Jump to content

Redirect Virus


Recommended Posts

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

Hi Gringo, Combofix log below.

When i tried to run combofix the first time it hung for a while. I rebooted and tried to run again and it also hung. I tried to do sys restore but sys restore failed. I then tried to run combofix again and it seemed to work with the log file below. I am trying to test it a bit now.

Thanks for your help.

ComboFix 12-07-08.01 - Mike 07/08/2012 10:34:45.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.3987 [GMT -4:00]

Running from: e:\downloads\ComboFix.exe

FW: ZoneAlarm Extreme Security Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

c:\users\Mike\AppData\Local\Temp\IswTmp\WH\0

c:\windows\s.bat

c:\windows\TEMP\jna650511868734864182.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))))

.

.

2012-07-08 14:58 . 2012-07-08 14:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-08 14:30 . 2012-07-08 14:30 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03B6D068-1A41-4481-9854-E421A0E550BF}\offreg.dll

2012-07-07 23:54 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03B6D068-1A41-4481-9854-E421A0E550BF}\mpengine.dll

2012-06-19 14:21 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-19 14:21 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-19 14:21 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-19 14:21 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-19 14:21 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-19 14:21 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-19 14:21 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-19 14:21 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-19 14:21 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-18 00:30 . 2012-06-18 00:30 -------- d-----w- c:\users\Mike\AppData\Local\Diagnostics

2012-06-12 20:29 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-11 18:46 . 2012-05-11 18:46 644400 ----a-w- c:\windows\SysWow64\mscomct2.ocx

2012-04-23 18:52 . 2012-04-23 18:52 10 ----a-w- c:\windows\Fonts\wfonts.key

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-06 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]

"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]

"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]

"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-11-06 329056]

"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-12-19 73360]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]

CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088]

SRS Premium Sound.lnk - c:\program files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe [2010-12-17 1927528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"LocalAccountTokenFilterPolicy"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06 136176]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06 136176]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-11-09 8500736]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-15 1255736]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-11-06 57952]

S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-11-06 39008]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-06 25960]

S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-11-06 13408]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-10-14 11864]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2011-03-16 222720]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-02-06 13672]

S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 33672]

S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 827520]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-06 2009704]

S2 RtLedService;RtLedService Installer;c:\program files\Realtek\RtLED\RtLEDService.exe [2010-09-30 311296]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-11-06 29792]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-05 31088]

S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2011-11-03 45448]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]

S3 vm2uvcflt;Vimicro USB Camera Filter 2;c:\windows\system32\Drivers\vm2uvcflt.sys [2010-09-21 15056]

S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [2011-02-14 234960]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06 03:11]

.

2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06 03:11]

.

2012-06-23 c:\windows\Tasks\hpwebreg_CN11F111WV05JW.job

- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\hpwebreg.exe [2010-11-17 01:29]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]

@="{771C7324-DA80-49D3-8017-753B0AF60951}"

[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]

2011-11-06 03:00 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-14 11697768]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]

"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-11-06 114688]

"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-11-06 789920]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-11-06 9769888]

"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-11-06 5908928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://lenovo.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-RZKBLX - c:\users\Mike\AppData\Roaming\l_intl5.dll

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-ISW - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-07-08 11:21:45

ComboFix-quarantined-files.txt 2012-07-08 15:21

.

Pre-Run: 364,993,363,968 bytes free

Post-Run: 364,576,792,576 bytes free

.

- - End Of File - - F042213B5D0C091644587992AAA1DBA2

Link to post
Share on other sites

  • Staff

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

TDS LOG::

22:44:05.0696 5248 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08

22:44:05.0952 5248 ============================================================

22:44:05.0952 5248 Current date / time: 2012/07/08 22:44:05.0952

22:44:05.0952 5248 SystemInfo:

22:44:05.0952 5248

22:44:05.0952 5248 OS Version: 6.1.7601 ServicePack: 1.0

22:44:05.0952 5248 Product type: Workstation

22:44:05.0952 5248 ComputerName: LENOVOSITTING

22:44:05.0952 5248 UserName: Mike

22:44:05.0952 5248 Windows directory: C:\windows

22:44:05.0952 5248 System windows directory: C:\windows

22:44:05.0952 5248 Running under WOW64

22:44:05.0952 5248 Processor architecture: Intel x64

22:44:05.0952 5248 Number of processors: 4

22:44:05.0952 5248 Page size: 0x1000

22:44:05.0952 5248 Boot type: Normal boot

22:44:05.0952 5248 ============================================================

22:44:06.0413 5248 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:44:06.0418 5248 Drive \Device\Harddisk1\DR1 - Size: 0x1D1BF100000 (1862.99 Gb), SectorSize: 0x200, Cylinders: 0x3B5FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

22:44:06.0463 5248 ============================================================

22:44:06.0463 5248 \Device\Harddisk0\DR0:

22:44:06.0463 5248 MBR partitions:

22:44:06.0463 5248 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000

22:44:06.0464 5248 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34BA1000

22:44:06.0486 5248 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x34C06000, BlocksNum 0x39FD800

22:44:06.0486 5248 \Device\Harddisk1\DR1:

22:44:06.0487 5248 MBR partitions:

22:44:06.0487 5248 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8DF8000

22:44:06.0487 5248 ============================================================

22:44:06.0525 5248 C: <-> \Device\Harddisk0\DR0\Partition1

22:44:06.0562 5248 D: <-> \Device\Harddisk0\DR0\Partition2

22:44:06.0579 5248 E: <-> \Device\Harddisk1\DR1\Partition0

22:44:06.0579 5248 ============================================================

22:44:06.0579 5248 Initialize success

22:44:06.0579 5248 ============================================================

22:44:19.0450 5064 ============================================================

22:44:19.0450 5064 Scan started

22:44:19.0450 5064 Mode: Manual;

22:44:19.0450 5064 ============================================================

22:44:20.0038 5064 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

22:44:20.0040 5064 1394ohci - ok

22:44:20.0103 5064 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

22:44:20.0105 5064 ACPI - ok

22:44:20.0123 5064 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

22:44:20.0123 5064 AcpiPmi - ok

22:44:20.0175 5064 ACPIVPC (5bbff8b826ec38d32c26334e079c7efc) C:\windows\system32\DRIVERS\AcpiVpc.sys

