Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent.Gen + PUP.Bitcoinminer keep returning


  • This topic is locked This topic is locked
13 replies to this topic

#1 ajm133

ajm133

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 09 August 2013 - 04:44 PM

Hi,

 

I've attempt to remove/quarantine these things through MBAM but they keep coming back. MBAM logs attached.

 

Many thanks in advance for your help.

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:52 PM

Posted 09 August 2013 - 05:06 PM

Hello and welcome to Bleeping Computer,

Please run the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 ajm133

ajm133
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 10 August 2013 - 08:13 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2013
Ran by ajmc (administrator) on 10-08-2013 14:10:43
Running from C:\Users\ajmc\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\ajmc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ajmc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ajmc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ajmc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ajmc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ajmc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ajmc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ajmc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ajmc\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2179688 2011-06-16] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2011-06-15] (Alps Electric Co., Ltd.)
HKCU\...\Run: [Google Update] - C:\Users\ajmc\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-17] (Google Inc.)
MountPoints2: {37ebabea-4c2c-11e2-b835-f0bf97dda48a} - E:\Setup.exe
MountPoints2: {3ca6ade5-a34a-11e2-8394-f0bf97dda48a} - E:\Install.exe
MountPoints2: {6c4dcbe5-8eec-11e2-8164-f0bf97dda48a} - E:\autorun.exe
MountPoints2: {b293b3f3-978e-11e1-bfe4-f0bf97dda48a} - E:\Autorun.exe
MountPoints2: {d3f31d72-3df6-11e1-bd3f-f0bf97dda48a} - E:\Autorun.exe
MountPoints2: {eee24af7-386b-11e2-82a4-88532e6ad42e} - E:\setup\rsrc\Autorun.exe
MountPoints2: {eee24af8-386b-11e2-82a4-88532e6ad42e} - F:\setup\rsrc\Autorun.exe
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2801288 2011-05-31] (Sony Corporation)
HKLM-x32\...\Run: [Adobe] - C:\Users\ajmc\AppData\Roaming\Adobe\color.vbe [168751 2013-07-24] ()
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://sony.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://sony.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 - {01bd49d7-c76b-4310-8beb-14d7e5f322c6} URL = http://searchy.easylifeapp.com/?q={searchTerms}&pid=1153&src=ie2&r=2013/08/09&hid=3211626487&lg=EN&cc=GB
SearchScopes: HKCU - DefaultScope {01bd49d7-c76b-4310-8beb-14d7e5f322c6} URL = http://searchy.easylifeapp.com/?q={searchTerms}&pid=1153&src=ie2&r=2013/08/09&hid=3211626487&lg=EN&cc=GB
SearchScopes: HKCU - {B549A936-B30E-4900-87FC-BD812096B44A} URL = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://searchy.easylifeapp.com/?pid=1153&src=ch1&r=2013/08/09&hid=3211626487&lg=EN&cc=GB
CHR RestoreOnStartup: "hxxp://searchy.easylifeapp.com/?pid=1153&src=ch1&r=2013/08/09&hid=3211626487&lg=EN&cc=GB"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\ajmc\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\ajmc\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\ajmc\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Users\ajmc\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (SearchNewTab) - C:\Users\ajmc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbombciigmgbadnpmfghbhlmhbeoeogp\1.0
CHR Extension: (savenshare  ) - C:\Users\ajmc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocjjidahcihkakddgjpajpeiokolbpd\5.10
CHR Extension: (Adblock Plus) - C:\Users\ajmc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.3_0
CHR StartMenuInternet: Google Chrome - C:\Users\ajmc\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 uCamMonitor; 
 
==================== Drivers (Whitelisted) ====================
 
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11523072 2012-09-27] (Intel Corporation)
S3 s117bus; C:\Windows\System32\DRIVERS\s117bus.sys [108072 2007-06-25] (MCCI Corporation)
S3 s117mdfl; C:\Windows\System32\DRIVERS\s117mdfl.sys [19496 2007-06-25] (MCCI Corporation)
S3 s117mdm; C:\Windows\System32\DRIVERS\s117mdm.sys [144424 2007-06-25] (MCCI Corporation)
S3 s117mgmt; C:\Windows\System32\DRIVERS\s117mgmt.sys [125992 2007-06-25] (MCCI Corporation)
S3 s117nd5; C:\Windows\System32\DRIVERS\s117nd5.sys [31272 2007-06-25] (MCCI Corporation)
S3 s117obex; C:\Windows\System32\DRIVERS\s117obex.sys [123432 2007-06-25] (MCCI Corporation)
S3 s117unic; C:\Windows\System32\DRIVERS\s117unic.sys [130088 2007-06-25] (MCCI Corporation)
S3 btmaux; system32\DRIVERS\btmaux.sys [x]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-08-10 14:10 - 2013-08-10 14:10 - 00000000 ____D C:\FRST
2013-08-09 22:47 - 2013-08-09 22:47 - 00000000 ____D C:\Users\ajmc\Downloads\backups
2013-08-09 22:37 - 2013-08-09 22:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\ajmc\Downloads\HijackThis.exe
2013-08-09 22:11 - 2013-08-09 22:21 - 00000000 ____D C:\ProgramData\SearchNewTab
2013-08-09 22:11 - 2013-08-09 22:21 - 00000000 ____D C:\ProgramData\savenshare
2013-08-09 22:11 - 2013-08-09 22:11 - 00000000 ____D C:\ProgramData\StarApp
2013-08-09 22:11 - 2013-08-09 22:11 - 00000000 ____D C:\Program Files (x86)\SaveShare
2013-08-09 22:11 - 2013-08-09 22:11 - 00000000 ____D C:\Program Files (x86)\EasyLife
2013-08-09 22:10 - 2013-08-09 22:13 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-09 22:07 - 2013-08-09 22:08 - 12400098 _____ C:\Users\ajmc\Downloads\Dark Summit The True Story of Everests Most Controversial Seas PDF.zip
2013-08-08 18:14 - 2013-08-08 18:14 - 00002200 _____ C:\Users\ajmc\Downloads\[kickass.to]sydney.moon.animated.xxx.gifs.torrent
2013-08-08 17:18 - 2013-08-08 17:18 - 00001867 _____ C:\Users\ajmc\Downloads\Sydney Moon Animated XXX .Gifs [h33t].torrent
2013-08-06 20:22 - 2013-08-06 20:22 - 00318776 _____ (Playtech) C:\Users\ajmc\Downloads\SetupPoker_a18b0b (2).exe
2013-08-05 21:37 - 2013-08-09 11:25 - 00000417 _____ C:\Users\ajmc\Desktop\no.txt
2013-08-04 21:02 - 2013-08-04 21:03 - 00318776 _____ (Playtech) C:\Users\ajmc\Downloads\SetupPoker_a18b0b (1).exe
2013-08-04 20:51 - 2013-08-04 20:51 - 00427904 _____ (Playtech) C:\Users\ajmc\Downloads\SetupCasino_bbcd19.exe
2013-08-04 20:51 - 2013-08-04 20:51 - 00000000 ____D C:\Casino
2013-08-03 17:16 - 2013-08-03 17:16 - 00113523 _____ C:\Users\ajmc\Downloads\[proxykat.net]this.is.the.end.2013.ts.xvid.26k.torrent
2013-08-02 20:25 - 2013-08-02 20:25 - 00000000 ____D C:\Poker
2013-08-02 20:24 - 2013-08-02 20:24 - 00318776 _____ (Playtech) C:\Users\ajmc\Downloads\SetupPoker_a18b0b.exe
2013-07-31 12:55 - 2013-07-31 12:55 - 01669632 _____ C:\Users\ajmc\Downloads\SteamInstall (2).msi
2013-07-29 14:29 - 2013-07-29 14:29 - 01669632 _____ C:\Users\ajmc\Downloads\SteamInstall (1).msi
2013-07-28 19:43 - 2013-07-28 19:48 - 00000000 ____D C:\Users\ajmc\AppData\Roaming\livestreamer
2013-07-28 19:42 - 2013-07-28 19:42 - 04402541 _____ C:\Users\ajmc\Downloads\livestreamer-1.5-2-win32-setup.exe
2013-07-26 12:50 - 2013-07-26 12:50 - 01669632 _____ C:\Users\ajmc\Downloads\SteamInstall.msi
2013-07-24 12:50 - 2013-07-24 12:54 - 00000000 ____D C:\Users\ajmc\Desktop\KuhgqmyAwPMC
2013-07-24 12:49 - 2013-07-24 12:49 - 00149504 _____ C:\Users\ajmc\Downloads\Google Books Downloader Lite.exe
2013-07-24 11:00 - 2013-07-24 11:00 - 00168751 _____ C:\Windows\tmp023423.vbe
2013-07-23 10:46 - 2013-07-23 10:46 - 00000123 _____ C:\Users\ajmc\Downloads\powerpartials.wvx
2013-07-20 19:00 - 2013-07-20 19:00 - 00014904 _____ C:\Users\ajmc\Downloads\[proxykat.net]fast.and.furious.6.2013.webrip.xvid.etrg.torrent
2013-07-18 17:33 - 2013-07-18 17:33 - 00020161 _____ C:\Users\ajmc\Downloads\[isoHunt] PBS - Frontline - Storm Over Everest.avi (1).torrent
2013-07-18 17:31 - 2013-07-18 17:31 - 00020161 _____ C:\Users\ajmc\Downloads\[isoHunt] PBS - Frontline - Storm Over Everest.avi.torrent
2013-07-18 17:28 - 2013-07-18 17:28 - 00030230 _____ C:\Users\ajmc\Downloads\[isoHunt] IMAX  Everest Xvid-AC3.torrent
2013-07-18 16:28 - 2013-07-18 16:28 - 05276296 _____ (http://www.goforfiles.com/) C:\Users\ajmc\Downloads\dark_summit_by_nick_heil.pdf_downloader_gb_99322.exe
2013-07-18 14:00 - 2013-07-18 14:00 - 00968832 _____ C:\Users\ajmc\Downloads\Dark Summit The True Story of Everests Most Controversial Seas PDF.exe
2013-07-16 00:01 - 2013-07-16 00:01 - 00000171 _____ C:\Users\ajmc\Downloads\3679.wmv
 
