpPortSharing - ok
11:52:37.0284 4520 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:52:37.0284 4520 nfrd960 - ok
11:52:37.0315 4520 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:52:37.0330 4520 NlaSvc - ok
11:52:37.0362 4520 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:52:37.0362 4520 Npfs - ok
11:52:37.0393 4520 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:52:37.0393 4520 nsi - ok
11:52:37.0408 4520 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:52:37.0408 4520 nsiproxy - ok
11:52:37.0486 4520 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:52:37.0518 4520 Ntfs - ok
11:52:37.0533 4520 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:52:37.0533 4520 Null - ok
11:52:37.0564 4520 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
11:52:37.0580 4520 NVENETFD - ok
11:52:37.0611 4520 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:52:37.0611 4520 nvraid - ok
11:52:37.0642 4520 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:52:37.0658 4520 nvstor - ok
11:52:37.0689 4520 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:52:37.0705 4520 nv_agp - ok
11:52:37.0736 4520 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:52:37.0736 4520 ohci1394 - ok
11:52:37.0798 4520 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:52:37.0814 4520 ose - ok
11:52:38.0017 4520 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:52:38.0079 4520 osppsvc - ok
11:52:38.0126 4520 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:52:38.0142 4520 p2pimsvc - ok
11:52:38.0188 4520 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:52:38.0204 4520 p2psvc - ok
11:52:38.0235 4520 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
11:52:38.0235 4520 Parport - ok
11:52:38.0266 4520 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:52:38.0266 4520 partmgr - ok
11:52:38.0282 4520 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:52:38.0298 4520 PcaSvc - ok
11:52:38.0313 4520 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:52:38.0313 4520 pci - ok
11:52:38.0329 4520 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:52:38.0344 4520 pciide - ok
11:52:38.0360 4520 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:52:38.0376 4520 pcmcia - ok
11:52:38.0407 4520 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:52:38.0407 4520 pcw - ok
11:52:38.0454 4520 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:52:38.0454 4520 PEAUTH - ok
11:52:38.0547 4520 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:52:38.0547 4520 PerfHost - ok
11:52:38.0625 4520 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:52:38.0656 4520 pla - ok
11:52:38.0703 4520 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:52:38.0703 4520 PlugPlay - ok
11:52:38.0750 4520 PnkBstrA - ok
11:52:38.0766 4520 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:52:38.0781 4520 PNRPAutoReg - ok
11:52:38.0797 4520 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:52:38.0812 4520 PNRPsvc - ok
11:52:38.0844 4520 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:52:38.0859 4520 PolicyAgent - ok
11:52:38.0875 4520 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
11:52:38.0890 4520 Power - ok
11:52:38.0922 4520 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:52:38.0922 4520 PptpMiniport - ok
11:52:38.0953 4520 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
11:52:38.0953 4520 Processor - ok
11:52:38.0984 4520 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:52:39.0000 4520 ProfSvc - ok
11:52:39.0015 4520 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:52:39.0015 4520 ProtectedStorage - ok
11:52:39.0046 4520 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:52:39.0046 4520 Psched - ok
11:52:39.0093 4520 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:52:39.0124 4520 ql2300 - ok
11:52:39.0156 4520 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:52:39.0156 4520 ql40xx - ok
11:52:39.0187 4520 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:52:39.0187 4520 QWAVE - ok
11:52:39.0218 4520 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:52:39.0218 4520 QWAVEdrv - ok
11:52:39.0234 4520 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:52:39.0234 4520 RasAcd - ok
11:52:39.0280 4520 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:52:39.0296 4520 RasAgileVpn - ok
11:52:39.0312 4520 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:52:39.0327 4520 RasAuto - ok
11:52:39.0358 4520 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:52:39.0358 4520 Rasl2tp - ok
11:52:39.0390 4520 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:52:39.0390 4520 RasMan - ok
11:52:39.0405 4520 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:52:39.0421 4520 RasPppoe - ok
11:52:39.0436 4520 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:52:39.0436 4520 RasSstp - ok
11:52:39.0499 4520 [ 96597C96D5ACF4A3EF0B24D396853879 ] rcmirror C:\Windows\system32\DRIVERS\rcmirror.sys
11:52:39.0499 4520 rcmirror - ok
11:52:39.0514 4520 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:52:39.0514 4520 rdbss - ok
11:52:39.0546 4520 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
11:52:39.0546 4520 rdpbus - ok
11:52:39.0592 4520 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:52:39.0592 4520 RDPCDD - ok
11:52:39.0608 4520 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:52:39.0608 4520 RDPENCDD - ok
11:52:39.0624 4520 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:52:39.0624 4520 RDPREFMP - ok
11:52:39.0655 4520 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:52:39.0655 4520 RDPWD - ok
11:52:39.0686 4520 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:52:39.0702 4520 rdyboost - ok
11:52:39.0748 4520 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:52:39.0748 4520 RemoteAccess - ok