22:44:20.0175 5064 ACPIVPC - ok

22:44:20.0261 5064 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

22:44:20.0262 5064 AdobeARMservice - ok

22:44:20.0349 5064 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys

22:44:20.0352 5064 adp94xx - ok

22:44:20.0421 5064 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys

22:44:20.0423 5064 adpahci - ok

22:44:20.0463 5064 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys

22:44:20.0464 5064 adpu320 - ok

22:44:20.0503 5064 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

22:44:20.0504 5064 AeLookupSvc - ok

22:44:20.0615 5064 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

22:44:20.0618 5064 AFD - ok

22:44:20.0635 5064 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

22:44:20.0635 5064 agp440 - ok

22:44:20.0660 5064 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

22:44:20.0661 5064 ALG - ok

22:44:20.0675 5064 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

22:44:20.0675 5064 aliide - ok

22:44:20.0683 5064 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

22:44:20.0683 5064 amdide - ok

22:44:20.0698 5064 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys

22:44:20.0698 5064 AmdK8 - ok

22:44:20.0707 5064 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys

22:44:20.0708 5064 AmdPPM - ok

22:44:20.0736 5064 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

22:44:20.0737 5064 amdsata - ok

22:44:20.0772 5064 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys

22:44:20.0774 5064 amdsbs - ok

22:44:20.0797 5064 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

22:44:20.0798 5064 amdxata - ok

22:44:20.0845 5064 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

22:44:20.0846 5064 AppID - ok

22:44:20.0867 5064 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

22:44:20.0867 5064 AppIDSvc - ok

22:44:20.0883 5064 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

22:44:20.0884 5064 Appinfo - ok

22:44:20.0985 5064 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

22:44:20.0986 5064 Apple Mobile Device - ok

22:44:21.0033 5064 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys

22:44:21.0034 5064 arc - ok

22:44:21.0072 5064 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys

22:44:21.0073 5064 arcsas - ok

22:44:21.0102 5064 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

22:44:21.0102 5064 AsyncMac - ok

22:44:21.0129 5064 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

22:44:21.0130 5064 atapi - ok

22:44:21.0240 5064 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

22:44:21.0244 5064 AudioEndpointBuilder - ok

22:44:21.0250 5064 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

22:44:21.0254 5064 AudioSrv - ok

22:44:21.0302 5064 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll

22:44:21.0303 5064 AxInstSV - ok

22:44:21.0383 5064 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys

22:44:21.0386 5064 b06bdrv - ok

22:44:21.0461 5064 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

22:44:21.0463 5064 b57nd60a - ok

22:44:21.0622 5064 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

22:44:21.0623 5064 BBSvc - ok

22:44:21.0677 5064 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

22:44:21.0679 5064 BBUpdate - ok

22:44:21.0748 5064 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

22:44:21.0749 5064 BDESVC - ok

22:44:21.0783 5064 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

22:44:21.0784 5064 Beep - ok

22:44:21.0902 5064 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll

22:44:21.0907 5064 BFE - ok

22:44:22.0028 5064 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll

22:44:22.0034 5064 BITS - ok

22:44:22.0080 5064 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

22:44:22.0080 5064 blbdrive - ok

22:44:22.0175 5064 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

22:44:22.0178 5064 Bonjour Service - ok

22:44:22.0224 5064 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

22:44:22.0225 5064 bowser - ok

22:44:22.0269 5064 BPntDrv (aaa4f992f879977a000fe8b8c730cd2c) C:\windows\system32\drivers\BPntDrv.sys

22:44:22.0270 5064 BPntDrv - ok

22:44:22.0301 5064 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys

22:44:22.0302 5064 BrFiltLo - ok

22:44:22.0315 5064 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys

22:44:22.0316 5064 BrFiltUp - ok

22:44:22.0357 5064 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys

22:44:22.0358 5064 BridgeMP - ok

22:44:22.0408 5064 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll

22:44:22.0409 5064 Browser - ok

22:44:22.0445 5064 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

22:44:22.0447 5064 Brserid - ok

22:44:22.0463 5064 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

22:44:22.0464 5064 BrSerWdm - ok

22:44:22.0472 5064 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

22:44:22.0472 5064 BrUsbMdm - ok

22:44:22.0485 5064 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

22:44:22.0485 5064 BrUsbSer - ok

22:44:22.0530 5064 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys

22:44:22.0531 5064 BthEnum - ok

22:44:22.0555 5064 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys

22:44:22.0555 5064 BTHMODEM - ok

22:44:22.0577 5064 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys

22:44:22.0578 5064 BthPan - ok

22:44:22.0656 5064 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys

22:44:22.0660 5064 BTHPORT - ok

22:44:22.0706 5064 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

22:44:22.0707 5064 bthserv - ok

22:44:22.0748 5064 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys

22:44:22.0749 5064 BTHUSB - ok

22:44:22.0792 5064 catchme - ok

22:44:22.0822 5064 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

22:44:22.0823 5064 cdfs - ok

22:44:22.0863 5064 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

22:44:22.0864 5064 cdrom - ok

22:44:22.0888 5064 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

22:44:22.0889 5064 CertPropSvc - ok

22:44:22.0918 5064 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys

22:44:22.0919 5064 circlass - ok

22:44:22.0982 5064 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

22:44:22.0985 5064 CLFS - ok

22:44:23.0105 5064 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:44:23.0106 5064 clr_optimization_v2.0.50727_32 - ok

22:44:23.0165 5064 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

22:44:23.0166 5064 clr_optimization_v2.0.50727_64 - ok

22:44:23.0240 5064 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:44:23.0241 5064 clr_optimization_v4.0.30319_32 - ok

22:44:23.0305 5064 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

22:44:23.0307 5064 clr_optimization_v4.0.30319_64 - ok

22:44:23.0344 5064 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\windows\system32\DRIVERS\clwvd.sys

22:44:23.0345 5064 clwvd - ok

22:44:23.0372 5064 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

22:44:23.0372 5064 CmBatt - ok

22:44:23.0377 5064 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

22:44:23.0377 5064 cmdide - ok

22:44:23.0447 5064 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

22:44:23.0450 5064 CNG - ok

22:44:23.0473 5064 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys

22:44:23.0473 5064 Compbatt - ok

22:44:23.0501 5064 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys

22:44:23.0502 5064 CompositeBus - ok

22:44:23.0519 5064 COMSysApp - ok

22:44:23.0628 5064 CrashPlanService (e2cec73b4d221b9ffe906748d1f5fc54) C:\Program Files\CrashPlan\CrashPlanService.exe

22:44:23.0630 5064 CrashPlanService - ok

22:44:23.0649 5064 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys

22:44:23.0650 5064 crcdisk - ok

22:44:23.0711 5064 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll

22:44:23.0712 5064 CryptSvc - ok

22:44:23.0788 5064 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

22:44:23.0793 5064 DcomLaunch - ok

22:44:23.0848 5064 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

22:44:23.0850 5064 defragsvc - ok

22:44:23.0876 5064 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

22:44:23.0877 5064 DfsC - ok

22:44:23.0925 5064 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll

22:44:23.0927 5064 Dhcp - ok

22:44:23.0940 5064 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

22:44:23.0940 5064 discache - ok

22:44:23.0977 5064 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys

22:44:23.0978 5064 Disk - ok

22:44:24.0012 5064 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll

22:44:24.0014 5064 Dnscache - ok

22:44:24.0051 5064 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll

22:44:24.0053 5064 dot3svc - ok

22:44:24.0069 5064 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll

22:44:24.0070 5064 DPS - ok

22:44:24.0112 5064 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

22:44:24.0113 5064 drmkaud - ok

22:44:24.0213 5064 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

22:44:24.0218 5064 DXGKrnl - ok

22:44:24.0253 5064 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

22:44:24.0255 5064 EapHost - ok

22:44:24.0486 5064 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys

22:44:24.0505 5064 ebdrv - ok

22:44:24.0656 5064 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe

22:44:24.0657 5064 EFS - ok

22:44:24.0764 5064 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe

22:44:24.0769 5064 ehRecvr - ok

22:44:24.0805 5064 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

22:44:24.0807 5064 ehSched - ok

22:44:24.0904 5064 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys

22:44:24.0907 5064 elxstor - ok

22:44:24.0920 5064 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

22:44:24.0921 5064 ErrDev - ok

22:44:24.0986 5064 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

22:44:24.0989 5064 EventSystem - ok

22:44:25.0196 5064 EvtEng (f8f610093e1d7fdfa477fc34d15d5c60) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