==================== One Month Modified Files and Folders =======
 
2013-08-10 14:10 - 2013-08-10 14:10 - 01790633 _____ (Farbar) C:\Users\ajmc\Downloads\FRST64.exe
2013-08-10 14:10 - 2013-08-10 14:10 - 00000000 ____D C:\FRST
2013-08-10 13:47 - 2013-01-06 22:21 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-373358491-3787122275-2452673252-1000UA.job
2013-08-10 10:07 - 2009-07-14 05:45 - 00021200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-10 10:07 - 2009-07-14 05:45 - 00021200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-10 10:06 - 2009-07-14 06:13 - 00004958 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-10 10:00 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-10 10:00 - 2009-07-14 05:51 - 00168132 _____ C:\Windows\setupact.log
2013-08-09 22:47 - 2013-08-09 22:47 - 00000000 ____D C:\Users\ajmc\Downloads\backups
2013-08-09 22:37 - 2013-08-09 22:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\ajmc\Downloads\HijackThis.exe
2013-08-09 22:36 - 2010-11-21 04:47 - 00036476 _____ C:\Windows\PFRO.log
2013-08-09 22:21 - 2013-08-09 22:11 - 00000000 ____D C:\ProgramData\SearchNewTab
2013-08-09 22:21 - 2013-08-09 22:11 - 00000000 ____D C:\ProgramData\savenshare
2013-08-09 22:13 - 2013-08-09 22:10 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-09 22:11 - 2013-08-09 22:11 - 00000000 ____D C:\ProgramData\StarApp
2013-08-09 22:11 - 2013-08-09 22:11 - 00000000 ____D C:\Program Files (x86)\SaveShare
2013-08-09 22:11 - 2013-08-09 22:11 - 00000000 ____D C:\Program Files (x86)\EasyLife
2013-08-09 22:08 - 2013-08-09 22:07 - 12400098 _____ C:\Users\ajmc\Downloads\Dark Summit The True Story of Everests Most Controversial Seas PDF.zip
2013-08-09 11:25 - 2013-08-05 21:37 - 00000417 _____ C:\Users\ajmc\Desktop\no.txt
2013-08-08 21:20 - 2012-08-31 19:46 - 00000000 ____D C:\Users\ajmc\AppData\Roaming\uTorrent
2013-08-08 18:14 - 2013-08-08 18:14 - 00002200 _____ C:\Users\ajmc\Downloads\[kickass.to]sydney.moon.animated.xxx.gifs.torrent
2013-08-08 17:18 - 2013-08-08 17:18 - 00001867 _____ C:\Users\ajmc\Downloads\Sydney Moon Animated XXX .Gifs [h33t].torrent
2013-08-07 14:23 - 2013-06-24 22:04 - 00000348 _____ C:\Users\ajmc\Desktop\vague.txt
2013-08-07 00:47 - 2013-01-06 22:21 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-373358491-3787122275-2452673252-1000Core.job
2013-08-06 20:22 - 2013-08-06 20:22 - 00318776 _____ (Playtech) C:\Users\ajmc\Downloads\SetupPoker_a18b0b (2).exe
2013-08-04 21:03 - 2013-08-04 21:02 - 00318776 _____ (Playtech) C:\Users\ajmc\Downloads\SetupPoker_a18b0b (1).exe
2013-08-04 20:51 - 2013-08-04 20:51 - 00427904 _____ (Playtech) C:\Users\ajmc\Downloads\SetupCasino_bbcd19.exe
2013-08-04 20:51 - 2013-08-04 20:51 - 00000000 ____D C:\Casino
2013-08-03 17:16 - 2013-08-03 17:16 - 00113523 _____ C:\Users\ajmc\Downloads\[proxykat.net]this.is.the.end.2013.ts.xvid.26k.torrent
2013-08-02 20:25 - 2013-08-02 20:25 - 00000000 ____D C:\Poker
2013-08-02 20:24 - 2013-08-02 20:24 - 00318776 _____ (Playtech) C:\Users\ajmc\Downloads\SetupPoker_a18b0b.exe
2013-08-01 00:36 - 2011-11-08 15:13 - 01470456 _____ C:\Windows\WindowsUpdate.log
2013-07-31 14:50 - 2011-11-17 21:19 - 00000000 ____D C:\Windows\SysWOW64\xlive
2013-07-31 14:50 - 2011-11-08 15:47 - 00172020 _____ C:\Windows\DirectX.log
2013-07-31 12:55 - 2013-07-31 12:55 - 01669632 _____ C:\Users\ajmc\Downloads\SteamInstall (2).msi
2013-07-30 14:18 - 2011-12-11 19:44 - 00000000 ____D C:\Users\ajmc\Documents\resume
2013-07-29 14:31 - 2013-06-21 17:30 - 00000000 ____D C:\Program Files (x86)\dumps
2013-07-29 14:29 - 2013-07-29 14:29 - 01669632 _____ C:\Users\ajmc\Downloads\SteamInstall (1).msi
2013-07-28 19:50 - 2013-04-08 13:11 - 00000000 ____D C:\Users\ajmc\AppData\Roaming\vlc
2013-07-28 19:48 - 2013-07-28 19:43 - 00000000 ____D C:\Users\ajmc\AppData\Roaming\livestreamer
2013-07-28 19:42 - 2013-07-28 19:42 - 04402541 _____ C:\Users\ajmc\Downloads\livestreamer-1.5-2-win32-setup.exe
2013-07-26 14:01 - 2013-03-18 17:41 - 00000085 _____ C:\Users\ajmc\Documents\TXCUserDictionary.dic
2013-07-26 12:50 - 2013-07-26 12:50 - 01669632 _____ C:\Users\ajmc\Downloads\SteamInstall.msi
2013-07-24 12:54 - 2013-07-24 12:50 - 00000000 ____D C:\Users\ajmc\Desktop\KuhgqmyAwPMC
2013-07-24 12:49 - 2013-07-24 12:49 - 00149504 _____ C:\Users\ajmc\Downloads\Google Books Downloader Lite.exe
2013-07-24 11:00 - 2013-07-24 11:00 - 00168751 _____ C:\Windows\tmp023423.vbe
2013-07-23 10:46 - 2013-07-23 10:46 - 00000123 _____ C:\Users\ajmc\Downloads\powerpartials.wvx
2013-07-20 19:00 - 2013-07-20 19:00 - 00014904 _____ C:\Users\ajmc\Downloads\[proxykat.net]fast.and.furious.6.2013.webrip.xvid.etrg.torrent
2013-07-18 17:33 - 2013-07-18 17:33 - 00020161 _____ C:\Users\ajmc\Downloads\[isoHunt] PBS - Frontline - Storm Over Everest.avi (1).torrent
2013-07-18 17:31 - 2013-07-18 17:31 - 00020161 _____ C:\Users\ajmc\Downloads\[isoHunt] PBS - Frontline - Storm Over Everest.avi.torrent
2013-07-18 17:28 - 2013-07-18 17:28 - 00030230 _____ C:\Users\ajmc\Downloads\[isoHunt] IMAX  Everest Xvid-AC3.torrent
2013-07-18 16:28 - 2013-07-18 16:28 - 05276296 _____ (http://www.goforfiles.com/) C:\Users\ajmc\Downloads\dark_summit_by_nick_heil.pdf_downloader_gb_99322.exe
2013-07-18 14:00 - 2013-07-18 14:00 - 00968832 _____ C:\Users\ajmc\Downloads\Dark Summit The True Story of Everests Most Controversial Seas PDF.exe
2013-07-16 00:01 - 2013-07-16 00:01 - 00000171 _____ C:\Users\ajmc\Downloads\3679.wmv
2013-07-13 00:42 - 2013-01-06 22:21 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-373358491-3787122275-2452673252-1000UA
2013-07-13 00:42 - 2013-01-06 22:21 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-373358491-3787122275-2452673252-1000Core
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-08-02 23:48
 
==================== End Of Log ============================

 

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:52 PM

Posted 10 August 2013 - 11:53 AM

Please run the following:
 
Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:
     
    Link
     
    * IMPORTANT !!! Place ComboFix.exe on your  Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply
     
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

     
    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.
     