11:52:39.0780 4520 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:52:39.0795 4520 RemoteRegistry - ok
11:52:39.0826 4520 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
11:52:39.0826 4520 RFCOMM - ok
11:52:39.0842 4520 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:52:39.0858 4520 RpcEptMapper - ok
11:52:39.0873 4520 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:52:39.0873 4520 RpcLocator - ok
11:52:39.0904 4520 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:52:39.0920 4520 RpcSs - ok
11:52:39.0967 4520 [ 7F324DFFCA5318EEF040DBE351D038D8 ] RSP2STOR C:\Windows\system32\DRIVERS\RtsP2Stor.sys
11:52:39.0967 4520 RSP2STOR - ok
11:52:39.0998 4520 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:52:39.0998 4520 rspndr - ok
11:52:40.0029 4520 [ 7F4F11527AF5A7E4526CB6A146B3E40C ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:52:40.0045 4520 RTL8167 - ok
11:52:40.0060 4520 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:52:40.0060 4520 SamSs - ok
11:52:40.0123 4520 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
11:52:40.0123 4520 SASDIFSV - ok
11:52:40.0138 4520 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
11:52:40.0138 4520 SASKUTIL - ok
11:52:40.0170 4520 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:52:40.0170 4520 sbp2port - ok
11:52:40.0248 4520 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
11:52:40.0263 4520 SBSDWSCService - ok
11:52:40.0294 4520 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:52:40.0294 4520 SCardSvr - ok
11:52:40.0310 4520 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:52:40.0326 4520 scfilter - ok
11:52:40.0357 4520 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:52:40.0372 4520 Schedule - ok
11:52:40.0404 4520 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:52:40.0404 4520 SCPolicySvc - ok
11:52:40.0435 4520 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
11:52:40.0435 4520 sdbus - ok
11:52:40.0466 4520 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:52:40.0466 4520 SDRSVC - ok
11:52:40.0497 4520 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:52:40.0513 4520 secdrv - ok
11:52:40.0528 4520 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:52:40.0528 4520 seclogon - ok
11:52:40.0544 4520 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
11:52:40.0544 4520 SENS - ok
11:52:40.0575 4520 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:52:40.0575 4520 SensrSvc - ok
11:52:40.0591 4520 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
11:52:40.0591 4520 Serenum - ok
11:52:40.0622 4520 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
11:52:40.0622 4520 Serial - ok
11:52:40.0653 4520 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:52:40.0653 4520 sermouse - ok
11:52:40.0700 4520 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:52:40.0700 4520 SessionEnv - ok
11:52:40.0747 4520 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:52:40.0747 4520 sffdisk - ok
11:52:40.0762 4520 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:52:40.0762 4520 sffp_mmc - ok
11:52:40.0778 4520 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:52:40.0778 4520 sffp_sd - ok
11:52:40.0809 4520 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:52:40.0809 4520 sfloppy - ok
11:52:40.0872 4520 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:52:40.0887 4520 SharedAccess - ok
11:52:40.0918 4520 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:52:40.0934 4520 ShellHWDetection - ok
11:52:40.0950 4520 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:52:40.0950 4520 SiSRaid2 - ok
11:52:40.0996 4520 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:52:40.0996 4520 SiSRaid4 - ok
11:52:41.0043 4520 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:52:41.0043 4520 Smb - ok
11:52:41.0074 4520 [ 8AF2546861B179E2517EB02748B4FAB7 ] SmbDrv C:\Windows\system32\drivers\Smb_driver.sys
11:52:41.0074 4520 SmbDrv - ok
11:52:41.0090 4520 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:52:41.0106 4520 SNMPTRAP - ok
11:52:41.0121 4520 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:52:41.0121 4520 spldr - ok
11:52:41.0168 4520 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:52:41.0184 4520 Spooler - ok
11:52:41.0277 4520 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:52:41.0340 4520 sppsvc - ok
11:52:41.0355 4520 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:52:41.0355 4520 sppuinotify - ok
11:52:41.0386 4520 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:52:41.0386 4520 srv - ok
11:52:41.0418 4520 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:52:41.0433 4520 srv2 - ok
11:52:41.0464 4520 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:52:41.0464 4520 SrvHsfHDA - ok
11:52:41.0511 4520 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:52:41.0542 4520 SrvHsfV92 - ok
11:52:41.0558 4520 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:52:41.0574 4520 SrvHsfWinac - ok
11:52:41.0620 4520 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:52:41.0620 4520 srvnet - ok
11:52:41.0667 4520 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:52:41.0667 4520 SSDPSRV - ok
11:52:41.0698 4520 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:52:41.0698 4520 SstpSvc - ok
11:52:41.0808 4520 [ D30FE3ECF1D6D521365FAE307B500BC0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
11:52:41.0808 4520 STacSV - ok
11:52:41.0854 4520 Steam Client Service - ok
11:52:41.0886 4520 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:52:41.0886 4520 stexstor - ok
11:52:41.0932 4520 [ 6F69D75F50E8FAF1003AA6CFB18B91EC ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
11:52:41.0948 4520 STHDA - ok
11:52:41.0995 4520 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:52:42.0010 4520 stisvc - ok
11:52:42.0026 4520 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:52:42.0026 4520 swenum - ok
