Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

[SOLVED] Worm:Win32/Ainslot.A Keeps Coming Back

This is a discussion on [SOLVED] Worm:Win32/Ainslot.A Keeps Coming Back within the Resolved HJT Threads forums, part of the Tech Support Forum category. Whenever I restart and log on, MSE informs me that I'm infected with Worm:Win32/Ainslot.A, then proceeds to remove it. I


 
 
Thread Tools Search this Thread
Old 04-29-2012, 01:21 PM   #1
Registered Member
 
Join Date: Apr 2012
Posts: 6
OS: Windows 7 Ultimate 64bit SP1



Whenever I restart and log on, MSE informs me that I'm infected with Worm:Win32/Ainslot.A, then proceeds to remove it. I scanned in safemode with Malwarebytes and it detects and deletes the following:

Quote:
Registry Keys Detected: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
Files Detected: 2
C:\Users\Sean\AppData\Local\Temp\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Sean\AppData\Roaming\conhost.exe (Backdoor.CycBot.Gen) -> Quarantined and deleted successfully.
Scanned twice, exact same results. Looking forward to your guidance!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Sean at 12:07:50 on 2012-04-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.8169.6357 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
D:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Hotkey\Hotkey.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Razer\Orochi\RazerOrochiTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [FMCore.exe] "C:\Program Files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe" -standalone
uRun: [AdobeBridge]
uRun: [Google Update] "C:\Users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Eset Service] C:\Users\Sean\AppData\Local\Temp\ekrn.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Razer Orochi Driver] C:\Program Files (x86)\Razer\Orochi\RazerOrochiTray.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4157ED60-67E9-49A3-A3D6-6A611C0E5A10} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4157ED60-67E9-49A3-A3D6-6A611C0E5A10}\2656C6B696E6E2737323 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4157ED60-67E9-49A3-A3D6-6A611C0E5A10}\2656C6B696E6E2737323E2537484A7 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4157ED60-67E9-49A3-A3D6-6A611C0E5A10}\44167737F6E6 : DhcpNameServer = 192.168.169.1
TCP: Interfaces\{4157ED60-67E9-49A3-A3D6-6A611C0E5A10}\5434940275962756C6563737 : DhcpNameServer = 10.10.0.2 10.10.0.5
TCP: Interfaces\{4157ED60-67E9-49A3-A3D6-6A611C0E5A10}\5434940275962756C6563737F52676 : DhcpNameServer = 10.10.0.2 10.10.0.5
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Razer Orochi Driver] C:\Program Files (x86)\Razer\Orochi\RazerOrochiTray.exe
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\8bhtnmad.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig
FF - prefs.js: network.proxy.ftp - 220.227.90.238
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 220.227.90.238
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 220.227.90.238
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 220.227.90.238
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Users\Sean\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
FF - plugin: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;D:\Program Files\Hi-Rez Studios\HiPatchService.exe [2012-4-19 8704]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-3 897088]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-3 983104]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2011-2-15 33792]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-8 2656280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys --> C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-3 1298496]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R4 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-29 654408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 253088]
S3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\system32\drivers\btmaud.sys --> C:\Windows\system32\drivers\btmaud.sys [?]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
S3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-7-9 1431888]
S3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
.
=============== Created Last 30 ================
.
2012-04-29 19:07:42 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE841C46-F3D3-4324-AAA3-10197CD6E1AA}\offreg.dll
2012-04-29 19:03:16 32072 ----a-w- C:\Users\Sean\AppData\Roaming\conhost.exe
2012-04-29 17:19:55 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-04-29 15:40:14 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE841C46-F3D3-4324-AAA3-10197CD6E1AA}\mpengine.dll
2012-04-29 15:32:49 -------- d-----w- C:\Windows\Temp62390B52-DE0B-96FC-850B-844FFC6D4B11-Signatures
2012-04-29 07:03:51 -------- d-----w- C:\Windows\Temp72773BAD-4ABA-DE70-5C73-839A3ADD58B1-Signatures
2012-04-28 17:03:21 -------- d-----w- C:\Windows\Temp5FE0CD7D-868D-4B26-B2D7-0615C1E04627-Signatures
2012-04-27 00:20:47 -------- d-----w- C:\Windows\TempB3EF0588-F974-054B-DB7D-0CB93C6536C7-Signatures
2012-04-26 23:54:07 -------- d-----w- C:\Windows\TempE1303BD8-13D0-42E0-ECFB-5641C2C1EBEB-Signatures
2012-04-26 23:52:56 -------- d-----w- C:\Windows\Temp25A35CC7-FFE8-37E5-DE09-8615143AB16B-Signatures
2012-04-25 19:24:53 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-04-23 15:31:18 -------- d-----w- C:\Users\Sean\AppData\Roaming\Malwarebytes
2012-04-23 15:31:06 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-20 03:08:35 -------- d-----w- C:\Users\Sean\AppData\Local\Chromium
2012-04-20 01:51:35 -------- d-----w- C:\ProgramData\Hi-Rez Studios
2012-04-17 18:58:14 -------- d-----w- C:\Program Files\iTunes
2012-04-17 18:58:14 -------- d-----w- C:\Program Files\iPod
2012-04-17 02:07:42 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-04-17 02:07:34 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-04-17 0258 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe
2012-04-17 0050 -------- d-----w- C:\Users\Sean\AppData\Roaming\2 8
2012-04-17 0050 -------- d-----w- C:\Users\Sean\AppData\Roaming\2 4
2012-04-16 01:25:25 -------- d-----w- C:\MoTemp
2012-04-12 06:05:16 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 06:05:16 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 06:05:15 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 06:04:30 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 06:04:30 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 06:04:30 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 06:04:30 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 06:04:30 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 06:04:30 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 06:04:30 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-04 20:49:07 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-29 19:07:22 6656 ----a-w- C:\Windows\System32\lpcio.dll
2012-04-25 00:37:05 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 04:17:19 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-04-19 04:17:19 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-04-19 04:05:55 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-04-17 02:46:53 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-02-18 01:27:56 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-17 06:38:27 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 12:08:05.87 ===============
Attached Files
File Type: zip Attach.zip (3.8 KB, 25 views)
ninjasilver is offline  
Sponsored Links
Advertisement
 