22:44:25.0206 5064 EvtEng - ok

22:44:25.0385 5064 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

22:44:25.0386 5064 exfat - ok

22:44:25.0420 5064 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

22:44:25.0421 5064 fastfat - ok

22:44:25.0509 5064 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe

22:44:25.0514 5064 Fax - ok

22:44:25.0550 5064 fbfmon (3191aca33088ee2481044fc0db736442) C:\windows\system32\drivers\fbfmon.sys

22:44:25.0551 5064 fbfmon - ok

22:44:25.0566 5064 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys

22:44:25.0566 5064 fdc - ok

22:44:25.0591 5064 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

22:44:25.0592 5064 fdPHost - ok

22:44:25.0620 5064 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

22:44:25.0621 5064 FDResPub - ok

22:44:25.0649 5064 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

22:44:25.0649 5064 FileInfo - ok

22:44:25.0667 5064 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

22:44:25.0668 5064 Filetrace - ok

22:44:25.0684 5064 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys

22:44:25.0685 5064 flpydisk - ok

22:44:25.0730 5064 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

22:44:25.0732 5064 FltMgr - ok

22:44:25.0839 5064 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll

22:44:25.0846 5064 FontCache - ok

22:44:25.0930 5064 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

22:44:25.0931 5064 FontCache3.0.0.0 - ok

22:44:25.0971 5064 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

22:44:25.0972 5064 FsDepends - ok

22:44:26.0008 5064 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys

22:44:26.0009 5064 Fs_Rec - ok

22:44:26.0041 5064 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

22:44:26.0043 5064 fvevol - ok

22:44:26.0083 5064 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys

22:44:26.0084 5064 gagp30kx - ok

22:44:26.0111 5064 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

22:44:26.0111 5064 GEARAspiWDM - ok

22:44:26.0201 5064 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll

22:44:26.0206 5064 gpsvc - ok

22:44:26.0310 5064 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:44:26.0312 5064 gupdate - ok

22:44:26.0315 5064 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:44:26.0316 5064 gupdatem - ok

22:44:26.0347 5064 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

22:44:26.0349 5064 gusvc - ok

22:44:26.0368 5064 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

22:44:26.0369 5064 hcw85cir - ok

22:44:26.0433 5064 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

22:44:26.0436 5064 HdAudAddService - ok

22:44:26.0471 5064 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys

22:44:26.0472 5064 HDAudBus - ok

22:44:26.0483 5064 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys

22:44:26.0484 5064 HidBatt - ok

22:44:26.0508 5064 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys

22:44:26.0509 5064 HidBth - ok

22:44:26.0543 5064 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys

22:44:26.0544 5064 HidIr - ok

22:44:26.0567 5064 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll

22:44:26.0568 5064 hidserv - ok

22:44:26.0587 5064 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

22:44:26.0588 5064 HidUsb - ok

22:44:26.0626 5064 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll

22:44:26.0628 5064 hkmsvc - ok

22:44:26.0664 5064 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll

22:44:26.0667 5064 HomeGroupListener - ok

22:44:26.0709 5064 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll

22:44:26.0711 5064 HomeGroupProvider - ok

22:44:26.0745 5064 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

22:44:26.0746 5064 HpSAMD - ok

22:44:26.0843 5064 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

22:44:26.0847 5064 HTTP - ok

22:44:26.0870 5064 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

22:44:26.0871 5064 hwpolicy - ok

22:44:26.0904 5064 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

22:44:26.0905 5064 i8042prt - ok

22:44:26.0977 5064 iaStor (53cc5bf8b5a219119953c7abb19a7705) C:\windows\system32\DRIVERS\iaStor.sys

22:44:26.0979 5064 iaStor - ok

22:44:27.0029 5064 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

22:44:27.0032 5064 iaStorV - ok

22:44:27.0099 5064 icsak (acbab67fa8de733af04a5f6494bf41db) C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys

22:44:27.0100 5064 icsak - ok

22:44:27.0259 5064 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

22:44:27.0264 5064 idsvc - ok

22:44:28.0028 5064 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\windows\system32\DRIVERS\igdkmd64.sys

22:44:28.0117 5064 igfx - ok

22:44:28.0255 5064 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys

22:44:28.0256 5064 iirsp - ok

22:44:28.0357 5064 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll

22:44:28.0363 5064 IKEEXT - ok

22:44:28.0571 5064 IntcAzAudAddService (a9853214cc97796579d75b1f59c51dcd) C:\windows\system32\drivers\RTKVHD64.sys

22:44:28.0588 5064 IntcAzAudAddService - ok

22:44:28.0761 5064 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys

22:44:28.0763 5064 IntcDAud - ok

22:44:28.0783 5064 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

22:44:28.0784 5064 intelide - ok

22:44:28.0806 5064 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

22:44:28.0807 5064 intelppm - ok

22:44:28.0923 5064 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

22:44:28.0924 5064 IntuitUpdateServiceV4 - ok

22:44:28.0959 5064 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

22:44:28.0961 5064 IPBusEnum - ok

22:44:29.0015 5064 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

22:44:29.0016 5064 IpFilterDriver - ok

22:44:29.0096 5064 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll

22:44:29.0100 5064 iphlpsvc - ok

22:44:29.0128 5064 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

22:44:29.0129 5064 IPMIDRV - ok

22:44:29.0140 5064 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

22:44:29.0141 5064 IPNAT - ok

22:44:29.0288 5064 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

22:44:29.0293 5064 iPod Service - ok

22:44:29.0326 5064 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

22:44:29.0327 5064 IRENUM - ok

22:44:29.0344 5064 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

22:44:29.0344 5064 isapnp - ok

22:44:29.0381 5064 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

22:44:29.0383 5064 iScsiPrt - ok

22:44:29.0431 5064 ISWKL (bf65e6d039ae37c988d5b2b680e7d718) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys

22:44:29.0432 5064 ISWKL - ok

22:44:29.0514 5064 IswSvc (99148599fe4d0a5cd7c7eb74ed5a63e4) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

22:44:29.0519 5064 IswSvc - ok

22:44:29.0562 5064 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

22:44:29.0563 5064 kbdclass - ok

22:44:29.0591 5064 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys

22:44:29.0591 5064 kbdhid - ok

22:44:29.0633 5064 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

22:44:29.0635 5064 KeyIso - ok

22:44:29.0710 5064 KL1 (8d7120743a0973ceab548b475c9d4289) C:\windows\system32\DRIVERS\kl1.sys

22:44:29.0713 5064 KL1 - ok

22:44:29.0725 5064 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\windows\system32\DRIVERS\kl2.sys

22:44:29.0725 5064 kl2 - ok

22:44:29.0794 5064 KLIF (a4813ee804a1d96dcb01aefd7f565c6b) C:\windows\system32\DRIVERS\klif.sys