    ---------------------------------------------------------------------------------------------
NOTE:  If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
 
NEXT
 
Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 ajm133

ajm133
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 11 August 2013 - 06:28 AM

ComboFix 13-08-11.01 - ajmc 11/08/2013  12:18:58.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8108.6971 [GMT 1:00]
Running from: c:\users\ajmc\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Roaming
c:\programdata\SearchNewTab
c:\programdata\SearchNewTab\settings.ini
c:\programdata\SearchNewTab\TrkmPxi.tlb
c:\windows\RegGenieOnUninstall.exe
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-11 to 2013-08-11  )))))))))))))))))))))))))))))))
.
.
2013-08-10 13:10 . 2013-08-10 13:10 -------- d-----w- C:\FRST
2013-08-09 21:11 . 2013-08-09 21:11 -------- d-----w- c:\programdata\StarApp
2013-08-09 21:11 . 2013-08-09 21:11 -------- d-----w- c:\program files (x86)\EasyLife
2013-08-09 21:11 . 2013-08-09 21:11 -------- d-----w- c:\program files (x86)\SaveShare
2013-08-09 21:11 . 2013-08-09 21:21 -------- d-----w- c:\programdata\savenshare
2013-08-09 21:10 . 2013-08-09 21:13 -------- d-----w- c:\programdata\InstallMate
2013-08-04 19:51 . 2013-08-04 19:51 -------- d-----w- C:\Casino
2013-08-02 19:25 . 2013-08-02 19:25 -------- d-----w- C:\Poker
2013-07-28 18:43 . 2013-07-28 18:48 -------- d-----w- c:\users\ajmc\AppData\Roaming\livestreamer
2013-07-24 10:00 . 2013-07-24 10:00 168751 ----a-w- c:\windows\tmp023423.vbe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-05-31 2801288]
"Adobe"="c:\users\ajmc\AppData\Roaming\Adobe\color.vbe" [2013-07-24 168751]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 uCamMonitor;CamMonitor; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-373358491-3787122275-2452673252-1000Core.job
- c:\users\ajmc\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17 19:15]
.
2013-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-373358491-3787122275-2452673252-1000UA.job
- c:\users\ajmc\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17 19:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-16 11490408]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-16 2179688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\SYSTEM32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-SolutoService
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Sony\VAIO Control Center\VESMgr.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
.
**************************************************************************
.
Completion time: 2013-08-11  12:24:24 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-11 11:24
.
Pre-Run: 96,450,002,944 bytes free
Post-Run: 97,936,384,000 bytes free
.
- - End Of File - - 137AA355BC9D3DD23B2E4114F67273EA
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================

 

 

 

 