11:52:42.0057 4520 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:52:42.0073 4520 swprv - ok
11:52:42.0135 4520 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\drivers\SynTP.sys
11:52:42.0135 4520 SynTP - ok
11:52:42.0198 4520 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:52:42.0229 4520 SysMain - ok
11:52:42.0260 4520 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:52:42.0260 4520 TabletInputService - ok
11:52:42.0291 4520 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:52:42.0291 4520 TapiSrv - ok
11:52:42.0322 4520 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:52:42.0322 4520 TBS - ok
11:52:42.0416 4520 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:52:42.0447 4520 Tcpip - ok
11:52:42.0494 4520 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:52:42.0510 4520 TCPIP6 - ok
11:52:42.0541 4520 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:52:42.0556 4520 tcpipreg - ok
11:52:42.0572 4520 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:52:42.0572 4520 TDPIPE - ok
11:52:42.0588 4520 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:52:42.0603 4520 TDTCP - ok
11:52:42.0619 4520 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:52:42.0619 4520 tdx - ok
11:52:42.0650 4520 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:52:42.0650 4520 TermDD - ok
11:52:42.0712 4520 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:52:42.0728 4520 TermService - ok
11:52:42.0744 4520 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:52:42.0744 4520 Themes - ok
11:52:42.0790 4520 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:52:42.0790 4520 THREADORDER - ok
11:52:42.0806 4520 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:52:42.0806 4520 TrkWks - ok
11:52:42.0868 4520 [ E06079D6BCF81AB8D07A932B209BC839 ] TrueService C:\Program Files\Common Files\AuthenTec\TrueService.exe
11:52:42.0868 4520 TrueService - ok
11:52:42.0931 4520 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:52:42.0931 4520 TrustedInstaller - ok
11:52:42.0962 4520 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:52:42.0962 4520 tssecsrv - ok
11:52:42.0993 4520 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:52:42.0993 4520 TsUsbFlt - ok
11:52:43.0009 4520 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:52:43.0024 4520 TsUsbGD - ok
11:52:43.0071 4520 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:52:43.0071 4520 tunnel - ok
11:52:43.0102 4520 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:52:43.0102 4520 uagp35 - ok
11:52:43.0134 4520 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:52:43.0134 4520 udfs - ok
11:52:43.0180 4520 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:52:43.0180 4520 UI0Detect - ok
11:52:43.0227 4520 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:52:43.0227 4520 uliagpkx - ok
11:52:43.0258 4520 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:52:43.0258 4520 umbus - ok
11:52:43.0305 4520 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
11:52:43.0305 4520 UmPass - ok
11:52:43.0336 4520 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:52:43.0336 4520 upnphost - ok
11:52:43.0383 4520 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
11:52:43.0383 4520 USBAAPL64 - ok
11:52:43.0446 4520 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:52:43.0446 4520 usbaudio - ok
11:52:43.0492 4520 [ 2B26FCB7C634C49313FD72120FB9946E ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:52:43.0492 4520 usbccgp - ok
11:52:43.0524 4520 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:52:43.0524 4520 usbcir - ok
11:52:43.0555 4520 [ AA68C758B3F225618A5FD1ED40C383C4 ] usbehci C:\Windows\system32\drivers\usbehci.sys
11:52:43.0570 4520 usbehci - ok
11:52:43.0586 4520 [ 33A58C5630200E17B51C8D73DD64181B ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
11:52:43.0586 4520 usbfilter - ok
11:52:43.0633 4520 [ 66E1EF753543785D7E2C44719B2C5DAD ] usbhub C:\Windows\system32\drivers\usbhub.sys
11:52:43.0633 4520 usbhub - ok
11:52:43.0664 4520 [ B26ACA4784AD1295C25A7501FD4AB79E ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:52:43.0664 4520 usbohci - ok
11:52:43.0711 4520 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:52:43.0711 4520 usbprint - ok
11:52:43.0758 4520 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:52:43.0758 4520 usbscan - ok
11:52:43.0789 4520 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:52:43.0789 4520 USBSTOR - ok
11:52:43.0820 4520 [ 35944CFF264134FFD2E7EED0F8B81A56 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:52:43.0820 4520 usbuhci - ok
11:52:43.0867 4520 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:52:43.0867 4520 usbvideo - ok
11:52:43.0898 4520 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:52:43.0898 4520 UxSms - ok
11:52:43.0914 4520 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:52:43.0914 4520 VaultSvc - ok
11:52:43.0929 4520 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:52:43.0945 4520 vdrvroot - ok
11:52:43.0960 4520 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:52:43.0976 4520 vds - ok
11:52:43.0992 4520 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:52:43.0992 4520 vga - ok
11:52:44.0007 4520 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:52:44.0007 4520 VgaSave - ok
11:52:44.0038 4520 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:52:44.0038 4520 vhdmp - ok
11:52:44.0070 4520 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:52:44.0070 4520 viaide - ok
11:52:44.0085 4520 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:52:44.0085 4520 volmgr - ok
11:52:44.0116 4520 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:52:44.0116 4520 volmgrx - ok
11:52:44.0148 4520 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:52:44.0148 4520 volsnap - ok
11:52:44.0194 4520 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:52:44.0194 4520 vsmraid - ok