22:44:29.0797 5064 KLIF - ok

22:44:29.0824 5064 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

22:44:29.0825 5064 KSecDD - ok

22:44:29.0851 5064 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

22:44:29.0853 5064 KSecPkg - ok

22:44:29.0888 5064 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

22:44:29.0888 5064 ksthunk - ok

22:44:29.0955 5064 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

22:44:29.0958 5064 KtmRm - ok

22:44:30.0016 5064 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll

22:44:30.0019 5064 LanmanServer - ok

22:44:30.0042 5064 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll

22:44:30.0044 5064 LanmanWorkstation - ok

22:44:30.0086 5064 LHDmgr (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys

22:44:30.0086 5064 LHDmgr - ok

22:44:30.0120 5064 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

22:44:30.0121 5064 lltdio - ok

22:44:30.0180 5064 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

22:44:30.0183 5064 lltdsvc - ok

22:44:30.0208 5064 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

22:44:30.0210 5064 lmhosts - ok

22:44:30.0305 5064 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

22:44:30.0307 5064 LMS - ok

22:44:30.0352 5064 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys

22:44:30.0353 5064 LSI_FC - ok

22:44:30.0371 5064 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys

22:44:30.0372 5064 LSI_SAS - ok

22:44:30.0388 5064 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys

22:44:30.0389 5064 LSI_SAS2 - ok

22:44:30.0420 5064 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys

22:44:30.0421 5064 LSI_SCSI - ok

22:44:30.0452 5064 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

22:44:30.0453 5064 luafv - ok

22:44:30.0539 5064 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys

22:44:30.0540 5064 MBAMProtector - ok

22:44:30.0659 5064 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

22:44:30.0663 5064 MBAMService - ok

22:44:30.0676 5064 McAfee SiteAdvisor Service - ok

22:44:30.0709 5064 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll

22:44:30.0711 5064 Mcx2Svc - ok

22:44:30.0751 5064 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys

22:44:30.0752 5064 megasas - ok

22:44:30.0798 5064 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys

22:44:30.0800 5064 MegaSR - ok

22:44:30.0834 5064 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys

22:44:30.0834 5064 MEIx64 - ok

22:44:30.0856 5064 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

22:44:30.0858 5064 MMCSS - ok

22:44:30.0871 5064 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

22:44:30.0872 5064 Modem - ok

22:44:30.0903 5064 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

22:44:30.0904 5064 monitor - ok

22:44:30.0929 5064 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

22:44:30.0930 5064 mouclass - ok

22:44:30.0963 5064 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

22:44:30.0964 5064 mouhid - ok

22:44:30.0999 5064 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

22:44:31.0000 5064 mountmgr - ok

22:44:31.0024 5064 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

22:44:31.0025 5064 mpio - ok

22:44:31.0047 5064 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

22:44:31.0048 5064 mpsdrv - ok

22:44:31.0143 5064 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll

22:44:31.0149 5064 MpsSvc - ok

22:44:31.0181 5064 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

22:44:31.0183 5064 MRxDAV - ok

22:44:31.0219 5064 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

22:44:31.0220 5064 mrxsmb - ok

22:44:31.0271 5064 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

22:44:31.0273 5064 mrxsmb10 - ok

22:44:31.0305 5064 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

22:44:31.0306 5064 mrxsmb20 - ok

22:44:31.0324 5064 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys

22:44:31.0325 5064 msahci - ok

22:44:31.0348 5064 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

22:44:31.0349 5064 msdsm - ok

22:44:31.0378 5064 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

22:44:31.0380 5064 MSDTC - ok

22:44:31.0396 5064 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

22:44:31.0396 5064 Msfs - ok

22:44:31.0409 5064 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

22:44:31.0409 5064 mshidkmdf - ok

22:44:31.0426 5064 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

22:44:31.0426 5064 msisadrv - ok

22:44:31.0478 5064 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

22:44:31.0479 5064 MSiSCSI - ok

22:44:31.0482 5064 msiserver - ok

22:44:31.0511 5064 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

22:44:31.0512 5064 MSKSSRV - ok

22:44:31.0525 5064 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

22:44:31.0525 5064 MSPCLOCK - ok

22:44:31.0542 5064 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

22:44:31.0542 5064 MSPQM - ok

22:44:31.0594 5064 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

22:44:31.0596 5064 MsRPC - ok

22:44:31.0614 5064 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

22:44:31.0614 5064 mssmbios - ok

22:44:31.0632 5064 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

22:44:31.0632 5064 MSTEE - ok

22:44:31.0652 5064 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys

22:44:31.0653 5064 MTConfig - ok

22:44:31.0670 5064 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

22:44:31.0671 5064 Mup - ok

22:44:31.0768 5064 MyWiFiDHCPDNS (f6ea50dbc391f04ca49427010657ccb3) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

22:44:31.0770 5064 MyWiFiDHCPDNS - ok

22:44:31.0831 5064 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll

22:44:31.0835 5064 napagent - ok

22:44:31.0888 5064 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

22:44:31.0890 5064 NativeWifiP - ok

22:44:32.0008 5064 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys

22:44:32.0014 5064 NDIS - ok

22:44:32.0035 5064 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

22:44:32.0036 5064 NdisCap - ok

22:44:32.0056 5064 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

22:44:32.0057 5064 NdisTapi - ok

22:44:32.0083 5064 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

22:44:32.0084 5064 Ndisuio - ok

22:44:32.0131 5064 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

22:44:32.0133 5064 NdisWan - ok

22:44:32.0152 5064 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

22:44:32.0153 5064 NDProxy - ok

22:44:32.0179 5064 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\windows\system32\DRIVERS\netaapl64.sys

22:44:32.0180 5064 Netaapl - ok

22:44:32.0210 5064 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

22:44:32.0211 5064 NetBIOS - ok

22:44:32.0256 5064 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

22:44:32.0258 5064 NetBT - ok

22:44:32.0300 5064 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

22:44:32.0301 5064 Netlogon - ok

22:44:32.0375 5064 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

22:44:32.0379 5064 Netman - ok

22:44:32.0438 5064 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

22:44:32.0442 5064 netprofm - ok

22:44:32.0533 5064 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:44:32.0534 5064 NetTcpPortSharing - ok

22:44:33.0152 5064 NETwNs64 (30933bb56fb611d0252bad488adfb533) C:\windows\system32\DRIVERS\NETwNs64.sys

22:44:33.0201 5064 NETwNs64 - ok

22:44:33.0371 5064 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys

22:44:33.0372 5064 nfrd960 - ok

22:44:33.0440 5064 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll

22:44:33.0443 5064 NlaSvc - ok

22:44:33.0457 5064 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

22:44:33.0457 5064 Npfs - ok

22:44:33.0477 5064 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

22:44:33.0479 5064 nsi - ok

22:44:33.0489 5064 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

22:44:33.0489 5064 nsiproxy - ok

22:44:33.0640 5064 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

22:44:33.0650 5064 Ntfs - ok

22:44:33.0783 5064 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

22:44:33.0783 5064 Null - ok

22:44:34.0474 5064 nvlddmkm (7328528daf9b8a486e16595a35043db0) C:\windows\system32\DRIVERS\nvlddmkm.sys

22:44:34.0552 5064 nvlddmkm - ok

22:44:34.0656 5064 nvpciflt (8ae5a124f3b65c3ec531d251a3e9c87f) C:\windows\system32\DRIVERS\nvpciflt.sys