12:25:39.0770 1552  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:25:39.0949 1552  ============================================================
12:25:39.0950 1552  Current date / time: 2013/08/11 12:25:39.0949
12:25:39.0950 1552  SystemInfo:
12:25:39.0950 1552  
12:25:39.0950 1552  OS Version: 6.1.7601 ServicePack: 1.0
12:25:39.0950 1552  Product type: Workstation
12:25:39.0950 1552  ComputerName: AJMC-VAIO
12:25:39.0950 1552  UserName: ajmc
12:25:39.0950 1552  Windows directory: C:\Windows
12:25:39.0950 1552  System windows directory: C:\Windows
12:25:39.0951 1552  Running under WOW64
12:25:39.0951 1552  Processor architecture: Intel x64
12:25:39.0951 1552  Number of processors: 4
12:25:39.0951 1552  Page size: 0x1000
12:25:39.0951 1552  Boot type: Normal boot
12:25:39.0951 1552  ============================================================
12:25:40.0197 1552  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:25:40.0200 1552  ============================================================
12:25:40.0200 1552  \Device\Harddisk0\DR0:
12:25:40.0200 1552  MBR partitions:
12:25:40.0200 1552  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:25:40.0200 1552  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32FD0, BlocksNum 0xEE48AE0
12:25:40.0200 1552  ============================================================
12:25:40.0202 1552  C: <-> \Device\Harddisk0\DR0\Partition2
12:25:40.0202 1552  ============================================================
12:25:40.0202 1552  Initialize success
12:25:40.0202 1552  ============================================================
12:26:01.0512 3560  ============================================================
12:26:01.0512 3560  Scan started
12:26:01.0512 3560  Mode: Manual; TDLFS; 
12:26:01.0512 3560  ============================================================
12:26:01.0609 3560  ================ Scan system memory ========================
12:26:01.0609 3560  System memory - ok
12:26:01.0609 3560  ================ Scan services =============================
12:26:01.0650 3560  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:26:01.0653 3560  1394ohci - ok
12:26:01.0661 3560  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:26:01.0664 3560  ACPI - ok
12:26:01.0668 3560  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:26:01.0669 3560  AcpiPmi - ok
12:26:01.0678 3560  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:26:01.0685 3560  adp94xx - ok
12:26:01.0692 3560  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:26:01.0696 3560  adpahci - ok
12:26:01.0701 3560  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:26:01.0703 3560  adpu320 - ok
12:26:01.0709 3560  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:26:01.0711 3560  AeLookupSvc - ok
12:26:01.0719 3560  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
12:26:01.0725 3560  AFD - ok
12:26:01.0730 3560  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:26:01.0731 3560  agp440 - ok
12:26:01.0736 3560  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
12:26:01.0738 3560  ALG - ok
12:26:01.0741 3560  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:26:01.0741 3560  aliide - ok
12:26:01.0747 3560  [ 87E226C0E11182943D28E8BEC61618CD ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:26:01.0750 3560  AMD External Events Utility - ok
12:26:01.0753 3560  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
12:26:01.0754 3560  amdide - ok
12:26:01.0757 3560  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:26:01.0759 3560  AmdK8 - ok
12:26:01.0884 3560  [ 446A1AAD34191665A8DF6092BD8EB5A8 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:26:02.0004 3560  amdkmdag - ok
12:26:02.0013 3560  [ F8F8A908FDB005A65DDF7238C814EEA5 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:26:02.0015 3560  amdkmdap - ok
12:26:02.0019 3560  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
12:26:02.0020 3560  AmdPPM - ok
12:26:02.0024 3560  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:26:02.0026 3560  amdsata - ok
12:26:02.0032 3560  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:26:02.0034 3560  amdsbs - ok
12:26:02.0038 3560  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:26:02.0038 3560  amdxata - ok
12:26:02.0044 3560  [ 6D5225F0DD9EB4937A10BA05235FA6F1 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
12:26:02.0046 3560  AMPPAL - ok
12:26:02.0051 3560  [ 6D5225F0DD9EB4937A10BA05235FA6F1 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
12:26:02.0052 3560  AMPPALP - ok
12:26:02.0063 3560  [ 75130C273367F6AEA472BA34F1D43B45 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
12:26:02.0070 3560  AMPPALR3 - ok
12:26:02.0077 3560  [ 9DC1A45BA81C923DB68A162B0F0D0149 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
12:26:02.0079 3560  ApfiltrService - ok
12:26:02.0083 3560  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
12:26:02.0084 3560  AppID - ok
12:26:02.0087 3560  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:26:02.0088 3560  AppIDSvc - ok
12:26:02.0092 3560  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
12:26:02.0093 3560  Appinfo - ok
12:26:02.0101 3560  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
12:26:02.0102 3560  arc - ok
12:26:02.0107 3560  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:26:02.0108 3560  arcsas - ok
12:26:02.0112 3560  [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
12:26:02.0113 3560  ArcSoftKsUFilter - ok
12:26:02.0116 3560  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:26:02.0116 3560  AsyncMac - ok
12:26:02.0120 3560  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
12:26:02.0120 3560  atapi - ok
12:26:02.0138 3560  [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
12:26:02.0152 3560  athr - ok
12:26:02.0165 3560  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:26:02.0172 3560  AudioEndpointBuilder - ok
12:26:02.0181 3560  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:26:02.0185 3560  AudioSrv - ok
12:26:02.0190 3560  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:26:02.0191 3560  AxInstSV - ok
12:26:02.0199 3560  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:26:02.0205 3560  b06bdrv - ok
12:26:02.0211 3560  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:26:02.0214 3560  b57nd60a - ok
12:26:02.0223 3560  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:26:02.0224 3560  BDESVC - ok
12:26:02.0228 3560  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:26:02.0229 3560  Beep - ok
12:26:02.0239 3560  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
12:26:02.0247 3560  BFE - ok
12:26:02.0260 3560  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
12:26:02.0266 3560  BITS - ok
12:26:02.0270 3560  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:26:02.0271 3560  blbdrive - ok
12:26:02.0275 3560  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:26:02.0276 3560  bowser - ok
12:26:02.0280 3560  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:26:02.0281 3560  BrFiltLo - ok
12:26:02.0284 3560  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:26:02.0285 3560  BrFiltUp - ok
12:26:02.0289 3560  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
12:26:02.0291 3560  BridgeMP - ok
12:26:02.0296 3560  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
12:26:02.0297 3560  Browser - ok
12:26:02.0303 3560  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:26:02.0307 3560  Brserid - ok
12:26:02.0310 3560  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:26:02.0311 3560  BrSerWdm - ok
12:26:02.0315 3560  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:26:02.0316 3560  BrUsbMdm - ok
12:26:02.0319 3560  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:26:02.0320 3560  BrUsbSer - ok
12:26:02.0323 3560  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
12:26:02.0324 3560  BthEnum - ok
12:26:02.0328 3560  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:26:02.0329 3560  BTHMODEM - ok
12:26:02.0334 3560  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:26:02.0335 3560  BthPan - ok
12:26:02.0344 3560  [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
12:26:02.0350 3560  BTHPORT - ok
12:26:02.0354 3560  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
12:26:02.0355 3560  bthserv - ok
12:26:02.0360 3560  [ 68389D0AA570BD089FDF7802ABBC0B8C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
12:26:02.0361 3560  BTHSSecurityMgr - ok
12:26:02.0366 3560  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
12:26:02.0367 3560  BTHUSB - ok
12:26:02.0370 3560  btmaux - ok
12:26:02.0377 3560  [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
12:26:02.0381 3560  btmhsf - ok
12:26:02.0383 3560  catchme - ok
12:26:02.0388 3560  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:26:02.0390 3560  cdfs - ok
12:26:02.0394 3560  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:26:02.0396 3560  cdrom - ok
12:26:02.0400 3560  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:26:02.0402 3560  CertPropSvc - ok
12:26:02.0405 3560  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
12:26:02.0406 3560  circlass - ok
12:26:02.0414 3560  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
12:26:02.0419 3560  CLFS - ok
12:26:02.0428 3560  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:26:02.0430 3560  clr_optimization_v2.0.50727_32 - ok
12:26:02.0437 3560  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:26:02.0439 3560  clr_optimization_v2.0.50727_64 - ok
12:26:02.0442 3560  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:26:02.0443 3560  CmBatt - ok
12:26:02.0446 3560  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:26:02.0447 3560  cmdide - ok
12:26:02.0456 3560  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
12:26:02.0461 3560  CNG - ok
12:26:02.0464 3560  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:26:02.0465 3560  Compbatt - ok
12:26:02.0468 3560  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:26:02.0469 3560  CompositeBus - ok
12:26:02.0473 3560  COMSysApp - ok
12:26:02.0476 3560  cpuz135 - ok
12:26:02.0481 3560  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:26:02.0482 3560  crcdisk - ok
12:26:02.0488 3560  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:26:02.0490 3560  CryptSvc - ok
12:26:02.0500 3560  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:26:02.0504 3560  DcomLaunch - ok
12:26:02.0510 3560  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
12:26:02.0513 3560  defragsvc - ok
12:26:02.0518 3560  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:26:02.0519 3560  DfsC - ok
12:26:02.0524 3560  [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
12:26:02.0526 3560  dg_ssudbus - ok
12:26:02.0533 3560  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:26:02.0537 3560  Dhcp - ok
12:26:02.0541 3560  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
12:26:02.0542 3560  discache - ok
12:26:02.0546 3560  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
12:26:02.0547 3560  Disk - ok
12:26:02.0553 3560  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:26:02.0555 3560  Dnscache - ok
12:26:02.0562 3560  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:26:02.0565 3560  dot3svc - ok
12:26:02.0573 3560  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
12:26:02.0575 3560  DPS - ok
12:26:02.0578 3560  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:26:02.0579 3560  drmkaud - ok
12:26:02.0592 3560  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:26:02.0598 3560  DXGKrnl - ok
12:26:02.0604 3560  [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress      C:\Windows\system32\DRIVERS\e1y60x64.sys
12:26:02.0607 3560  e1yexpress - ok
12:26:02.0612 3560  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
12:26:02.0613 3560  EapHost - ok
12:26:02.0649 3560  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:26:02.0681 3560  ebdrv - ok
12:26:02.0685 3560  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
12:26:02.0686 3560  EFS - ok
12:26:02.0695 3560  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:26:02.0701 3560  elxstor - ok
12:26:02.0704 3560  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:26:02.0705 3560  ErrDev - ok
12:26:02.0715 3560  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
12:26:02.0718 3560  EventSystem - ok
12:26:02.0723 3560  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
12:26:02.0726 3560  exfat - ok
12:26:02.0731 3560  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:26:02.0734 3560  fastfat - ok
12:26:02.0737 3560  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
12:26:02.0738 3560  fdc - ok
12:26:02.0743 3560  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:26:02.0744 3560  fdPHost - ok
12:26:02.0750 3560  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:26:02.0752 3560  FDResPub - ok
12:26:02.0756 3560  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:26:02.0757 3560  FileInfo - ok
12:26:02.0760 3560  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:26:02.0761 3560  Filetrace - ok
12:26:02.0765 3560  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:26:02.0766 3560  flpydisk - ok
12:26:02.0772 3560  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:26:02.0775 3560  FltMgr - ok
12:26:02.0792 3560  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
12:26:02.0806 3560  FontCache - ok
12:26:02.0810 3560  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:26:02.0811 3560  FontCache3.0.0.0 - ok
12:26:02.0816 3560  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:26:02.0817 3560  FsDepends - ok
12:26:02.0821 3560  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:26:02.0821 3560  Fs_Rec - ok
12:26:02.0827 3560  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:26:02.0829 3560  fvevol - ok
12:26:02.0833 3560  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:26:02.0835 3560  gagp30kx - ok
12:26:02.0848 3560  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
12:26:02.0858 3560  gpsvc - ok
12:26:02.0863 3560  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:26:02.0864 3560  hcw85cir - ok
12:26:02.0871 3560  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:26:02.0875 3560  HdAudAddService - ok
12:26:02.0879 3560  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:26:02.0880 3560  HDAudBus - ok
12:26:02.0884 3560  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:26:02.0885 3560  HidBatt - ok
12:26:02.0889 3560  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:26:02.0890 3560  HidBth - ok
12:26:02.0894 3560  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:26:02.0895 3560  HidIr - ok
12:26:02.0899 3560  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
12:26:02.0900 3560  hidserv - ok
12:26:02.0904 3560  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:26:02.0905 3560  HidUsb - ok
12:26:02.0909 3560  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:26:02.0911 3560  hkmsvc - ok
12:26:02.0917 3560  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:26:02.0921 3560  HomeGroupListener - ok
12:26:02.0926 3560  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:26:02.0929 3560  HomeGroupProvider - ok
12:26:02.0933 3560  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:26:02.0934 3560  HpSAMD - ok
12:26:02.0944 3560  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:26:02.0952 3560  HTTP - ok
12:26:02.0955 3560  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:26:02.0955 3560  hwpolicy - ok
12:26:02.0960 3560  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:26:02.0961 3560  i8042prt - ok
12:26:02.0970 3560  [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor          C:\Windows\system32\drivers\iaStor.sys
12:26:02.0976 3560  iaStor - ok
12:26:02.0984 3560  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:26:02.0989 3560  iaStorV - ok
12:26:02.0993 3560  [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
12:26:02.0994 3560  iBtFltCoex - ok
12:26:03.0022 3560  [ 3A0FF117B4ADC5ABE4D968E26A337158 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
12:26:03.0045 3560  IconMan_R - ok
12:26:03.0058 3560  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:26:03.0067 3560  idsvc - ok
12:26:03.0071 3560  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:26:03.0072 3560  iirsp - ok
12:26:03.0084 3560  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
12:26:03.0093 3560  IKEEXT - ok
12:26:03.0099 3560  [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
12:26:03.0100 3560  intaud_WaveExtensible - ok