Old 05-01-2012, 10:53 PM   #2
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Hello ninjasilver, welcome to TSF.

We need a little more info before we begin.

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator) At this time, select No when prompted to download the Avast database.
Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

==================

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.
__________________

amateur is offline  
Old 05-02-2012, 01:12 AM   #3
Registered Member
 
Join Date: Apr 2012
Posts: 6
OS: Windows 7 Ultimate 64bit SP1



Here are both logs, plus the attatched .dat file:


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-02 00:08:25
-----------------------------
00:08:25.410 OS Version: Windows x64 6.1.7601 Service Pack 1
00:08:25.410 Number of processors: 8 586 0x2A07
00:08:25.410 ComputerName: SEAN-P170HM UserName: Sean
00:08:25.691 Initialize success
00:08:38.650 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:08:38.650 Disk 0 Vendor: INTEL_SSDSC2MH250A2 PWG4 Size: 238475MB BusType: 11
00:08:38.666 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
00:08:38.666 Disk 1 Vendor: ST9500420AS 0002SDM1 Size: 476940MB BusType: 11
00:08:38.666 Disk 0 MBR read successfully
00:08:38.666 Disk 0 MBR scan
00:08:38.666 Disk 0 Windows 7 default MBR code
00:08:38.666 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63
00:08:38.666 Disk 0 scanning C:\Windows\system32\drivers
00:08:39.570 Service scanning
00:08:40.319 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
00:08:41.661 Modules scanning
00:08:41.676 Disk 0 trace - called modules:
00:08:41.692 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
00:08:42.207 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800729b790]
00:08:42.207 3 CLASSPNP.SYS[fffff8800196d43f] -> nt!IofCallDriver -> [0xfffffa800707f520]
00:08:42.222 5 ACPI.sys[fffff88000f887a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800706d1f0]
00:08:42.238 Scan finished successfully
00:08:50.100 Disk 0 MBR has been saved successfully to "C:\Users\Sean\Desktop\MBR.dat"
00:08:50.100 The log file has been saved successfully to "C:\Users\Sean\Desktop\aswMBR.txt"