22:44:34.0657 5064 nvpciflt - ok

22:44:34.0692 5064 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

22:44:34.0694 5064 nvraid - ok

22:44:34.0710 5064 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

22:44:34.0711 5064 nvstor - ok

22:44:34.0817 5064 NVSvc (cea3416907c17bb6623d9cb1e015b3c4) C:\windows\system32\nvvsvc.exe

22:44:34.0824 5064 NVSvc - ok

22:44:35.0063 5064 nvUpdatusService (741688e5a65cc43567bcc329ae130075) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

22:44:35.0076 5064 nvUpdatusService - ok

22:44:35.0240 5064 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

22:44:35.0241 5064 nv_agp - ok

22:44:35.0392 5064 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

22:44:35.0395 5064 odserv - ok

22:44:35.0403 5064 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

22:44:35.0404 5064 ohci1394 - ok

22:44:35.0447 5064 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:44:35.0448 5064 ose - ok

22:44:35.0496 5064 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

22:44:35.0499 5064 p2pimsvc - ok

22:44:35.0553 5064 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

22:44:35.0556 5064 p2psvc - ok

22:44:35.0567 5064 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys

22:44:35.0568 5064 Parport - ok

22:44:35.0603 5064 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys

22:44:35.0604 5064 partmgr - ok

22:44:35.0638 5064 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

22:44:35.0641 5064 PcaSvc - ok

22:44:35.0687 5064 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

22:44:35.0689 5064 pci - ok

22:44:35.0701 5064 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys

22:44:35.0701 5064 pciide - ok

22:44:35.0725 5064 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys

22:44:35.0727 5064 pcmcia - ok

22:44:35.0741 5064 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

22:44:35.0742 5064 pcw - ok

22:44:35.0813 5064 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

22:44:35.0817 5064 PEAUTH - ok

22:44:35.0909 5064 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

22:44:35.0911 5064 PerfHost - ok

22:44:36.0062 5064 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll

22:44:36.0072 5064 pla - ok

22:44:36.0144 5064 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll

22:44:36.0148 5064 PlugPlay - ok

22:44:36.0159 5064 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

22:44:36.0161 5064 PNRPAutoReg - ok

22:44:36.0208 5064 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

22:44:36.0211 5064 PNRPsvc - ok

22:44:36.0278 5064 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll

22:44:36.0282 5064 PolicyAgent - ok

22:44:36.0321 5064 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

22:44:36.0324 5064 Power - ok

22:44:36.0404 5064 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

22:44:36.0405 5064 PptpMiniport - ok

22:44:36.0427 5064 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys

22:44:36.0428 5064 Processor - ok

22:44:36.0485 5064 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll

22:44:36.0487 5064 ProfSvc - ok

22:44:36.0522 5064 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

22:44:36.0524 5064 ProtectedStorage - ok

22:44:36.0549 5064 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

22:44:36.0551 5064 Psched - ok

22:44:36.0721 5064 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys

22:44:36.0731 5064 ql2300 - ok

22:44:36.0878 5064 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys

22:44:36.0879 5064 ql40xx - ok

22:44:36.0929 5064 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

22:44:36.0932 5064 QWAVE - ok

22:44:36.0953 5064 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

22:44:36.0954 5064 QWAVEdrv - ok

22:44:36.0957 5064 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

22:44:36.0958 5064 RasAcd - ok

22:44:37.0000 5064 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

22:44:37.0000 5064 RasAgileVpn - ok

22:44:37.0024 5064 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

22:44:37.0026 5064 RasAuto - ok

22:44:37.0064 5064 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

22:44:37.0066 5064 Rasl2tp - ok

22:44:37.0125 5064 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll

22:44:37.0128 5064 RasMan - ok

22:44:37.0160 5064 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

22:44:37.0161 5064 RasPppoe - ok

22:44:37.0182 5064 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

22:44:37.0183 5064 RasSstp - ok

22:44:37.0226 5064 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

22:44:37.0229 5064 rdbss - ok

22:44:37.0243 5064 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys

22:44:37.0244 5064 rdpbus - ok

22:44:37.0265 5064 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

22:44:37.0266 5064 RDPCDD - ok

22:44:37.0279 5064 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

22:44:37.0280 5064 RDPENCDD - ok

22:44:37.0316 5064 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

22:44:37.0316 5064 RDPREFMP - ok

22:44:37.0369 5064 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys

22:44:37.0371 5064 RDPWD - ok

22:44:37.0407 5064 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

22:44:37.0409 5064 rdyboost - ok

22:44:37.0540 5064 RegSrvc (9276f4d4109fc349925d28e00e533146) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

22:44:37.0545 5064 RegSrvc - ok

22:44:37.0585 5064 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

22:44:37.0586 5064 RemoteAccess - ok

22:44:37.0631 5064 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

22:44:37.0633 5064 RemoteRegistry - ok

22:44:37.0731 5064 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys

22:44:37.0733 5064 RFCOMM - ok

22:44:37.0755 5064 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

22:44:37.0757 5064 RpcEptMapper - ok

22:44:37.0785 5064 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

22:44:37.0786 5064 RpcLocator - ok

22:44:37.0843 5064 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

22:44:37.0847 5064 RpcSs - ok

22:44:37.0885 5064 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

22:44:37.0886 5064 rspndr - ok

22:44:37.0962 5064 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RtsUVStor.sys

22:44:37.0964 5064 RSUSBVSTOR - ok

22:44:38.0028 5064 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\windows\system32\DRIVERS\Rt64win7.sys

22:44:38.0030 5064 RTL8167 - ok

22:44:38.0135 5064 RtLedService (a11ab0af5c7c2724d493f837c51f1575) C:\Program Files\Realtek\RtLED\RtLEDService.exe