12:26:03.0131 3560  [ CDB772F707AC24B43A20C821852CA61F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:26:03.0144 3560  IntcAzAudAddService - ok
12:26:03.0152 3560  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
12:26:03.0155 3560  IntcDAud - ok
12:26:03.0159 3560  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
12:26:03.0159 3560  intelide - ok
12:26:03.0320 3560  [ 33FAA40B288002C89529DBD14F3AB72C ] intelkmd        C:\Windows\system32\DRIVERS\igdpmd64.sys
12:26:03.0465 3560  intelkmd - ok
12:26:03.0471 3560  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:26:03.0471 3560  intelppm - ok
12:26:03.0476 3560  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:26:03.0477 3560  IPBusEnum - ok
12:26:03.0481 3560  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:26:03.0483 3560  IpFilterDriver - ok
12:26:03.0492 3560  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:26:03.0499 3560  iphlpsvc - ok
12:26:03.0503 3560  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:26:03.0504 3560  IPMIDRV - ok
12:26:03.0509 3560  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:26:03.0511 3560  IPNAT - ok
12:26:03.0515 3560  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:26:03.0516 3560  IRENUM - ok
12:26:03.0519 3560  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:26:03.0520 3560  isapnp - ok
12:26:03.0528 3560  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:26:03.0531 3560  iScsiPrt - ok
12:26:03.0535 3560  [ 716F66336F10885D935B08174DC54242 ] iwdbus          C:\Windows\system32\DRIVERS\iwdbus.sys
12:26:03.0535 3560  iwdbus - ok
12:26:03.0539 3560  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:26:03.0540 3560  kbdclass - ok
12:26:03.0543 3560  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
12:26:03.0544 3560  kbdhid - ok
12:26:03.0547 3560  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
12:26:03.0549 3560  KeyIso - ok
12:26:03.0553 3560  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:26:03.0554 3560  KSecDD - ok
12:26:03.0559 3560  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:26:03.0561 3560  KSecPkg - ok
12:26:03.0564 3560  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:26:03.0565 3560  ksthunk - ok
12:26:03.0572 3560  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:26:03.0577 3560  KtmRm - ok
12:26:03.0583 3560  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:26:03.0587 3560  LanmanServer - ok
12:26:03.0591 3560  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:26:03.0594 3560  LanmanWorkstation - ok
12:26:03.0599 3560  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:26:03.0600 3560  lltdio - ok
12:26:03.0606 3560  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:26:03.0610 3560  lltdsvc - ok
12:26:03.0613 3560  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:26:03.0614 3560  lmhosts - ok
12:26:03.0621 3560  [ F4A17DCAB576267C85663E64F3ACE5A4 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:26:03.0625 3560  LMS - ok
12:26:03.0632 3560  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:26:03.0634 3560  LSI_FC - ok
12:26:03.0639 3560  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:26:03.0640 3560  LSI_SAS - ok
12:26:03.0644 3560  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:26:03.0646 3560  LSI_SAS2 - ok
12:26:03.0650 3560  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:26:03.0652 3560  LSI_SCSI - ok
12:26:03.0656 3560  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
12:26:03.0658 3560  luafv - ok
12:26:03.0661 3560  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:26:03.0662 3560  MBAMProtector - ok
12:26:03.0670 3560  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:26:03.0674 3560  MBAMScheduler - ok
12:26:03.0684 3560  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:26:03.0691 3560  MBAMService - ok
12:26:03.0695 3560  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:26:03.0696 3560  megasas - ok
12:26:03.0702 3560  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:26:03.0706 3560  MegaSR - ok
12:26:03.0710 3560  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
12:26:03.0710 3560  MEIx64 - ok
12:26:03.0714 3560  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
12:26:03.0716 3560  MMCSS - ok
12:26:03.0720 3560  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
12:26:03.0721 3560  Modem - ok
12:26:03.0724 3560  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:26:03.0725 3560  monitor - ok
12:26:03.0729 3560  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:26:03.0729 3560  mouclass - ok
12:26:03.0733 3560  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:26:03.0734 3560  mouhid - ok
12:26:03.0738 3560  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:26:03.0740 3560  mountmgr - ok
12:26:03.0745 3560  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:26:03.0747 3560  mpio - ok
12:26:03.0751 3560  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:26:03.0752 3560  mpsdrv - ok
12:26:03.0764 3560  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:26:03.0773 3560  MpsSvc - ok
12:26:03.0778 3560  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:26:03.0780 3560  MRxDAV - ok
12:26:03.0785 3560  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:26:03.0787 3560  mrxsmb - ok
12:26:03.0793 3560  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:26:03.0796 3560  mrxsmb10 - ok
12:26:03.0803 3560  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:26:03.0805 3560  mrxsmb20 - ok
12:26:03.0809 3560  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
12:26:03.0810 3560  msahci - ok
12:26:03.0814 3560  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:26:03.0816 3560  msdsm - ok
12:26:03.0821 3560  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
12:26:03.0823 3560  MSDTC - ok
12:26:03.0828 3560  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:26:03.0829 3560  Msfs - ok
12:26:03.0833 3560  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:26:03.0833 3560  mshidkmdf - ok
12:26:03.0837 3560  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:26:03.0838 3560  msisadrv - ok
12:26:03.0842 3560  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:26:03.0845 3560  MSiSCSI - ok
12:26:03.0850 3560  msiserver - ok
12:26:03.0855 3560  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:26:03.0856 3560  MSKSSRV - ok
12:26:03.0861 3560  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:26:03.0861 3560  MSPCLOCK - ok
12:26:03.0865 3560  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:26:03.0866 3560  MSPQM - ok
12:26:03.0874 3560  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:26:03.0877 3560  MsRPC - ok
12:26:03.0883 3560  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:26:03.0883 3560  mssmbios - ok
12:26:03.0887 3560  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:26:03.0887 3560  MSTEE - ok
12:26:03.0893 3560  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:26:03.0894 3560  MTConfig - ok
12:26:03.0897 3560  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:26:03.0898 3560  Mup - ok
12:26:03.0907 3560  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
12:26:03.0913 3560  napagent - ok
12:26:03.0920 3560  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:26:03.0923 3560  NativeWifiP - ok
12:26:03.0936 3560  [ C38B8AE57F78915905064A9A24DC1586 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:26:03.0942 3560  NDIS - ok
12:26:03.0946 3560  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:26:03.0947 3560  NdisCap - ok
12:26:03.0951 3560  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:26:03.0952 3560  NdisTapi - ok
12:26:03.0955 3560  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:26:03.0957 3560  Ndisuio - ok
12:26:03.0961 3560  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:26:03.0963 3560  NdisWan - ok
12:26:03.0970 3560  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:26:03.0971 3560  NDProxy - ok
12:26:03.0976 3560  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:26:03.0977 3560  NetBIOS - ok
12:26:03.0984 3560  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:26:03.0987 3560  NetBT - ok
12:26:03.0990 3560  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
12:26:03.0991 3560  Netlogon - ok
12:26:03.0997 3560  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
12:26:04.0000 3560  Netman - ok
12:26:04.0004 3560  [ 3E5A36127E201DDF663176B66828FAFE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:26:04.0006 3560  NetMsmqActivator - ok
12:26:04.0010 3560  [ 3E5A36127E201DDF663176B66828FAFE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:26:04.0010 3560  NetPipeActivator - ok
12:26:04.0018 3560  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
12:26:04.0024 3560  netprofm - ok
12:26:04.0028 3560  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:26:04.0029 3560  NetTcpActivator - ok
12:26:04.0033 3560  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:26:04.0034 3560  NetTcpPortSharing - ok
12:26:04.0158 3560  [ A9FFA03AA2205C3DC390A053DE9ADCBF ] NETwNs64        C:\Windows\system32\DRIVERS\Netwsw00.sys
12:26:04.0269 3560  NETwNs64 - ok
12:26:04.0275 3560  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:26:04.0277 3560  nfrd960 - ok
12:26:04.0285 3560  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:26:04.0289 3560  NlaSvc - ok
12:26:04.0293 3560  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:26:04.0294 3560  Npfs - ok
12:26:04.0298 3560  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
12:26:04.0300 3560  nsi - ok
12:26:04.0303 3560  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:26:04.0304 3560  nsiproxy - ok
12:26:04.0325 3560  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:26:04.0335 3560  Ntfs - ok
12:26:04.0338 3560  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
12:26:04.0339 3560  Null - ok
12:26:04.0343 3560  [ 69FCDECD0215195261EC5362AB4A1520 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
12:26:04.0344 3560  nusb3hub - ok
12:26:04.0350 3560  [ F813EA99DA158FB4079622D882873D63 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:26:04.0352 3560  nusb3xhc - ok
12:26:04.0498 3560  [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:26:04.0637 3560  nvlddmkm - ok
12:26:04.0644 3560  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:26:04.0646 3560  nvraid - ok
12:26:04.0651 3560  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:26:04.0653 3560  nvstor - ok
12:26:04.0657 3560  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:26:04.0659 3560  nv_agp - ok
12:26:04.0663 3560  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:26:04.0665 3560  ohci1394 - ok
12:26:04.0670 3560  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:26:04.0672 3560  ose - ok
12:26:04.0678 3560  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:26:04.0682 3560  p2pimsvc - ok
12:26:04.0692 3560  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:26:04.0698 3560  p2psvc - ok
12:26:04.0702 3560  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
12:26:04.0703 3560  Parport - ok
12:26:04.0708 3560  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:26:04.0709 3560  partmgr - ok
12:26:04.0714 3560  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:26:04.0717 3560  PcaSvc - ok
12:26:04.0723 3560  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
12:26:04.0725 3560  pci - ok
12:26:04.0728 3560  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
12:26:04.0729 3560  pciide - ok
12:26:04.0734 3560  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:26:04.0737 3560  pcmcia - ok
12:26:04.0740 3560  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:26:04.0741 3560  pcw - ok
12:26:04.0750 3560  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:26:04.0758 3560  PEAUTH - ok
12:26:04.0784 3560  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:26:04.0785 3560  PerfHost - ok
12:26:04.0809 3560  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
12:26:04.0824 3560  pla - ok
12:26:04.0834 3560  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:26:04.0841 3560  PlugPlay - ok
12:26:04.0845 3560  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:26:04.0847 3560  PNRPAutoReg - ok
12:26:04.0853 3560  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:26:04.0855 3560  PNRPsvc - ok
12:26:04.0866 3560  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:26:04.0874 3560  PolicyAgent - ok
12:26:04.0880 3560  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
12:26:04.0883 3560  Power - ok
12:26:04.0889 3560  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:26:04.0890 3560  PptpMiniport - ok
12:26:04.0895 3560  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
12:26:04.0896 3560  Processor - ok
12:26:04.0901 3560  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
12:26:04.0904 3560  ProfSvc - ok
12:26:04.0907 3560  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:26:04.0908 3560  ProtectedStorage - ok
12:26:04.0913 3560  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:26:04.0914 3560  Psched - ok
12:26:04.0936 3560  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:26:04.0956 3560  ql2300 - ok
12:26:04.0961 3560  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:26:04.0963 3560  ql40xx - ok
12:26:04.0969 3560  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
12:26:04.0973 3560  QWAVE - ok
12:26:04.0976 3560  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:26:04.0977 3560  QWAVEdrv - ok
12:26:04.0980 3560  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:26:04.0981 3560  RasAcd - ok
12:26:04.0985 3560  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:26:04.0986 3560  RasAgileVpn - ok
12:26:04.0990 3560  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
12:26:04.0992 3560  RasAuto - ok
12:26:04.0996 3560  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:26:04.0998 3560  Rasl2tp - ok
12:26:05.0004 3560  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
12:26:05.0009 3560  RasMan - ok
12:26:05.0015 3560  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:26:05.0016 3560  RasPppoe - ok
12:26:05.0021 3560  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:26:05.0022 3560  RasSstp - ok
12:26:05.0028 3560  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:26:05.0032 3560  rdbss - ok
12:26:05.0036 3560  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
12:26:05.0037 3560  rdpbus - ok
12:26:05.0040 3560  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:26:05.0040 3560  RDPCDD - ok
12:26:05.0045 3560  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:26:05.0046 3560  RDPENCDD - ok
12:26:05.0053 3560  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:26:05.0053 3560  RDPREFMP - ok
12:26:05.0060 3560  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:26:05.0062 3560  RDPWD - ok
12:26:05.0069 3560  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:26:05.0071 3560  rdyboost - ok
12:26:05.0075 3560  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:26:05.0077 3560  RemoteAccess - ok
12:26:05.0081 3560  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:26:05.0083 3560  RemoteRegistry - ok
12:26:05.0089 3560  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:26:05.0091 3560  RFCOMM - ok
12:26:05.0098 3560  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:26:05.0100 3560  RpcEptMapper - ok
12:26:05.0103 3560  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
12:26:05.0105 3560  RpcLocator - ok
12:26:05.0113 3560  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
12:26:05.0117 3560  RpcSs - ok
12:26:05.0125 3560  [ 9D21618E7A3B2C75CF1A2ECBBE723730 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
12:26:05.0127 3560  RSPCIESTOR - ok
12:26:05.0131 3560  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:26:05.0132 3560  rspndr - ok
12:26:05.0140 3560  [ EA5532868BA76923D75BCB2A1448D810 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
12:26:05.0142 3560  RTL8167 - ok
12:26:05.0147 3560  [ 6C90231046FB9FC4123C42179832817F ] s117bus         C:\Windows\system32\DRIVERS\s117bus.sys
12:26:05.0148 3560  s117bus - ok
12:26:05.0152 3560  [ 3279341C90EF8F226AF77623039F4495 ] s117mdfl        C:\Windows\system32\DRIVERS\s117mdfl.sys
12:26:05.0153 3560  s117mdfl - ok
12:26:05.0158 3560  [ 73E331F555279E753B312675DDAF4516 ] s117mdm         C:\Windows\system32\DRIVERS\s117mdm.sys
12:26:05.0160 3560  s117mdm - ok
12:26:05.0164 3560  [ D420731FD2880F0F40F20771EFAAD671 ] s117mgmt        C:\Windows\system32\DRIVERS\s117mgmt.sys
12:26:05.0166 3560  s117mgmt - ok