00:09:05.0940 5584 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
00:09:06.0423 5584 ============================================================
00:09:06.0423 5584 Current date / time: 2012/05/02 00:09:06.0423
00:09:06.0423 5584 SystemInfo:
00:09:06.0423 5584
00:09:06.0423 5584 OS Version: 6.1.7601 ServicePack: 1.0
00:09:06.0423 5584 Product type: Workstation
00:09:06.0423 5584 ComputerName: SEAN-P170HM
00:09:06.0423 5584 UserName: Sean
00:09:06.0423 5584 Windows directory: C:\Windows
00:09:06.0423 5584 System windows directory: C:\Windows
00:09:06.0423 5584 Running under WOW64
00:09:06.0423 5584 Processor architecture: Intel x64
00:09:06.0423 5584 Number of processors: 8
00:09:06.0423 5584 Page size: 0x1000
00:09:06.0423 5584 Boot type: Normal boot
00:09:06.0423 5584 ============================================================
00:09:06.0704 5584 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:09:06.0704 5584 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:09:06.0704 5584 ============================================================
00:09:06.0704 5584 \Device\Harddisk0\DR0:
00:09:06.0704 5584 MBR partitions:
00:09:06.0704 5584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
00:09:06.0704 5584 \Device\Harddisk1\DR1:
00:09:06.0704 5584 MBR partitions:
00:09:06.0704 5584 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
00:09:06.0704 5584 ============================================================
00:09:06.0704 5584 C: <-> \Device\Harddisk0\DR0\Partition0
00:09:07.0000 5584 D: <-> \Device\Harddisk1\DR1\Partition0
00:09:07.0000 5584 ============================================================
00:09:07.0000 5584 Initialize success
00:09:07.0000 5584 ============================================================
00:09:14.0879 4236 ============================================================
00:09:14.0879 4236 Scan started
00:09:14.0879 4236 Mode: Manual;
00:09:14.0879 4236 ============================================================
00:09:15.0097 4236 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
00:09:15.0097 4236 1394ohci - ok
00:09:15.0113 4236 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:09:15.0113 4236 ACPI - ok
00:09:15.0113 4236 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:09:15.0113 4236 AcpiPmi - ok
00:09:15.0128 4236 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:09:15.0128 4236 AdobeARMservice - ok
00:09:15.0159 4236 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:09:15.0159 4236 AdobeFlashPlayerUpdateSvc - ok
00:09:15.0175 4236 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
00:09:15.0191 4236 adp94xx - ok
00:09:15.0191 4236 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
00:09:15.0206 4236 adpahci - ok
00:09:15.0206 4236 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
00:09:15.0206 4236 adpu320 - ok
00:09:15.0206 4236 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:09:15.0206 4236 AeLookupSvc - ok
00:09:15.0222 4236 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:09:15.0237 4236 AFD - ok
00:09:15.0237 4236 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:09:15.0237 4236 agp440 - ok
00:09:15.0237 4236 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:09:15.0237 4236 ALG - ok
00:09:15.0237 4236 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:09:15.0237 4236 aliide - ok
00:09:15.0253 4236 AMD External Events Utility (812349d328eb406815183a5d17b49e7c) C:\Windows\system32\atiesrxx.exe
00:09:15.0253 4236 AMD External Events Utility - ok
00:09:15.0253 4236 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:09:15.0253 4236 amdide - ok
00:09:15.0269 4236 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
00:09:15.0269 4236 AmdK8 - ok
00:09:15.0549 4236 amdkmdag (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys
00:09:15.0612 4236 amdkmdag - ok
00:09:15.0659 4236 amdkmdap (dc24d6f38f17c0d643d9aa8a6852f8d0) C:\Windows\system32\DRIVERS\atikmpag.sys
00:09:15.0659 4236 amdkmdap - ok
00:09:15.0674 4236 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
00:09:15.0674 4236 AmdPPM - ok
00:09:15.0674 4236 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:09:15.0674 4236 amdsata - ok
00:09:15.0690 4236 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