22:44:38.0137 5064 RtLedService - ok

22:44:38.0167 5064 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

22:44:38.0168 5064 SamSs - ok

22:44:38.0215 5064 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

22:44:38.0217 5064 sbp2port - ok

22:44:38.0270 5064 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

22:44:38.0273 5064 SCardSvr - ok

22:44:38.0288 5064 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

22:44:38.0288 5064 scfilter - ok

22:44:38.0391 5064 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll

22:44:38.0399 5064 Schedule - ok

22:44:38.0433 5064 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

22:44:38.0434 5064 SCPolicySvc - ok

22:44:38.0452 5064 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll

22:44:38.0454 5064 SDRSVC - ok

22:44:38.0499 5064 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

22:44:38.0500 5064 secdrv - ok

22:44:38.0519 5064 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll

22:44:38.0521 5064 seclogon - ok

22:44:38.0556 5064 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll

22:44:38.0558 5064 SENS - ok

22:44:38.0579 5064 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

22:44:38.0581 5064 SensrSvc - ok

22:44:38.0602 5064 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys

22:44:38.0603 5064 Serenum - ok

22:44:38.0621 5064 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys

22:44:38.0622 5064 Serial - ok

22:44:38.0636 5064 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys

22:44:38.0637 5064 sermouse - ok

22:44:38.0672 5064 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll

22:44:38.0674 5064 SessionEnv - ok

22:44:38.0678 5064 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

22:44:38.0679 5064 sffdisk - ok

22:44:38.0682 5064 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

22:44:38.0683 5064 sffp_mmc - ok

22:44:38.0688 5064 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

22:44:38.0689 5064 sffp_sd - ok

22:44:38.0692 5064 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys

22:44:38.0693 5064 sfloppy - ok

22:44:38.0744 5064 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll

22:44:38.0747 5064 SharedAccess - ok

22:44:38.0811 5064 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll

22:44:38.0814 5064 ShellHWDetection - ok

22:44:38.0821 5064 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys

22:44:38.0822 5064 SiSRaid2 - ok

22:44:38.0849 5064 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys

22:44:38.0850 5064 SiSRaid4 - ok

22:44:38.0863 5064 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

22:44:38.0864 5064 Smb - ok

22:44:38.0889 5064 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

22:44:38.0891 5064 SNMPTRAP - ok

22:44:38.0906 5064 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

22:44:38.0906 5064 spldr - ok

22:44:38.0966 5064 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe

22:44:38.0971 5064 Spooler - ok

22:44:39.0232 5064 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe

22:44:39.0254 5064 sppsvc - ok

22:44:39.0386 5064 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

22:44:39.0388 5064 sppuinotify - ok

22:44:39.0459 5064 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

22:44:39.0462 5064 srv - ok

22:44:39.0511 5064 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

22:44:39.0514 5064 srv2 - ok

22:44:39.0547 5064 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

22:44:39.0549 5064 srvnet - ok

22:44:39.0591 5064 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

22:44:39.0594 5064 SSDPSRV - ok

22:44:39.0617 5064 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

22:44:39.0619 5064 SstpSvc - ok

22:44:39.0645 5064 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys

22:44:39.0646 5064 stexstor - ok

22:44:39.0694 5064 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys

22:44:39.0695 5064 StillCam - ok

22:44:39.0788 5064 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll

22:44:39.0793 5064 stisvc - ok

22:44:39.0826 5064 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

22:44:39.0827 5064 swenum - ok

22:44:39.0890 5064 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

22:44:39.0894 5064 swprv - ok

22:44:40.0055 5064 SynTP (08425cd92972c6430f350a9697f4a553) C:\windows\system32\DRIVERS\SynTP.sys

22:44:40.0064 5064 SynTP - ok

22:44:40.0335 5064 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll

22:44:40.0346 5064 SysMain - ok

22:44:40.0435 5064 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll

22:44:40.0437 5064 TabletInputService - ok

22:44:40.0478 5064 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll

22:44:40.0481 5064 TapiSrv - ok

22:44:40.0505 5064 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

22:44:40.0507 5064 TBS - ok

22:44:40.0725 5064 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys

22:44:40.0736 5064 Tcpip - ok

22:44:41.0015 5064 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys

22:44:41.0026 5064 TCPIP6 - ok

22:44:41.0122 5064 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

22:44:41.0123 5064 tcpipreg - ok

22:44:41.0135 5064 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

22:44:41.0135 5064 TDPIPE - ok

22:44:41.0162 5064 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys

22:44:41.0162 5064 TDTCP - ok

22:44:41.0195 5064 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

22:44:41.0197 5064 tdx - ok

22:44:41.0233 5064 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys

22:44:41.0234 5064 TermDD - ok

22:44:41.0326 5064 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll

22:44:41.0331 5064 TermService - ok

22:44:41.0350 5064 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

22:44:41.0352 5064 Themes - ok

22:44:41.0390 5064 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

22:44:41.0391 5064 THREADORDER - ok

22:44:41.0419 5064 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

22:44:41.0422 5064 TrkWks - ok

22:44:41.0480 5064 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe

22:44:41.0482 5064 TrustedInstaller - ok

22:44:41.0505 5064 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

22:44:41.0506 5064 tssecsrv - ok

22:44:41.0556 5064 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

22:44:41.0557 5064 TsUsbFlt - ok

22:44:41.0563 5064 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys

22:44:41.0563 5064 TsUsbGD - ok

22:44:41.0604 5064 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

22:44:41.0605 5064 tunnel - ok

22:44:41.0628 5064 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys

22:44:41.0629 5064 uagp35 - ok

22:44:41.0676 5064 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

22:44:41.0678 5064 udfs - ok

22:44:41.0708 5064 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

22:44:41.0710 5064 UI0Detect - ok

22:44:41.0749 5064 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

22:44:41.0750 5064 uliagpkx - ok

22:44:41.0773 5064 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys

22:44:41.0774 5064 umbus - ok

22:44:41.0799 5064 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys

22:44:41.0800 5064 UmPass - ok

22:44:42.0041 5064 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

22:44:42.0056 5064 UNS - ok

22:44:42.0230 5064 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

22:44:42.0234 5064 upnphost - ok

22:44:42.0297 5064 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys

22:44:42.0298 5064 USBAAPL64 - ok

22:44:42.0331 5064 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

22:44:42.0332 5064 usbccgp - ok

22:44:42.0369 5064 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

22:44:42.0370 5064 usbcir - ok

22:44:42.0392 5064 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys

22:44:42.0393 5064 usbehci - ok

22:44:42.0448 5064 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

22:44:42.0451 5064 usbhub - ok

22:44:42.0464 5064 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

22:44:42.0465 5064 usbohci - ok

22:44:42.0471 5064 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys

22:44:42.0472 5064 usbprint - ok

22:44:42.0496 5064 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

22:44:42.0497 5064 USBSTOR - ok

22:44:42.0502 5064 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

22:44:42.0502 5064 usbuhci - ok

22:44:42.0548 5064 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys

22:44:42.0550 5064 usbvideo - ok

22:44:42.0583 5064 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

22:44:42.0585 5064 UxSms - ok

22:44:42.0622 5064 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

22:44:42.0623 5064 VaultSvc - ok

22:44:42.0656 5064 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

22:44:42.0657 5064 vdrvroot - ok

22:44:42.0721 5064 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe

22:44:42.0726 5064 vds - ok

22:44:42.0731 5064 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

22:44:42.0732 5064 vga - ok

22:44:42.0751 5064 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

22:44:42.0752 5064 VgaSave - ok

22:44:42.0776 5064 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

22:44:42.0777 5064 vhdmp - ok

22:44:42.0781 5064 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

22:44:42.0783 5064 viaide - ok

22:44:42.0828 5064 vm2uvcflt (5cb80afa98111fc6ed6e8702a0d7ac5b) C:\windows\system32\Drivers\vm2uvcflt.sys

22:44:42.0829 5064 vm2uvcflt - ok

22:44:42.0876 5064 vm332avs (d8bd0784aadce2aaee8f8e2c57a0bc7c) C:\windows\system32\Drivers\vm332avs.sys

22:44:42.0877 5064 vm332avs - ok

22:44:42.0901 5064 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

22:44:42.0902 5064 volmgr - ok

22:44:42.0949 5064 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

22:44:42.0952 5064 volmgrx - ok

22:44:42.0991 5064 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

22:44:42.0993 5064 volsnap - ok

22:44:43.0061 5064 Vsdatant (239d8d72730226cd460bdc8ca0a23d43) C:\windows\system32\DRIVERS\vsdatant.sys