12:26:05.0170 3560  [ 98236CA5A9A77D0983AC3F6D6527C796 ] s117nd5         C:\Windows\system32\DRIVERS\s117nd5.sys
12:26:05.0172 3560  s117nd5 - ok
12:26:05.0176 3560  [ 1DD613909477AE298C98E86617EC356B ] s117obex        C:\Windows\system32\DRIVERS\s117obex.sys
12:26:05.0178 3560  s117obex - ok
12:26:05.0182 3560  [ 9A22DF5FE9B6BE279D820776A6ADB56F ] s117unic        C:\Windows\system32\DRIVERS\s117unic.sys
12:26:05.0184 3560  s117unic - ok
12:26:05.0188 3560  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
12:26:05.0189 3560  SamSs - ok
12:26:05.0193 3560  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:26:05.0195 3560  sbp2port - ok
12:26:05.0201 3560  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:26:05.0204 3560  SCardSvr - ok
12:26:05.0207 3560  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:26:05.0208 3560  scfilter - ok
12:26:05.0222 3560  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
12:26:05.0229 3560  Schedule - ok
12:26:05.0233 3560  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:26:05.0234 3560  SCPolicySvc - ok
12:26:05.0239 3560  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
12:26:05.0240 3560  sdbus - ok
12:26:05.0245 3560  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:26:05.0248 3560  SDRSVC - ok
12:26:05.0252 3560  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:26:05.0252 3560  secdrv - ok
12:26:05.0257 3560  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
12:26:05.0258 3560  seclogon - ok
12:26:05.0262 3560  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
12:26:05.0264 3560  SENS - ok
12:26:05.0267 3560  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:26:05.0269 3560  SensrSvc - ok
12:26:05.0273 3560  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
12:26:05.0274 3560  Serenum - ok
12:26:05.0280 3560  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
12:26:05.0281 3560  Serial - ok
12:26:05.0284 3560  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:26:05.0285 3560  sermouse - ok
12:26:05.0296 3560  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:26:05.0299 3560  SessionEnv - ok
12:26:05.0302 3560  [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP            C:\Windows\system32\DRIVERS\SFEP.sys
12:26:05.0303 3560  SFEP - ok
12:26:05.0306 3560  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:26:05.0307 3560  sffdisk - ok
12:26:05.0310 3560  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:26:05.0311 3560  sffp_mmc - ok
12:26:05.0314 3560  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:26:05.0315 3560  sffp_sd - ok
12:26:05.0317 3560  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:26:05.0319 3560  sfloppy - ok
12:26:05.0326 3560  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:26:05.0331 3560  SharedAccess - ok
12:26:05.0342 3560  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:26:05.0345 3560  ShellHWDetection - ok
12:26:05.0349 3560  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:26:05.0350 3560  SiSRaid2 - ok
12:26:05.0354 3560  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:26:05.0356 3560  SiSRaid4 - ok
12:26:05.0361 3560  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:26:05.0364 3560  SkypeUpdate - ok
12:26:05.0368 3560  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:26:05.0369 3560  Smb - ok
12:26:05.0374 3560  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:26:05.0376 3560  SNMPTRAP - ok
12:26:05.0379 3560  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:26:05.0380 3560  spldr - ok
12:26:05.0389 3560  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
12:26:05.0393 3560  Spooler - ok
12:26:05.0431 3560  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
12:26:05.0466 3560  sppsvc - ok
12:26:05.0471 3560  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:26:05.0473 3560  sppuinotify - ok
12:26:05.0481 3560  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:26:05.0486 3560  srv - ok
12:26:05.0494 3560  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:26:05.0499 3560  srv2 - ok
12:26:05.0505 3560  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:26:05.0507 3560  srvnet - ok
12:26:05.0515 3560  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:26:05.0517 3560  SSDPSRV - ok
12:26:05.0521 3560  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:26:05.0523 3560  SstpSvc - ok
12:26:05.0530 3560  [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
12:26:05.0532 3560  ssudmdm - ok
12:26:05.0536 3560  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:26:05.0538 3560  stexstor - ok
12:26:05.0547 3560  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
12:26:05.0554 3560  stisvc - ok
12:26:05.0557 3560  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:26:05.0558 3560  swenum - ok
12:26:05.0566 3560  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
12:26:05.0572 3560  swprv - ok
12:26:05.0597 3560  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
12:26:05.0619 3560  SysMain - ok
12:26:05.0623 3560  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:26:05.0625 3560  TabletInputService - ok
12:26:05.0632 3560  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:26:05.0635 3560  TapiSrv - ok
12:26:05.0640 3560  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
12:26:05.0641 3560  TBS - ok
12:26:05.0664 3560  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:26:05.0674 3560  Tcpip - ok
12:26:05.0697 3560  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:26:05.0708 3560  TCPIP6 - ok
12:26:05.0713 3560  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:26:05.0714 3560  tcpipreg - ok
12:26:05.0721 3560  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:26:05.0722 3560  TDPIPE - ok
12:26:05.0725 3560  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:26:05.0726 3560  TDTCP - ok
12:26:05.0731 3560  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:26:05.0732 3560  tdx - ok
12:26:05.0737 3560  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:26:05.0738 3560  TermDD - ok
12:26:05.0752 3560  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
12:26:05.0757 3560  TermService - ok
12:26:05.0760 3560  [ 9201BE2BAB8A9FF8E20D8439AE3BB04D ] Themes          C:\Windows\system32\themeservice.dll
12:26:05.0762 3560  Themes - ok
12:26:05.0766 3560  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
12:26:05.0767 3560  THREADORDER - ok
12:26:05.0773 3560  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
12:26:05.0776 3560  TrkWks - ok
12:26:05.0781 3560  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:26:05.0783 3560  TrustedInstaller - ok
12:26:05.0789 3560  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:26:05.0790 3560  tssecsrv - ok
12:26:05.0793 3560  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:26:05.0794 3560  TsUsbFlt - ok
12:26:05.0798 3560  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
12:26:05.0799 3560  TsUsbGD - ok
12:26:05.0803 3560  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:26:05.0805 3560  tunnel - ok
12:26:05.0809 3560  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:26:05.0810 3560  uagp35 - ok
12:26:05.0818 3560  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:26:05.0822 3560  udfs - ok
12:26:05.0829 3560  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:26:05.0831 3560  UI0Detect - ok
12:26:05.0834 3560  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:26:05.0836 3560  uliagpkx - ok
12:26:05.0841 3560  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:26:05.0842 3560  umbus - ok
12:26:05.0845 3560  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
12:26:05.0846 3560  UmPass - ok
12:26:05.0876 3560  [ DB641944F7E4B14C13C3FEFC89843F69 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:26:05.0902 3560  UNS - ok
12:26:05.0910 3560  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
12:26:05.0915 3560  upnphost - ok
12:26:05.0919 3560  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:26:05.0921 3560  usbccgp - ok
12:26:05.0925 3560  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:26:05.0927 3560  usbcir - ok
12:26:05.0930 3560  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:26:05.0932 3560  usbehci - ok
12:26:05.0938 3560  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:26:05.0942 3560  usbhub - ok
12:26:05.0946 3560  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:26:05.0947 3560  usbohci - ok
12:26:05.0952 3560  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:26:05.0953 3560  usbprint - ok
12:26:05.0957 3560  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:26:05.0958 3560  usbscan - ok
12:26:05.0962 3560  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:26:05.0963 3560  USBSTOR - ok
12:26:05.0967 3560  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:26:05.0968 3560  usbuhci - ok
12:26:05.0973 3560  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
12:26:05.0975 3560  usbvideo - ok
12:26:05.0979 3560  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
12:26:05.0981 3560  UxSms - ok
12:26:05.0987 3560  [ 387D3DFFCF0A544539E9C5D8B81169A2 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
12:26:05.0987 3560  VAIO Event Service - ok
12:26:05.0997 3560  [ D1933E428D991B15AFFD48B1A7BEB643 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
12:26:06.0003 3560  VAIO Power Management - ok
12:26:06.0007 3560  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
12:26:06.0008 3560  VaultSvc - ok
12:26:06.0011 3560  [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
12:26:06.0013 3560  VClone - ok
12:26:06.0019 3560  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:26:06.0019 3560  vdrvroot - ok
12:26:06.0028 3560  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
12:26:06.0035 3560  vds - ok
12:26:06.0039 3560  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:26:06.0040 3560  vga - ok
12:26:06.0043 3560  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:26:06.0044 3560  VgaSave - ok
12:26:06.0050 3560  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:26:06.0053 3560  vhdmp - ok
12:26:06.0060 3560  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:26:06.0061 3560  viaide - ok
12:26:06.0065 3560  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:26:06.0066 3560  volmgr - ok
12:26:06.0072 3560  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:26:06.0076 3560  volmgrx - ok
12:26:06.0082 3560  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:26:06.0085 3560  volsnap - ok
12:26:06.0095 3560  [ 5EA22CB6B100212837A97F281EDB3C47 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
12:26:06.0100 3560  vpnagent - ok
12:26:06.0104 3560  [ 0E4DF91E83DA5739FFB18535D4DB10AA ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
12:26:06.0105 3560  vpnva - ok
12:26:06.0110 3560  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:26:06.0112 3560  vsmraid - ok
12:26:06.0133 3560  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
12:26:06.0153 3560  VSS - ok
12:26:06.0156 3560  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:26:06.0157 3560  vwifibus - ok
12:26:06.0161 3560  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:26:06.0162 3560  vwififlt - ok
12:26:06.0165 3560  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:26:06.0166 3560  vwifimp - ok
12:26:06.0174 3560  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
12:26:06.0179 3560  W32Time - ok
12:26:06.0184 3560  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:26:06.0186 3560  WacomPen - ok
12:26:06.0191 3560  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:26:06.0193 3560  WANARP - ok
12:26:06.0195 3560  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:26:06.0196 3560  Wanarpv6 - ok
12:26:06.0212 3560  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:26:06.0225 3560  WatAdminSvc - ok
12:26:06.0246 3560  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
12:26:06.0264 3560  wbengine - ok
12:26:06.0271 3560  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:26:06.0274 3560  WbioSrvc - ok
12:26:06.0285 3560  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:26:06.0290 3560  wcncsvc - ok
12:26:06.0293 3560  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:26:06.0295 3560  WcsPlugInService - ok
12:26:06.0299 3560  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
12:26:06.0300 3560  Wd - ok
12:26:06.0312 3560  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:26:06.0320 3560  Wdf01000 - ok
12:26:06.0326 3560  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:26:06.0329 3560  WdiServiceHost - ok
12:26:06.0332 3560  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:26:06.0334 3560  WdiSystemHost - ok
12:26:06.0338 3560  [ 63CE387483E74A0BD79EE4E5EBA1FD2E ] wdkmd           C:\Windows\system32\DRIVERS\WDKMD.sys
12:26:06.0339 3560  wdkmd - ok
12:26:06.0345 3560  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
12:26:06.0349 3560  WebClient - ok
12:26:06.0354 3560  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:26:06.0358 3560  Wecsvc - ok
12:26:06.0362 3560  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:26:06.0364 3560  wercplsupport - ok
12:26:06.0368 3560  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:26:06.0370 3560  WerSvc - ok
12:26:06.0374 3560  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:26:06.0375 3560  WfpLwf - ok
12:26:06.0378 3560  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:26:06.0379 3560  WIMMount - ok
12:26:06.0381 3560  WinDefend - ok
12:26:06.0386 3560  WinHttpAutoProxySvc - ok
12:26:06.0402 3560  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:26:06.0405 3560  Winmgmt - ok
12:26:06.0435 3560  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
12:26:06.0462 3560  WinRM - ok
12:26:06.0469 3560  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:26:06.0470 3560  WinUsb - ok
12:26:06.0485 3560  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:26:06.0498 3560  Wlansvc - ok
12:26:06.0502 3560  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:26:06.0503 3560  WmiAcpi - ok
12:26:06.0510 3560  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:26:06.0513 3560  wmiApSrv - ok
12:26:06.0515 3560  WMPNetworkSvc - ok
12:26:06.0520 3560  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:26:06.0522 3560  WPCSvc - ok
12:26:06.0526 3560  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:26:06.0529 3560  WPDBusEnum - ok
12:26:06.0533 3560  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:26:06.0534 3560  ws2ifsl - ok
12:26:06.0538 3560  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
12:26:06.0540 3560  wscsvc - ok
12:26:06.0542 3560  WSearch - ok
12:26:06.0573 3560  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:26:06.0598 3560  wuauserv - ok
12:26:06.0602 3560  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:26:06.0604 3560  WudfPf - ok
12:26:06.0612 3560  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:26:06.0615 3560  WUDFRd - ok
12:26:06.0619 3560  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:26:06.0621 3560  wudfsvc - ok
12:26:06.0627 3560  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:26:06.0631 3560  WwanSvc - ok
12:26:06.0642 3560  [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
12:26:06.0649 3560  xnacc - ok
12:26:06.0664 3560  ================ Scan global ===============================
12:26:06.0668 3560  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:26:06.0674 3560  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:26:06.0680 3560  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:26:06.0685 3560  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:26:06.0693 3560  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:26:06.0696 3560  [Global] - ok
12:26:06.0696 3560  ================ Scan MBR ==================================
12:26:06.0698 3560  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:26:06.0802 3560  \Device\Harddisk0\DR0 - ok
12:26:06.0803 3560  ================ Scan VBR ==================================
12:26:06.0805 3560  [ D49FDD878415BA4C3EDAC951C188326A ] \Device\Harddisk0\DR0\Partition1
12:26:06.0808 3560  \Device\Harddisk0\DR0\Partition1 - ok
12:26:06.0811 3560  [ 8120E077A471940B3A2D972BF57BF23C ] \Device\Harddisk0\DR0\Partition2
12:26:06.0813 3560  \Device\Harddisk0\DR0\Partition2 - ok
12:26:06.0813 3560  ============================================================
12:26:06.0813 3560  Scan finished
12:26:06.0813 3560  ============================================================
12:26:06.0826 3432  Detected object count: 0
12:26:06.0827 3432  Actual detected object count: 0