00:09:15.0690 4236 amdsbs - ok
00:09:15.0690 4236 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:09:15.0690 4236 amdxata - ok
00:09:15.0690 4236 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:09:15.0690 4236 AppID - ok
00:09:15.0705 4236 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:09:15.0705 4236 AppIDSvc - ok
00:09:15.0705 4236 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:09:15.0705 4236 Appinfo - ok
00:09:15.0721 4236 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:09:15.0721 4236 Apple Mobile Device - ok
00:09:15.0721 4236 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
00:09:15.0721 4236 AppMgmt - ok
00:09:15.0737 4236 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
00:09:15.0737 4236 arc - ok
00:09:15.0737 4236 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
00:09:15.0737 4236 arcsas - ok
00:09:15.0752 4236 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:09:15.0752 4236 aspnet_state - ok
00:09:15.0768 4236 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:09:15.0768 4236 AsyncMac - ok
00:09:15.0768 4236 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:09:15.0768 4236 atapi - ok
00:09:15.0768 4236 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
00:09:15.0768 4236 AtiHDAudioService - ok
00:09:15.0799 4236 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:09:15.0799 4236 AudioEndpointBuilder - ok
00:09:15.0799 4236 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:09:15.0815 4236 AudioSrv - ok
00:09:15.0815 4236 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:09:15.0815 4236 AxInstSV - ok
00:09:15.0830 4236 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
00:09:15.0830 4236 b06bdrv - ok
00:09:15.0846 4236 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:09:15.0846 4236 b57nd60a - ok
00:09:15.0861 4236 BazisVirtualCDBus (0c38d044ad0009c73c591ce9fa3eac8e) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
00:09:15.0861 4236 BazisVirtualCDBus - ok
00:09:15.0861 4236 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:09:15.0861 4236 BDESVC - ok
00:09:15.0861 4236 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:09:15.0861 4236 Beep - ok
00:09:15.0893 4236 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:09:15.0893 4236 BFE - ok
00:09:15.0924 4236 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
00:09:15.0924 4236 BITS - ok
00:09:15.0939 4236 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:09:15.0939 4236 blbdrive - ok
00:09:15.0955 4236 Bluetooth Device Monitor (093b1b419ef25b15d3a1ca6953f41afb) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
00:09:15.0971 4236 Bluetooth Device Monitor - ok
00:09:16.0002 4236 Bluetooth Media Service (03a7341e94acd92e0831336d4f3ace92) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
00:09:16.0002 4236 Bluetooth Media Service - ok
00:09:16.0033 4236 Bluetooth OBEX Service (a2ebf384ed105fed7d05c5465500ef2e) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
00:09:16.0049 4236 Bluetooth OBEX Service - ok
00:09:16.0064 4236 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
00:09:16.0064 4236 Bonjour Service - ok
00:09:16.0111 4236 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:09:16.0111 4236 bowser - ok
00:09:16.0111 4236 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
00:09:16.0111 4236 BrFiltLo - ok
00:09:16.0111 4236 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
00:09:16.0127 4236 BrFiltUp - ok
00:09:16.0127 4236 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:09:16.0127 4236 Browser - ok
00:09:16.0142 4236 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:09:16.0142 4236 Brserid - ok
00:09:16.0142 4236 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:09:16.0158 4236 BrSerWdm - ok
00:09:16.0158 4236 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:09:16.0158 4236 BrUsbMdm - ok
00:09:16.0158 4236 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:09:16.0158 4236 BrUsbSer - ok
00:09:16.0158 4236 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
00:09:16.0158 4236 BthEnum - ok
00:09:16.0173 4236 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
00:09:16.0173 4236 BTHMODEM - ok
00:09:16.0173 4236 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