22:44:43.0064 5064 Vsdatant - ok

22:44:43.0119 5064 vsmon - ok

22:44:43.0166 5064 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys

22:44:43.0168 5064 vsmraid - ok

22:44:43.0336 5064 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe

22:44:43.0346 5064 VSS - ok

22:44:43.0483 5064 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

22:44:43.0484 5064 vwifibus - ok

22:44:43.0504 5064 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

22:44:43.0505 5064 vwififlt - ok

22:44:43.0522 5064 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys

22:44:43.0522 5064 vwifimp - ok

22:44:43.0590 5064 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

22:44:43.0594 5064 W32Time - ok

22:44:43.0600 5064 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys

22:44:43.0601 5064 WacomPen - ok

22:44:43.0641 5064 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

22:44:43.0642 5064 WANARP - ok

22:44:43.0645 5064 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

22:44:43.0646 5064 Wanarpv6 - ok

22:44:43.0772 5064 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe

22:44:43.0780 5064 WatAdminSvc - ok

22:44:43.0893 5064 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe

22:44:43.0903 5064 wbengine - ok

22:44:44.0048 5064 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

22:44:44.0051 5064 WbioSrvc - ok

22:44:44.0097 5064 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll

22:44:44.0101 5064 wcncsvc - ok

22:44:44.0119 5064 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

22:44:44.0121 5064 WcsPlugInService - ok

22:44:44.0170 5064 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys

22:44:44.0171 5064 Wd - ok

22:44:44.0201 5064 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys

22:44:44.0202 5064 WDC_SAM - ok

22:44:44.0276 5064 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

22:44:44.0280 5064 Wdf01000 - ok

22:44:44.0303 5064 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

22:44:44.0305 5064 WdiServiceHost - ok

22:44:44.0307 5064 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

22:44:44.0310 5064 WdiSystemHost - ok

22:44:44.0332 5064 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\windows\system32\DRIVERS\WDKMD.sys

22:44:44.0333 5064 wdkmd - ok

22:44:44.0366 5064 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll

22:44:44.0369 5064 WebClient - ok

22:44:44.0408 5064 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

22:44:44.0411 5064 Wecsvc - ok

22:44:44.0434 5064 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

22:44:44.0436 5064 wercplsupport - ok

22:44:44.0458 5064 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

22:44:44.0460 5064 WerSvc - ok

22:44:44.0487 5064 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

22:44:44.0488 5064 WfpLwf - ok

22:44:44.0501 5064 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

22:44:44.0502 5064 WIMMount - ok

22:44:44.0544 5064 WinDefend - ok

22:44:44.0550 5064 WinHttpAutoProxySvc - ok

22:44:44.0613 5064 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

22:44:44.0615 5064 Winmgmt - ok

22:44:44.0831 5064 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll

22:44:44.0844 5064 WinRM - ok

22:44:45.0030 5064 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys

22:44:45.0031 5064 WinUsb - ok

22:44:45.0122 5064 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

22:44:45.0128 5064 Wlansvc - ok

22:44:45.0202 5064 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

22:44:45.0203 5064 wlcrasvc - ok

22:44:45.0369 5064 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

22:44:45.0382 5064 wlidsvc - ok

22:44:45.0551 5064 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys

22:44:45.0552 5064 WmiAcpi - ok

22:44:45.0613 5064 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

22:44:45.0614 5064 wmiApSrv - ok

22:44:45.0660 5064 WMPNetworkSvc - ok

22:44:45.0698 5064 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

22:44:45.0700 5064 WPCSvc - ok

22:44:45.0721 5064 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll

22:44:45.0724 5064 WPDBusEnum - ok

22:44:45.0735 5064 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

22:44:45.0736 5064 ws2ifsl - ok

22:44:45.0757 5064 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll

22:44:45.0759 5064 wscsvc - ok

22:44:45.0762 5064 WSearch - ok

22:44:45.0818 5064 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys

22:44:45.0819 5064 wsvd - ok

22:44:46.0022 5064 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll

22:44:46.0037 5064 wuauserv - ok

22:44:46.0206 5064 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

22:44:46.0207 5064 WudfPf - ok

22:44:46.0243 5064 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

22:44:46.0244 5064 WUDFRd - ok

22:44:46.0280 5064 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll

22:44:46.0283 5064 wudfsvc - ok

22:44:46.0315 5064 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

22:44:46.0318 5064 WwanSvc - ok

22:44:46.0345 5064 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

22:44:46.0622 5064 \Device\Harddisk0\DR0 - ok

22:44:46.0626 5064 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

22:44:46.0629 5064 \Device\Harddisk1\DR1 - ok

22:44:46.0632 5064 Boot (0x1200) (96c949add9de0d267bda55236f2326fc) \Device\Harddisk0\DR0\Partition0

22:44:46.0633 5064 \Device\Harddisk0\DR0\Partition0 - ok

22:44:46.0646 5064 Boot (0x1200) (29059a7663083154c88446c6b5dce1a7) \Device\Harddisk0\DR0\Partition1

22:44:46.0648 5064 \Device\Harddisk0\DR0\Partition1 - ok

22:44:46.0671 5064 Boot (0x1200) (f9a349a6e735581f57c51603d2fd6423) \Device\Harddisk0\DR0\Partition2

22:44:46.0673 5064 \Device\Harddisk0\DR0\Partition2 - ok

22:44:46.0676 5064 Boot (0x1200) (046a5f89b9a5f6b9260f98e8243f6186) \Device\Harddisk1\DR1\Partition0

22:44:46.0678 5064 \Device\Harddisk1\DR1\Partition0 - ok

22:44:46.0679 5064 ============================================================

22:44:46.0679 5064 Scan finished

22:44:46.0679 5064 ============================================================

22:44:46.0686 4904 Detected object count: 0

22:44:46.0686 4904 Actual detected object count: 0

aswMBR log::

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-08 22:46:45

-----------------------------

22:46:45.892 OS Version: Windows x64 6.1.7601 Service Pack 1

22:46:45.892 Number of processors: 4 586 0x2A07

22:46:45.892 ComputerName: LENOVOSITTING UserName: Mike

22:46:48.203 Initialize success

22:47:28.103 AVAST engine defs: 12070801

22:47:37.478 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

22:47:37.481 Disk 0 Vendor: WDC_WD50 03.0 Size: 476940MB BusType: 3

22:47:37.496 Disk 0 MBR read successfully

22:47:37.498 Disk 0 MBR scan

22:47:37.503 Disk 0 Windows 7 default MBR code

22:47:37.506 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048

22:47:37.519 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 431938 MB offset 411648

22:47:37.524 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 885020672

22:47:37.555 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 945829888

22:47:37.588 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 885022720

22:47:37.621 Disk 0 scanning C:\windows\system32\drivers

22:47:46.687 Service scanning

22:48:05.080 Modules scanning

22:48:05.087 Disk 0 trace - called modules:

22:48:05.106 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

22:48:05.110 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e69790]

22:48:05.115 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f71050]

22:48:07.290 AVAST engine scan C:\windows

22:48:10.238 AVAST engine scan C:\windows\system32

22:50:07.712 AVAST engine scan C:\windows\system32\drivers

22:50:17.832 AVAST engine scan C:\Users\Mike

22:57:35.654 AVAST engine scan C:\ProgramData

22:59:06.268 Scan finished successfully

22:59:38.554 Disk 0 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat"

22:59:38.559 The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR.txt"

Link to post
Share on other sites

  • Staff

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

No problems running and so far no more redirects!