11:52:44.0257 4520 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:52:44.0288 4520 VSS - ok
11:52:44.0304 4520 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:52:44.0304 4520 vwifibus - ok
11:52:44.0350 4520 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:52:44.0350 4520 vwififlt - ok
11:52:44.0382 4520 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:52:44.0397 4520 W32Time - ok
11:52:44.0428 4520 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:52:44.0428 4520 WacomPen - ok
11:52:44.0460 4520 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:52:44.0460 4520 WANARP - ok
11:52:44.0491 4520 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:52:44.0491 4520 Wanarpv6 - ok
11:52:44.0569 4520 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:52:44.0600 4520 WatAdminSvc - ok
11:52:44.0647 4520 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:52:44.0678 4520 wbengine - ok
11:52:44.0694 4520 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:52:44.0709 4520 WbioSrvc - ok
11:52:44.0740 4520 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:52:44.0740 4520 wcncsvc - ok
11:52:44.0756 4520 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:52:44.0756 4520 WcsPlugInService - ok
11:52:44.0787 4520 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
11:52:44.0787 4520 Wd - ok
11:52:44.0850 4520 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:52:44.0850 4520 Wdf01000 - ok
11:52:44.0881 4520 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:52:44.0881 4520 WdiServiceHost - ok
11:52:44.0881 4520 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:52:44.0896 4520 WdiSystemHost - ok
11:52:44.0912 4520 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:52:44.0928 4520 WebClient - ok
11:52:44.0959 4520 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:52:44.0959 4520 Wecsvc - ok
11:52:44.0974 4520 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:52:44.0990 4520 wercplsupport - ok
11:52:45.0021 4520 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:52:45.0021 4520 WerSvc - ok
11:52:45.0052 4520 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:52:45.0052 4520 WfpLwf - ok
11:52:45.0084 4520 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:52:45.0084 4520 WIMMount - ok
11:52:45.0099 4520 WinDefend - ok
11:52:45.0115 4520 WinHttpAutoProxySvc - ok
11:52:45.0162 4520 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:52:45.0177 4520 Winmgmt - ok
11:52:45.0240 4520 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:52:45.0286 4520 WinRM - ok
11:52:45.0349 4520 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
11:52:45.0349 4520 WinUsb - ok
11:52:45.0380 4520 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:52:45.0396 4520 Wlansvc - ok
11:52:45.0442 4520 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:52:45.0442 4520 wlcrasvc - ok
11:52:45.0567 4520 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:52:45.0598 4520 wlidsvc - ok
11:52:45.0630 4520 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:52:45.0630 4520 WmiAcpi - ok
11:52:45.0645 4520 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:52:45.0661 4520 wmiApSrv - ok
11:52:45.0692 4520 WMPNetworkSvc - ok
11:52:45.0739 4520 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:52:45.0739 4520 WPCSvc - ok
11:52:45.0770 4520 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:52:45.0770 4520 WPDBusEnum - ok
11:52:45.0801 4520 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:52:45.0801 4520 ws2ifsl - ok
11:52:45.0832 4520 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
11:52:45.0832 4520 wscsvc - ok
11:52:45.0848 4520 WSearch - ok
11:52:45.0926 4520 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:52:45.0957 4520 wuauserv - ok
11:52:45.0973 4520 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:52:45.0988 4520 WudfPf - ok
11:52:46.0004 4520 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:52:46.0004 4520 WUDFRd - ok
11:52:46.0035 4520 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:52:46.0035 4520 wudfsvc - ok
11:52:46.0066 4520 [ F0B1D8725FAB9F4A559CCC91A960FCE0 ] WwanSvc C:\Windows\System32\wwansvc.dll
11:52:46.0066 4520 WwanSvc - ok
11:52:46.0098 4520 ================ Scan global ===============================
11:52:46.0129 4520 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:52:46.0160 4520 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
11:52:46.0176 4520 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
11:52:46.0207 4520 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:52:46.0269 4520 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:52:46.0269 4520 [Global] - ok
11:52:46.0269 4520 ================ Scan MBR ==================================
11:52:46.0300 4520 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:52:46.0441 4520 \Device\Harddisk0\DR0 - ok
11:52:46.0441 4520 ================ Scan VBR ==================================
11:52:46.0441 4520 [ 40A9B570ACC255D6BA88E792C0E279AF ] \Device\Harddisk0\DR0\Partition1
11:52:46.0441 4520 \Device\Harddisk0\DR0\Partition1 - ok
11:52:46.0472 4520 [ 8565A5B0100DE31DAA4DF075FDF04706 ] \Device\Harddisk0\DR0\Partition2
11:52:46.0472 4520 \Device\Harddisk0\DR0\Partition2 - ok
11:52:46.0503 4520 [ 3E6DDE1EB18C2CB7391554C9C8885887 ] \Device\Harddisk0\DR0\Partition3
11:52:46.0503 4520 \Device\Harddisk0\DR0\Partition3 - ok
11:52:46.0519 4520 [ D6947B4643D5C7A6CD95F98605A1AC26 ] \Device\Harddisk0\DR0\Partition4
11:52:46.0519 4520 \Device\Harddisk0\DR0\Partition4 - ok
11:52:46.0534 4520 ============================================================
11:52:46.0534 4520 Scan finished
11:52:46.0534 4520 ============================================================
11:52:46.0597 4236 Detected object count: 0
11:52:46.0597 4236 Actual detected object count: 0




aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-22 11:56:16
-----------------------------
11:56:16.747 OS Version: Windows x64 6.1.7601 Service Pack 1
11:56:16.747 Number of processors: 4 586 0x1001
11:56:16.762 ComputerName: TERENCE-HP UserName: Terence
11:56:17.417 Initialize success
12:10:17.044 AVAST engine defs: 12112200
12:10:32.676 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
12:10:32.676 Disk 0 Vendor: ST640LM0 2AJ1 Size: 610480MB BusType: 11
12:10:32.691 Disk 0 MBR read successfully
12:10:32.707 Disk 0 MBR scan
12:10:32.707 Disk 0 Windows 7 default MBR code
12:10:32.723 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
12:10:32.738 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 589911 MB offset 409600
12:10:32.769 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20265 MB offset 1208547328
12:10:32.801 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
12:10:32.847 Disk 0 scanning C:\Windows\system32\drivers
12:10:44.267 Service scanning
12:11:11.707 Modules scanning
12:11:11.707 Disk 0 trace - called modules:
12:11:11.738 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
12:11:11.754 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006295060]
12:11:11.754 3 CLASSPNP.SYS[fffff8800197b43f] -> nt!IofCallDriver -> [0xfffffa8006177950]
12:11:11.769 5 hpdskflt.sys[fffff88001922189] -> nt!IofCallDriver -> [0xfffffa800614fac0]
12:11:11.785 7 amd_xata.sys[fffff8800109dd00] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa80061499c0]
12:11:12.971 AVAST engine scan C:\Windows
12:11:16.621 AVAST engine scan C:\Windows\system32
12:13:17.584 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
12:13:19.534 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
12:14:45.755 AVAST engine scan C:\Windows\system32\drivers
12:14:59.826 AVAST engine scan C:\Users\Terence
12:20:46.834 AVAST engine scan C:\ProgramData
12:21:23.182 Scan finished successfully
12:21:34.742 Disk 0 MBR has been saved successfully to "C:\Users\Terence\Desktop\MBR.dat"
12:21:34.742 The log file has been saved successfully to "C:\Users\Terence\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:56 AM