00:09:16.0173 4236 BthPan - ok
00:09:16.0189 4236 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
00:09:16.0205 4236 BTHPORT - ok
00:09:16.0205 4236 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:09:16.0205 4236 bthserv - ok
00:09:16.0205 4236 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
00:09:16.0205 4236 BTHUSB - ok
00:09:16.0220 4236 btmaudio (c5495cf0261279f08bf942b865e4a55a) C:\Windows\system32\drivers\btmaud.sys
00:09:16.0220 4236 btmaudio - ok
00:09:16.0220 4236 btmaux (16c1bac9760c9fa85a30f3fa0fbb1b7a) C:\Windows\system32\DRIVERS\btmaux.sys
00:09:16.0220 4236 btmaux - ok
00:09:16.0220 4236 btmhsf (0c468d8da95be16bfdd380bb9de88259) C:\Windows\system32\DRIVERS\btmhsf.sys
00:09:16.0236 4236 btmhsf - ok
00:09:16.0236 4236 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:09:16.0236 4236 cdfs - ok
00:09:16.0236 4236 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:09:16.0251 4236 cdrom - ok
00:09:16.0251 4236 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:09:16.0251 4236 CertPropSvc - ok
00:09:16.0251 4236 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:09:16.0251 4236 circlass - ok
00:09:16.0267 4236 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:09:16.0267 4236 CLFS - ok
00:09:16.0283 4236 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:09:16.0283 4236 clr_optimization_v2.0.50727_32 - ok
00:09:16.0283 4236 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:09:16.0283 4236 clr_optimization_v2.0.50727_64 - ok
00:09:16.0298 4236 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:09:16.0314 4236 clr_optimization_v4.0.30319_32 - ok
00:09:16.0314 4236 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:09:16.0329 4236 clr_optimization_v4.0.30319_64 - ok
00:09:16.0329 4236 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:09:16.0329 4236 CmBatt - ok
00:09:16.0329 4236 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:09:16.0329 4236 cmdide - ok
00:09:16.0345 4236 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:09:16.0345 4236 CNG - ok
00:09:16.0361 4236 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:09:16.0361 4236 Compbatt - ok
00:09:16.0361 4236 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:09:16.0361 4236 CompositeBus - ok
00:09:16.0361 4236 COMSysApp - ok
00:09:16.0361 4236 cpuz135 (76355d5eafdfa3e9b7580b9153de1f30) C:\Windows\system32\drivers\cpuz135_x64.sys
00:09:16.0361 4236 cpuz135 - ok
00:09:16.0361 4236 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
00:09:16.0361 4236 crcdisk - ok
00:09:16.0376 4236 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
00:09:16.0376 4236 CryptSvc - ok
00:09:16.0392 4236 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
00:09:16.0392 4236 CSC - ok
00:09:16.0423 4236 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
00:09:16.0423 4236 CscService - ok
00:09:16.0439 4236 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:09:16.0439 4236 DcomLaunch - ok
00:09:16.0454 4236 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:09:16.0454 4236 defragsvc - ok
00:09:16.0470 4236 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:09:16.0470 4236 DfsC - ok
00:09:16.0485 4236 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:09:16.0485 4236 Dhcp - ok
00:09:16.0485 4236 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:09:16.0485 4236 discache - ok
00:09:16.0485 4236 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
00:09:16.0485 4236 Disk - ok
00:09:16.0501 4236 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
00:09:16.0501 4236 dmvsc - ok
00:09:16.0501 4236 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:09:16.0501 4236 Dnscache - ok
00:09:16.0517 4236 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:09:16.0517 4236 dot3svc - ok
00:09:16.0517 4236 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:09:16.0517 4236 DPS - ok
00:09:16.0532 4236 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:09:16.0532 4236 drmkaud - ok
00:09:16.0548 4236 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:09:16.0563 4236 DXGKrnl - ok
00:09:16.0563 4236 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:09:16.0563 4236 EapHost - ok
00:09:16.0657 4236 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