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:52 PM

Posted 11 August 2013 - 08:05 AM

Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
NEXT
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 ajm133

ajm133
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 11 August 2013 - 09:50 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.2 (08.11.2013:1)
OS: Windows 7 Home Premium x64
Ran by ajmc on 11/08/2013 at 14:38:47.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sp global
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\ajmc\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\ajmc\appdata\local\apn"
Successfully deleted: [Empty Folder] C:\Users\ajmc\appdata\local\{35CA3215-DCF7-4C43-9FF2-B6A62A75C2C1}
Successfully deleted: [Empty Folder] C:\Users\ajmc\appdata\local\{865B8590-60BB-458C-8FD8-A3DC818B8BF9}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/08/2013 at 14:42:07.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.11.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
ajmc :: AJMC-VAIO [administrator]
 
11/08/2013 14:47:41
mbam-log-2013-08-11 (14-47-41).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215617
Time elapsed: 1 minute(s), 20 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 6
C:\Users\ajmc\AppData\Local\Temp\svchost.exe (PUP.BitCoinMiner) -> Quarantined and deleted successfully.
C:\Users\ajmc\Local Settings\Temporary Internet Files\Content.IE5\GG3E5H3P\svchost[1].exe (PUP.BitCoinMiner) -> Quarantined and deleted successfully.
C:\Users\ajmc\AppData\Local\Temp\svchost.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\ajmc\AppData\Local\Temp\phatk121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Users\ajmc\AppData\Local\Temp\diablo121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Users\ajmc\AppData\Local\Temp\poclbm121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
 
(end)
 

 

 