Posted 22 November 2012 - 08:47 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 JmuCommSenior

JmuCommSenior
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 23 November 2012 - 01:20 AM

While combofix was running, around stage 4 or 5 it came up with the "Illegal operation attempted on a registery key that has been marked for deletion" prompt, I pressed ok, and it continued to run until it finished and generated the log. I wasn't sure if I needed to restart the computer because of that. Everything seems to be running normally. Here is the log


ComboFix 12-11-21.01 - Terence 11/23/2012 1:04.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5609.3831 [GMT -5:00]
Running from: c:\users\Terence\Desktop\ComboFix.exe
Command switches used :: c:\users\Terence\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-10-23 to 2012-11-23 )))))))))))))))))))))))))))))))
.
.
2074-05-18 21:44 . 2008-03-21 18:46 607296 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2073-04-13 21:17 . 2006-11-22 00:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-11-23 06:13 . 2012-11-23 06:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-16 17:44 . 2012-11-16 17:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-16 17:43 . 2012-11-16 17:43 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-16 17:43 . 2012-11-16 17:43 -------- d-----w- c:\program files (x86)\Java
2012-11-15 05:40 . 2012-11-21 22:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-15 05:17 . 2012-11-15 05:17 -------- d-----w- c:\program files (x86)\PC Tools
2012-11-15 05:14 . 2012-11-21 21:35 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-11-15 05:14 . 2012-11-01 20:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-11-15 05:13 . 2012-11-15 05:39 -------- d-----w- c:\programdata\PC Tools
2012-11-15 05:13 . 2012-11-15 05:13 -------- d-----w- c:\users\Terence\AppData\Roaming\TestApp
2012-11-13 04:52 . 2012-11-13 04:52 -------- d-----w- c:\users\Terence\AppData\Roaming\SUPERAntiSpyware.com
2012-11-13 04:52 . 2012-11-13 04:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-11-13 04:52 . 2012-11-13 04:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-11-12 23:19 . 2012-11-12 23:19 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-11-12 23:12 . 2012-11-12 23:12 220160 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-11-12 23:12 . 2012-11-12 23:12 -------- d-----w- c:\program files (x86)\Mega Codec Pack
2012-11-06 22:51 . 2012-11-06 22:51 -------- d-----w- c:\program files (x86)\VirtualDJ
2012-11-05 19:47 . 2012-11-05 19:47 -------- d-----w- c:\users\Terence\AppData\Local\Microsoft Games
2012-10-25 21:59 . 2012-10-25 21:59 -------- d-----w- c:\users\Terence\AppData\Roaming\2K Sports
2012-10-25 21:50 . 2012-10-25 21:50 -------- d-----w- c:\program files (x86)\2K Sports
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 17:43 . 2012-08-14 06:27 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-16 17:43 . 2012-08-14 06:27 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-06 22:11 . 2012-03-10 02:08 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-31 17:23 . 2012-08-31 17:12 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-08-31 17:23 . 2012-08-31 17:17 281152 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-31 17:23 . 2012-08-31 17:12 281152 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-31 17:12 . 2012-08-31 17:12 794408 ----a-w- c:\windows\SysWow64\Pbsvc.exe
2012-08-29 17:16 . 2012-08-02 00:09 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-08-29 17:16 . 2012-08-02 00:09 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-08-29 17:16 . 2012-08-02 00:09 4747840 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-08-29 17:16 . 2012-08-02 00:09 3952640 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-08-29 17:16 . 2012-08-02 00:09 3617792 ----a-w- c:\windows\system32\bcmihvui64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2012-11-12 23:12 220160 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Terence\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Terence\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Terence\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Terence\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-24 630912]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-12-29 1380128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
R3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys [2011-10-14 20016]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe [2011-12-09 269640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-29 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-12-13 82048]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-12-13 42624]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys [2012-02-02 31872]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-25 235520]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-24 361984]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys [2012-02-05 189760]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [2011-12-11 260424]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2011-10-26 102528]
S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys [2010-02-18 46136]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2011-10-26 219776]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-06 95248]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-12-29 134696]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-12-29 615464]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-12-29 89640]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-12-29 39976]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-10-27 259688]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-30 646248]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-01-14 56448]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 24708843
*NewlyCreated* - ASWMBR
*Deregistered* - 24708843
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-10 02:08]
.
2012-11-21 c:\windows\Tasks\HPCeeScheduleForTerence.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Terence\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Terence\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Terence\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Terence\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-04 1425408]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate08282012
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
FF - ProfilePath - c:\users\Terence\AppData\Roaming\Mozilla\Firefox\Profiles\yk6rxxpi.default\
FF - ExtSQL: 2012-11-21 15:53; adblockpopups@jessehakanen.net; c:\users\Terence\AppData\Roaming\Mozilla\Firefox\Profiles\yk6rxxpi.default\extensions\adblockpopups@jessehakanen.net.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\Pbsvc.exe
AddRemove-WildTangentGDF-hp-bals - c:\program files (x86)\HP Games\Web Link - Build-A-Lot Metropolis\Uninstall.exe
AddRemove-WildTangentGDF-hp-battlestargalacticaonline - c:\program files (x86)\HP Games\Web Link - Battlestar Galactica Online\Uninstall.exe
AddRemove-WildTangentGDF-hp-clubpenguin - c:\program files (x86)\HP Games\Web Link - Club Penguin\Uninstall.exe
AddRemove-WildTangentGDF-hp-darkorbit - c:\program files (x86)\HP Games\Web Link - Dark Orbit\Uninstall.exe
AddRemove-WildTangentGDF-hp-gunbros - c:\program files (x86)\HP Games\Web Link - Gun Bros\Uninstall.exe
AddRemove-WildTangentGDF-hp-itgirl - c:\program files (x86)\HP Games\Web Link - It Girl!\Uninstall.exe
AddRemove-WildTangentGDF-hp-mahjonggdarkdimensions - c:\program files (x86)\HP Games\Web Link - Mahjongg Dark Dimensions\Uninstall.exe
AddRemove-WildTangentGDF-hp-oddmanor - c:\program files (x86)\HP Games\Web Link - Odd Manor\Uninstall.exe
AddRemove-WildTangentGDF-hp-organizedcrime - c:\program files (x86)\HP Games\Web Link - Organized Crime\Uninstall.exe
AddRemove-WildTangentGDF-hp-penguinworldsocial - c:\program files (x86)\HP Games\Web Link - Penguin World\Uninstall.exe
AddRemove-WildTangentGDF-hp-polarbowlerfacebook - c:\program files (x86)\HP Games\Web Link - Polar Bowler Strike!\Uninstall.exe
AddRemove-WildTangentGDF-hp-salonstreetsocial - c:\program files (x86)\HP Games\Web Link - Salon Street\Uninstall.exe
AddRemove-WildTangentGDF-hp-seafight - c:\program files (x86)\HP Games\Web Link - Seafight\Uninstall.exe
AddRemove-WildTangentGDF-hp-shaiya - c:\program files (x86)\HP Games\Web Link - Shaiya\Uninstall.exe
AddRemove-WildTangentGDF-hp-worldofwarcraft - c:\program files (x86)\HP Games\Web Link - World of Warcraft\Uninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3339255970-2605272895-3093883593-1002\Software\SecuROM\License information*]
"datasecu"=hex:34,9c,e1,cd,e1,0c,90,53,06,9b,93,96,22,8b,02,98,b9,3d,19,90,d0,
f7,45,56,1f,25,6f,9d,77,42,85,10,0b,14,b1,c1,71,66,a1,23,9e,f5,13,d8,4c,77,\
"rkeysecu"=hex:7f,6c,ab,85,21,02,b5,4a,71,7a,4f,b0,db,a3,e0,19
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_160_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_160_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_160.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_160.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_160.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_160.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-23 01:17:06
ComboFix-quarantined-files.txt 2012-11-23 06:17
ComboFix2.txt 2012-11-22 07:30
.
Pre-Run: 432,779,612,160 bytes free
Post-Run: 432,487,964,672 bytes free
.
- - End Of File - - 539BF04BE5EFD5D0FF8A4FB894FCBCBA