00:09:16.0673 4236 ebdrv - ok
00:09:16.0719 4236 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:09:16.0719 4236 EFS - ok
00:09:16.0735 4236 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
00:09:16.0751 4236 elxstor - ok
00:09:16.0751 4236 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:09:16.0751 4236 ErrDev - ok
00:09:16.0766 4236 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:09:16.0766 4236 EventSystem - ok
00:09:16.0813 4236 EvtEng (f8f610093e1d7fdfa477fc34d15d5c60) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
00:09:16.0829 4236 EvtEng - ok
00:09:16.0860 4236 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:09:16.0860 4236 exfat - ok
00:09:16.0875 4236 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:09:16.0875 4236 fastfat - ok
00:09:16.0907 4236 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:09:16.0907 4236 Fax - ok
00:09:16.0907 4236 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
00:09:16.0907 4236 fdc - ok
00:09:16.0922 4236 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:09:16.0922 4236 fdPHost - ok
00:09:16.0922 4236 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:09:16.0922 4236 FDResPub - ok
00:09:16.0922 4236 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:09:16.0922 4236 FileInfo - ok
00:09:16.0922 4236 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:09:16.0922 4236 Filetrace - ok
00:09:16.0953 4236 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:09:16.0969 4236 FLEXnet Licensing Service - ok
00:09:17.0016 4236 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
00:09:17.0016 4236 FLEXnet Licensing Service 64 - ok
00:09:17.0063 4236 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
00:09:17.0063 4236 flpydisk - ok
00:09:17.0063 4236 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:09:17.0063 4236 FltMgr - ok
00:09:17.0109 4236 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:09:17.0109 4236 FontCache - ok
00:09:17.0109 4236 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:09:17.0109 4236 FontCache3.0.0.0 - ok
00:09:17.0125 4236 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:09:17.0125 4236 FsDepends - ok
00:09:17.0125 4236 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
00:09:17.0125 4236 Fs_Rec - ok
00:09:17.0141 4236 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:09:17.0141 4236 fvevol - ok
00:09:17.0141 4236 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
00:09:17.0141 4236 gagp30kx - ok
00:09:17.0141 4236 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:09:17.0141 4236 GEARAspiWDM - ok
00:09:17.0172 4236 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:09:17.0172 4236 gpsvc - ok
00:09:17.0172 4236 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:09:17.0172 4236 hcw85cir - ok
00:09:17.0187 4236 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:09:17.0187 4236 HdAudAddService - ok
00:09:17.0187 4236 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:09:17.0203 4236 HDAudBus - ok
00:09:17.0203 4236 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
00:09:17.0203 4236 HidBatt - ok
00:09:17.0203 4236 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:09:17.0203 4236 HidBth - ok
00:09:17.0203 4236 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:09:17.0203 4236 HidIr - ok
00:09:17.0203 4236 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
00:09:17.0219 4236 hidserv - ok
00:09:17.0219 4236 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:09:17.0219 4236 HidUsb - ok
00:09:17.0328 4236 HiPatchService (5a457c3d00c1c701230a12aa1580114d) D:\Program Files\Hi-Rez Studios\HiPatchService.exe
00:09:17.0328 4236 HiPatchService - ok
00:09:17.0328 4236 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:09:17.0343 4236 hkmsvc - ok
00:09:17.0359 4236 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:09:17.0359 4236 HomeGroupListener - ok
00:09:17.0375 4236 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:09:17.0375 4236 HomeGroupProvider - ok
00:09:17.0390 4236 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:09:17.0390 4236 HpSAMD - ok
00:09:17.0406 4236 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:09:17.0406 4236 HTTP - ok