C:\Program Files (x86)\Postbox\postbox.v3.0.2-patch.exe a variant of Win32/HackTool.Patcher.T application
C:\Program Files (x86)\SaveShare\sprotector.dll a variant of Win32/SProtector.A application
C:\Users\ajmc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTNSMHNU\svchost[1].exe a variant of Win32/BitCoinMiner.N application
C:\Users\ajmc\AppData\Local\Temp\svchost.exe a variant of Win32/BitCoinMiner.N application
C:\Users\ajmc\Downloads\Dark Summit The True Story of Everests Most Controversial Seas PDF.exe a variant of Win32/4Shared.D application
C:\Users\ajmc\Downloads\dark_summit_by_nick_heil.pdf_downloader_gb_99322.exe a variant of Win32/YourFileDownloader.B application
 

 

 

 

 



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:52 PM

Posted 11 August 2013 - 11:04 AM

Please run the following:
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Program Files (x86)\Postbox\postbox.v3.0.2-patch.exe 
C:\Program Files (x86)\SaveShare\sprotector.dll 
C:\Users\ajmc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTNSMHNU\svchost[1].exe 
C:\Users\ajmc\AppData\Local\Temp\svchost.exe 
C:\Users\ajmc\Downloads\Dark Summit The True Story of Everests Most Controversial Seas PDF.exe 
C:\Users\ajmc\Downloads\dark_summit_by_nick_heil.pdf_downloader_gb_99322.exe 

ClearJavaCache::
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

CFScriptB-4.gif
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT
  • Download RogueKiller and save it to your desktop.
    32bit version
    64bit version
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    RGKRScan.png
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    RGKRDelete.png
  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • another report will be created on your desktop.
Please post: All RKreport.txt text files located on your desktop.


NEXT


Please re-run MBAM to see if those items have returned - post the new log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 ajm133

ajm133
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 11 August 2013 - 11:44 AM

ComboFix 13-08-11.02 - ajmc 11/08/2013  17:30:19.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8108.6766 [GMT 1:00]
Running from: c:\users\ajmc\Desktop\ComboFix.exe
Command switches used :: c:\users\ajmc\Desktop\CFSCRIPT.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
FILE ::
"c:\program files (x86)\Postbox\postbox.v3.0.2-patch.exe"
"c:\program files (x86)\SaveShare\sprotector.dll"
"c:\users\ajmc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTNSMHNU\svchost[1].exe"
"c:\users\ajmc\AppData\Local\Temp\svchost.exe"
"c:\users\ajmc\Downloads\Dark Summit The True Story of Everests Most Controversial Seas PDF.exe"
"c:\users\ajmc\Downloads\dark_summit_by_nick_heil.pdf_downloader_gb_99322.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Postbox\postbox.v3.0.2-patch.exe
c:\program files (x86)\SaveShare\sprotector.dll
c:\users\ajmc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTNSMHNU\svchost[1].exe
c:\users\ajmc\Downloads\Dark Summit The True Story of Everests Most Controversial Seas PDF.exe
c:\users\ajmc\Downloads\dark_summit_by_nick_heil.pdf_downloader_gb_99322.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-11 to 2013-08-11  )))))))))))))))))))))))))))))))
.
.
2013-08-11 16:33 . 2013-08-11 16:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-11 13:51 . 2013-08-11 13:51 -------- d-----w- c:\program files (x86)\ESET
2013-08-11 13:38 . 2013-08-11 13:38 -------- d-----w- c:\windows\ERUNT
2013-08-10 13:10 . 2013-08-10 13:10 -------- d-----w- C:\FRST
2013-08-09 21:11 . 2013-08-09 21:11 -------- d-----w- c:\programdata\StarApp
2013-08-09 21:11 . 2013-08-11 16:33 -------- d-----w- c:\program files (x86)\SaveShare
2013-08-09 21:11 . 2013-08-09 21:21 -------- d-----w- c:\programdata\savenshare
2013-08-09 21:10 . 2013-08-09 21:13 -------- d-----w- c:\programdata\InstallMate
2013-08-04 19:51 . 2013-08-04 19:51 -------- d-----w- C:\Casino
2013-08-02 19:25 . 2013-08-02 19:25 -------- d-----w- C:\Poker
2013-07-28 18:43 . 2013-07-28 18:48 -------- d-----w- c:\users\ajmc\AppData\Roaming\livestreamer
2013-07-24 10:00 . 2013-07-24 10:00 168751 ----a-w- c:\windows\tmp023423.vbe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-05-31 2801288]
"Adobe"="c:\users\ajmc\AppData\Roaming\Adobe\color.vbe" [2013-07-24 168751]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 uCamMonitor;CamMonitor; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-373358491-3787122275-2452673252-1000Core.job
- c:\users\ajmc\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17 19:15]
.
2013-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-373358491-3787122275-2452673252-1000UA.job
- c:\users\ajmc\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17 19:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-16 11490408]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-16 2179688]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\SYSTEM32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-SP_d33a5824 - c:\program files (x86)\EasyLife\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Sony\VAIO Control Center\VESMgr.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\users\ajmc\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\ajmc\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\ajmc\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\ajmc\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\ajmc\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2013-08-11  17:35:45 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-11 16:35
ComboFix2.txt  2013-08-11 11:24
.
Pre-Run: 97,857,531,904 bytes free
Post-Run: 97,795,358,720 bytes free
.
- - End Of File - - 4BA1AAF8D66EE46D34709E41C5C426A0
A36C5E4F47E84449FF07ED3517B43A31
 

 

 
 
 
 
 
 
 
 
 
 
 
 
 
RogueKiller V8.6.5 _x64_ [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ajmc [Admin rights]
Mode : Scan -- Date : 08/11/2013 17:37:45
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : Adobe (C:\Users\ajmc\AppData\Roaming\Adobe\color.vbe [-]) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-373358491-3787122275-2452673252-1000UA.job : C:\Users\ajmc\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-373358491-3787122275-2452673252-1000Core.job : C:\Users\ajmc\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-373358491-3787122275-2452673252-1000Core : C:\Users\ajmc\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-373358491-3787122275-2452673252-1000UA : C:\Users\ajmc\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: TOSHIBA THNSNC128GMMJ ATA Device +++++
--- User ---
[MBR] e1e1835ae356015ee3ce543a0578a1a8
[BSP] 23991cf4af136f3a0fc2eb48d42ed74b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208848 | Size: 122001 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_08112013_173745.txt >>
 
 

 

 
 
 
 
 
 
 
 
 
RogueKiller V8.6.5 _x64_ [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ajmc [Admin rights]
Mode : Remove -- Date : 08/11/2013 17:37:54
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : Adobe (C:\Users\ajmc\AppData\Roaming\Adobe\color.vbe [-]) -> DELETED
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. 
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-373358491-3787122275-2452673252-1000UA.job : C:\Users\ajmc\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> DELETED
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-373358491-3787122275-2452673252-1000Core.job : C:\Users\ajmc\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> DELETED
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-373358491-3787122275-2452673252-1000Core : C:\Users\ajmc\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> DELETED
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-373358491-3787122275-2452673252-1000UA : C:\Users\ajmc\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> DELETED
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 

 

 
 
 
 
 
 
 
RogueKiller V8.6.5 _x64_ [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ajmc [Admin rights]
Mode : Shortcuts HJfix -- Date : 08/11/2013 17:38:38
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 7 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 2 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 2 / Fail 0
Backup: [NOT FOUND]
 
Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
 
¤¤¤ Infection :  ¤¤¤
 
Finished : << RKreport[0]_SC_08112013_173838.txt >>
RKreport[0]_D_08112013_173754.txt;RKreport[0]_S_08112013_173745.txt
 

 

 
 
 
 
 
 
 
 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.11.04
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
ajmc :: AJMC-VAIO [administrator]
 
11/08/2013 17:40:35
mbam-log-2013-08-11 (17-40-35).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215549
Time elapsed: 1 minute(s), 18 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:52 PM

Posted 11 August 2013 - 12:11 PM

Hello

That looks promising.

I'm curious about this file

c:\windows\tmp023423.vbe

please do the following:


Please open this page in your browser:

http://www.bleepingcomputer.com/submit-malware.php?channel=107
Fill in the link to topic field with a link to this topic

Copy/paste the following into the Browse to the file you want to submit field:

c:\windows\tmp023423.vbe


Then press Send File, this will upload the file for analysis

Please let me know how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 ajm133

ajm133
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 11 August 2013 - 12:41 PM

I've sent that file. My computer is running fine. Many thanks for your help, Could you tell me whether it was anything serious---in the sense that should I be changing my passwords with online banking etc?



#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:52 PM

Posted 11 August 2013 - 03:19 PM

Please navigate to that file and delete it

c:\windows\tmp023423.vbe

I always recommend regularly changing passwords as a precaution as there really is no way of knowing exactly what any infection is capable of doing, so it's best to be cautious.

If there are no outstanding issues, then we can clean up our tools

please do the following:


You can delete the FRST, JRT, RogueKiller and TDSSKiller logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix
  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix_uninstall_image.jpg


NEXT
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.
If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    %5BB%5DPC Safety and Security--What Do I Need?.[/b]
  • Simple and easy ways to keep your computer safe and secure on the Internet
Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 ajm133

ajm133
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 11 August 2013 - 03:47 PM

Everything seems fine. Many thanks for your help.



#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:52 PM

Posted 11 August 2013 - 06:01 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users