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:56 AM

Posted 23 November 2012 - 01:34 AM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 JmuCommSenior

JmuCommSenior
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 23 November 2012 - 02:02 AM

I had no problems and the computer seems to be running well. I have not encountered any of the problems I initially had.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.23.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Terence :: TERENCE-HP [administrator]

11/23/2012 1:54:51 AM
mbam-log-2012-11-23 (01-54-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210496
Time elapsed: 2 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:00:10 AM, on 11/23/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Terence\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=insDate08282012
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: HP SimplePass Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TrueAPI Service component (TrueService) - AuthenTec, Inc. - C:\Program Files\Common Files\AuthenTec\TrueService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12853 bytes

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:56 AM

Posted 23 November 2012 - 02:36 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 JmuCommSenior

JmuCommSenior
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 23 November 2012 - 06:24 PM

C:\Documents and Settings\Terence\Downloads\Program Install Files\DTLite4454-0315.exe Win32/OpenCandy application
C:\Documents and Settings\Terence\Downloads\Program Install Files\IZArcInstall.exe a variant of Win32/Somoto.A application
C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.A.Gen trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.38.57\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.38.57\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.W trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.38.57\zasubsys0000\zafs0000\tsk0006.dta Win64/Conedex.C trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.38.57\zasubsys0000\zafs0000\tsk0009.dta Win64/Sirefef.AW trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.38.57\zasubsys0000\zafs0000\tsk0011.dta a variant of Win64/Sirefef.AN trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.38.57\zasubsys0001\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.38.57\zasubsys0001\zafs0000\tsk0001.dta Win64/Sirefef.W trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.38.57\zasubsys0001\zafs0000\tsk0006.dta Win64/Conedex.C trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.38.57\zasubsys0001\zafs0000\tsk0009.dta Win64/Sirefef.AW trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.38.57\zasubsys0001\zafs0000\tsk0011.dta a variant of Win64/Sirefef.AN trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.38.57\zasubsys0002\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.38.57\zasubsys0002\zafs0000\tsk0001.dta Win64/Sirefef.W trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.38.57\zasubsys0002\zafs0000\tsk0006.dta Win64/Conedex.C trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.38.57\zasubsys0002\zafs0000\tsk0009.dta Win64/Sirefef.AW trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.38.57\zasubsys0002\zafs0000\tsk0011.dta a variant of Win64/Sirefef.AN trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.38.57\zasubsys0003\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.38.57\zasubsys0003\zafs0000\tsk0001.dta Win64/Sirefef.W trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.38.57\zasubsys0003\zafs0000\tsk0006.dta Win64/Conedex.C trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.38.57\zasubsys0003\zafs0000\tsk0009.dta Win64/Sirefef.AW trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.38.57\zasubsys0003\zafs0000\tsk0011.dta a variant of Win64/Sirefef.AN trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.57.50\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.57.50\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.W trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.57.50\zasubsys0000\zafs0000\tsk0006.dta Win64/Conedex.C trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.57.50\zasubsys0000\zafs0000\tsk0009.dta Win64/Sirefef.AW trojan
C:\TDSSKiller_Quarantine\15.11.2012_00.57.50\zasubsys0000\zafs0000\tsk0011.dta a variant of Win64/Sirefef.AN trojan
C:\TDSSKiller_Quarantine\15.11.2012_12.20.01\zasubsys0000\file0000\tsk0000.dta Win64/Patched.A.Gen trojan