00:09:17.0421 4236 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:09:17.0421 4236 hwpolicy - ok
00:09:17.0421 4236 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:09:17.0421 4236 i8042prt - ok
00:09:17.0437 4236 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:09:17.0437 4236 iaStorV - ok
00:09:17.0437 4236 iBtFltCoex (fc85972037815fa7b413e790b426acb2) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
00:09:17.0437 4236 iBtFltCoex - ok
00:09:17.0468 4236 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:09:17.0468 4236 idsvc - ok
00:09:17.0484 4236 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
00:09:17.0484 4236 iirsp - ok
00:09:17.0499 4236 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:09:17.0515 4236 IKEEXT - ok
00:09:17.0593 4236 IntcAzAudAddService (c2448b9e519c2e12bba355ed4df8493b) C:\Windows\system32\drivers\RTKVHD64.sys
00:09:17.0593 4236 IntcAzAudAddService - ok
00:09:17.0640 4236 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:09:17.0640 4236 intelide - ok
00:09:17.0640 4236 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:09:17.0640 4236 intelppm - ok
00:09:17.0655 4236 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:09:17.0655 4236 IPBusEnum - ok
00:09:17.0655 4236 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:09:17.0655 4236 IpFilterDriver - ok
00:09:17.0687 4236 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:09:17.0687 4236 iphlpsvc - ok
00:09:17.0687 4236 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:09:17.0687 4236 IPMIDRV - ok
00:09:17.0702 4236 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:09:17.0702 4236 IPNAT - ok
00:09:17.0718 4236 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
00:09:17.0733 4236 iPod Service - ok
00:09:17.0733 4236 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:09:17.0733 4236 IRENUM - ok
00:09:17.0733 4236 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:09:17.0733 4236 isapnp - ok
00:09:17.0749 4236 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:09:17.0749 4236 iScsiPrt - ok
00:09:17.0749 4236 itecir (8d990a44b4f2b68e2c56a3724ec3eb84) C:\Windows\system32\DRIVERS\itecir.sys
00:09:17.0749 4236 itecir - ok
00:09:17.0765 4236 JMCR (e5f9a5ac854529efbe37e475149615c1) C:\Windows\system32\DRIVERS\jmcr.sys
00:09:17.0765 4236 JMCR - ok
00:09:17.0765 4236 JME (a4f45625ccd360de35da5051fda0b47f) C:\Windows\system32\DRIVERS\JME.sys
00:09:17.0765 4236 JME - ok
00:09:17.0765 4236 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:09:17.0765 4236 kbdclass - ok
00:09:17.0780 4236 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:09:17.0780 4236 kbdhid - ok
00:09:17.0780 4236 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:09:17.0780 4236 KeyIso - ok
00:09:17.0780 4236 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:09:17.0780 4236 KSecDD - ok
00:09:17.0796 4236 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:09:17.0796 4236 KSecPkg - ok
00:09:17.0796 4236 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:09:17.0796 4236 ksthunk - ok
00:09:17.0811 4236 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:09:17.0811 4236 KtmRm - ok
00:09:17.0811 4236 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
00:09:17.0827 4236 LanmanServer - ok
00:09:17.0827 4236 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:09:17.0827 4236 LanmanWorkstation - ok
00:09:17.0827 4236 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:09:17.0827 4236 lltdio - ok
00:09:17.0843 4236 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:09:17.0843 4236 lltdsvc - ok
00:09:17.0843 4236 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:09:17.0858 4236 lmhosts - ok
00:09:17.0858 4236 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
00:09:17.0874 4236 LMS - ok
00:09:17.0874 4236 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
00:09:17.0874 4236 LSI_FC - ok
00:09:17.0874 4236 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
00:09:17.0874 4236 LSI_SAS - ok
00:09:17.0889 4236 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
00:09:17.0889 4236 LSI_SAS2 - ok
00:09:17.0889 4236 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
00:09:17.0889 4236 LSI_SCSI - ok
00:09:17.0889 4236 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:09:17.0889 4236 luafv - ok