Log below:

ComboFix 12-07-08.01 - Mike 07/09/2012 7:47.4.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.3769 [GMT -4:00]

Running from: c:\users\Mike\Desktop\ComboFix.exe

Command switches used :: c:\users\Mike\Desktop\CFScript.txt.txt

FW: ZoneAlarm Extreme Security Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Mike\AppData\Local\Temp\IswTmp\WH\0

.

.

((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))

.

.

2012-07-09 12:00 . 2012-07-09 12:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-08 14:30 . 2012-07-08 14:30 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03B6D068-1A41-4481-9854-E421A0E550BF}\offreg.dll

2012-07-07 23:54 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03B6D068-1A41-4481-9854-E421A0E550BF}\mpengine.dll

2012-06-19 14:21 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-19 14:21 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-19 14:21 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-19 14:21 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-19 14:21 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-19 14:21 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-19 14:21 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-19 14:21 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-19 14:21 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-18 00:30 . 2012-06-18 00:30 -------- d-----w- c:\users\Mike\AppData\Local\Diagnostics

2012-06-12 20:29 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-11 18:46 . 2012-05-11 18:46 644400 ----a-w- c:\windows\SysWow64\mscomct2.ocx

2012-04-23 18:52 . 2012-04-23 18:52 10 ----a-w- c:\windows\Fonts\wfonts.key

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-06 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]

"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]

"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]

"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-11-06 329056]

"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-12-19 73360]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]

CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088]

SRS Premium Sound.lnk - c:\program files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe [2010-12-17 1927528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"LocalAccountTokenFilterPolicy"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06 136176]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06 136176]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-11-09 8500736]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-15 1255736]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-11-06 57952]

S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-11-06 39008]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-06 25960]

S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-11-06 13408]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-10-14 11864]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2011-03-16 222720]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-02-06 13672]

S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 33672]

S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 827520]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-06 2009704]

S2 RtLedService;RtLedService Installer;c:\program files\Realtek\RtLED\RtLEDService.exe [2010-09-30 311296]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-11-06 29792]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-05 31088]

S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2011-11-03 45448]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]

S3 vm2uvcflt;Vimicro USB Camera Filter 2;c:\windows\system32\Drivers\vm2uvcflt.sys [2010-09-21 15056]

S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [2011-02-14 234960]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 07762779

*NewlyCreated* - ASWMBR

*Deregistered* - 07762779

*Deregistered* - aswMBR

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06 03:11]

.

2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06 03:11]

.

2012-06-23 c:\windows\Tasks\hpwebreg_CN11F111WV05JW.job

- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\hpwebreg.exe [2010-11-17 01:29]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]

@="{771C7324-DA80-49D3-8017-753B0AF60951}"

[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]

2011-11-06 03:00 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-14 11697768]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]

"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-11-06 114688]

"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-11-06 789920]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-11-06 9769888]

"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-11-06 5908928]

"ISW"="" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://lenovo.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-07-09 08:15:44

ComboFix-quarantined-files.txt 2012-07-09 12:15

ComboFix2.txt 2012-07-08 15:21

.

Pre-Run: 361,887,666,176 bytes free

Post-Run: 361,716,645,888 bytes free

.

- - End Of File - - 4B0F24CEADC65EB1E1751B407B9F7A1C

Link to post
Share on other sites

  • Staff

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

"information and logs"

  • In your next post I need the following
  1. Log From MBAM
  2. report from Hijackthis
  3. let me know of any problems you may have had
  4. How is the computer doing now?

Gringo

Link to post
Share on other sites

So far no problems:

mbam log:

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.10.14

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Mike :: LENOVOSITTING [administrator]

Protection: Enabled

7/10/2012 10:43:51 PM

mbam-log-2012-07-10 (22-43-51).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 229503

Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:54:53 PM, on 7/10/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\USB Camera2\VM332_STI.EXE

C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

C:\Program Files\CrashPlan\CrashPlanTray.exe

C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Mike\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)

O4 - HKLM\..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE

O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"

O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

O4 - HKLM\..\Run: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

O4 - HKLM\..\Run: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-21-1067933320-4081318639-1197085019-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-1067933320-4081318639-1197085019-1000\..\Run: [FactoryTest] C:\Windows\Test.bat (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-1067933320-4081318639-1197085019-1000\..\Run: [Power2GoExpress] NA (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-1067933320-4081318639-1197085019-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Startup: Dropbox.lnk = Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

O4 - Global Startup: CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe

O4 - Global Startup: SRS Premium Sound.lnk = C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CrashPlan Backup Service (CrashPlanService) - CrashPlan - C:\Program Files\CrashPlan\CrashPlanService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ZoneAlarm ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: RtLedService Installer (RtLedService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtLED\RtLEDService.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 13315 bytes

Link to post
Share on other sites

  • Staff

Greetings

uninstall flash and reinstall and see if it helps with youtube

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):


    • O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
      O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKUS\S-1-5-21-1067933320-4081318639-1197085019-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-1067933320-4081318639-1197085019-1000\..\Run: [FactoryTest] C:\Windows\Test.bat (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-1067933320-4081318639-1197085019-1000\..\Run: [Power2GoExpress] NA (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-1067933320-4081318639-1197085019-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
      O4 - Startup: Dropbox.lnk = Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

    [*] Close all open windows and browsers/email, etc...

    [*] Click on the "Fix Checked" button

    [*] When completed, close the application.

    • NOTE**You can research each of those lines
    >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start

    [*]When asked, allow the add/on to be installed

    • Click Start

    [*]Make sure that the option Remove found threats is unticked

    [*]Click on Advanced Settings, ensure the options

    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

    [*]Click Scan

    [*]wait for the virus definitions to be downloaded

    [*]Wait for the scan to finish

When the scan is complete

  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found

  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here

Gringo

Link to post
Share on other sites

<p> </p>

<div>Youtube still not working after flash reinstall.  still troubleshooting.</div>

<div> </div>

<div>Eset log below:</div>

<div> </div>

<div>C:\Qoobox\Quarantine\C\Users\Mike\AppData\Roaming\l_intl5.dll.vir<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Ponmocup.CU trojan</div>

<div>C:\System Volume Information\SystemRestore\FRStaging\Users\Mike\AppData\Roaming\l_intl5.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Ponmocup.CU trojan</div>

<div> </div>

Link to post
Share on other sites

Youtube still not working after flash reinstall. still troubleshooting

Eset log below

C:\Qoobox\Quarantine\C\Users\Mike\AppData\Roaming\l_intl5.dll.vir a variant of Win32/Ponmocup.CU trojan

C:\System Volume Information\SystemRestore\FRStaging\Users\Mike\AppData\Roaming\l_intl5.dll a variant of Win32/Ponmocup.CU trojan

Link to post
Share on other sites

  • Staff

Hello

The Online scan looks very good!! It is only reporting backups created during the course of this fix!!


  • C:\Qoobox\Quarantine\<-- combofix
    C:\System Volume Information\<-- System restore

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:

  • Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
    They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.
    The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK.

Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • CF-Uninstall.png

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls
CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner
Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)
    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety
Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Gringo

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.