C:\TDSSKiller_Quarantine\15.11.2012_12.20.01\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\15.11.2012_12.20.01\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.W trojan
C:\TDSSKiller_Quarantine\15.11.2012_12.20.01\zasubsys0000\zafs0000\tsk0006.dta Win64/Conedex.C trojan
C:\TDSSKiller_Quarantine\15.11.2012_12.20.01\zasubsys0000\zafs0000\tsk0007.dta Win64/Agent.BA trojan
C:\TDSSKiller_Quarantine\15.11.2012_12.20.01\zasubsys0000\zafs0000\tsk0008.dta Win64/Conedex.B trojan
C:\TDSSKiller_Quarantine\15.11.2012_12.20.01\zasubsys0000\zafs0000\tsk0009.dta Win64/Sirefef.AW trojan
C:\TDSSKiller_Quarantine\15.11.2012_12.20.01\zasubsys0000\zafs0000\tsk0010.dta probably a variant of Win32/Sirefef.FD trojan
C:\TDSSKiller_Quarantine\15.11.2012_12.20.01\zasubsys0000\zafs0000\tsk0011.dta a variant of Win64/Sirefef.AN trojan
C:\TDSSKiller_Quarantine\16.11.2012_12.39.25\zasubsys0000\file0000\tsk0000.dta Win64/Patched.A.Gen trojan
C:\TDSSKiller_Quarantine\16.11.2012_12.39.25\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\16.11.2012_12.39.25\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.W trojan
C:\TDSSKiller_Quarantine\16.11.2012_12.39.25\zasubsys0000\zafs0000\tsk0006.dta Win64/Conedex.C trojan
C:\TDSSKiller_Quarantine\16.11.2012_12.39.25\zasubsys0000\zafs0000\tsk0007.dta Win64/Agent.BA trojan
C:\TDSSKiller_Quarantine\16.11.2012_12.39.25\zasubsys0000\zafs0000\tsk0008.dta Win64/Conedex.B trojan
C:\TDSSKiller_Quarantine\16.11.2012_12.39.25\zasubsys0000\zafs0000\tsk0009.dta Win64/Sirefef.AW trojan
C:\TDSSKiller_Quarantine\16.11.2012_12.39.25\zasubsys0000\zafs0000\tsk0010.dta probably a variant of Win32/Sirefef.FD trojan
C:\TDSSKiller_Quarantine\16.11.2012_12.39.25\zasubsys0000\zafs0000\tsk0011.dta a variant of Win64/Sirefef.AN trojan
C:\TDSSKiller_Quarantine\21.11.2012_15.57.45\zasubsys0000\file0000\tsk0000.dta Win64/Patched.A.Gen trojan
C:\TDSSKiller_Quarantine\21.11.2012_15.57.45\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\21.11.2012_15.57.45\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.W trojan
C:\TDSSKiller_Quarantine\21.11.2012_15.57.45\zasubsys0000\zafs0000\tsk0005.dta Win64/Conedex.C trojan
C:\TDSSKiller_Quarantine\21.11.2012_15.57.45\zasubsys0000\zafs0000\tsk0006.dta Win64/Agent.BA trojan
C:\TDSSKiller_Quarantine\21.11.2012_15.57.45\zasubsys0000\zafs0000\tsk0007.dta Win64/Conedex.B trojan
C:\TDSSKiller_Quarantine\21.11.2012_15.57.45\zasubsys0000\zafs0000\tsk0008.dta Win64/Sirefef.AW trojan
C:\TDSSKiller_Quarantine\21.11.2012_15.57.45\zasubsys0000\zafs0000\tsk0009.dta probably a variant of Win32/Sirefef.FD trojan
C:\TDSSKiller_Quarantine\21.11.2012_15.57.45\zasubsys0000\zafs0000\tsk0010.dta a variant of Win64/Sirefef.AN trojan
C:\TDSSKiller_Quarantine\21.11.2012_17.27.42\zasubsys0000\file0000\tsk0000.dta Win64/Patched.A.Gen trojan
C:\TDSSKiller_Quarantine\21.11.2012_17.27.42\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\21.11.2012_17.27.42\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.W trojan
C:\TDSSKiller_Quarantine\21.11.2012_17.27.42\zasubsys0000\zafs0000\tsk0005.dta Win64/Conedex.C trojan
C:\TDSSKiller_Quarantine\21.11.2012_17.27.42\zasubsys0000\zafs0000\tsk0006.dta Win64/Agent.BA trojan
C:\TDSSKiller_Quarantine\21.11.2012_17.27.42\zasubsys0000\zafs0000\tsk0007.dta Win64/Conedex.B trojan
C:\TDSSKiller_Quarantine\21.11.2012_17.27.42\zasubsys0000\zafs0000\tsk0008.dta Win64/Sirefef.AW trojan
C:\TDSSKiller_Quarantine\21.11.2012_17.27.42\zasubsys0000\zafs0000\tsk0009.dta probably a variant of Win32/Sirefef.FD trojan
C:\TDSSKiller_Quarantine\21.11.2012_17.27.42\zasubsys0000\zafs0000\tsk0010.dta a variant of Win64/Sirefef.AN trojan
C:\Users\Terence\Downloads\Program Install Files\DTLite4454-0315.exe Win32/OpenCandy application
C:\Users\Terence\Downloads\Program Install Files\IZArcInstall.exe a variant of Win32/Somoto.A application

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:56 AM

Posted 24 November 2012 - 10:02 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Documents and Settings\Terence\Downloads\Program Install Files\DTLite4454-0315.exe"
    del /f /s /q "C:\Documents and Settings\Terence\Downloads\Program Install Files\IZArcInstall.exe"
    del /f /s /q "C:\TDSSKiller_Quarantine\"
    del /f /s /q "C:\Users\Terence\Downloads\Program Install Files\DTLite4454-0315.exe"
    del /f /s /q "C:\Users\Terence\Downloads\Program Install Files\IZArcInstall.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users