00:09:17.0889 4236 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
00:09:17.0889 4236 megasas - ok
00:09:17.0905 4236 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
00:09:17.0905 4236 MegaSR - ok
00:09:17.0905 4236 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
00:09:17.0905 4236 MEIx64 - ok
00:09:17.0921 4236 mi-raysat_3dsmax2012_64 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
00:09:17.0921 4236 mi-raysat_3dsmax2012_64 - ok
00:09:17.0936 4236 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:09:17.0936 4236 MMCSS - ok
00:09:17.0936 4236 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:09:17.0936 4236 Modem - ok
00:09:17.0936 4236 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:09:17.0936 4236 monitor - ok
00:09:17.0936 4236 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:09:17.0952 4236 mouclass - ok
00:09:17.0952 4236 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:09:17.0952 4236 mouhid - ok
00:09:17.0952 4236 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:09:17.0952 4236 mountmgr - ok
00:09:17.0952 4236 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
00:09:17.0967 4236 MpFilter - ok
00:09:17.0967 4236 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:09:17.0967 4236 mpio - ok
00:09:17.0967 4236 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
00:09:17.0967 4236 MpNWMon - ok
00:09:17.0967 4236 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:09:17.0983 4236 mpsdrv - ok
00:09:17.0999 4236 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:09:17.0999 4236 MpsSvc - ok
00:09:18.0014 4236 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:09:18.0014 4236 MRxDAV - ok
00:09:18.0014 4236 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:09:18.0014 4236 mrxsmb - ok
00:09:18.0030 4236 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:09:18.0030 4236 mrxsmb10 - ok
00:09:18.0045 4236 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:09:18.0045 4236 mrxsmb20 - ok
00:09:18.0045 4236 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:09:18.0045 4236 msahci - ok
00:09:18.0045 4236 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:09:18.0045 4236 msdsm - ok
00:09:18.0061 4236 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:09:18.0061 4236 MSDTC - ok
00:09:18.0061 4236 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:09:18.0061 4236 Msfs - ok
00:09:18.0061 4236 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:09:18.0061 4236 mshidkmdf - ok
00:09:18.0061 4236 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:09:18.0061 4236 msisadrv - ok
00:09:18.0077 4236 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:09:18.0077 4236 MSiSCSI - ok
00:09:18.0077 4236 msiserver - ok
00:09:18.0077 4236 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:09:18.0077 4236 MSKSSRV - ok
00:09:18.0092 4236 MsMpSvc (157e9e498206a3366baa7e4697bdd947) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
00:09:18.0092 4236 MsMpSvc - ok
00:09:18.0092 4236 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:09:18.0092 4236 MSPCLOCK - ok
00:09:18.0092 4236 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:09:18.0092 4236 MSPQM - ok
00:09:18.0108 4236 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:09:18.0108 4236 MsRPC - ok
00:09:18.0108 4236 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
00:09:18.0108 4236 mssmbios - ok
00:09:18.0108 4236 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:09:18.0108 4236 MSTEE - ok
00:09:18.0123 4236 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
00:09:18.0123 4236 MTConfig - ok
00:09:18.0123 4236 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:09:18.0123 4236 Mup - ok
00:09:18.0139 4236 MyWiFiDHCPDNS (f6ea50dbc391f04ca49427010657ccb3) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
00:09:18.0139 4236 MyWiFiDHCPDNS - ok
00:09:18.0155 4236 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:09:18.0155 4236 napagent - ok
00:09:18.0170 4236 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:09:18.0170 4236 NativeWifiP - ok
00:09:18.0201 4236 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:09:18.0201 4236 NDIS - ok
00:09:18.0201 4236 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:09:18.0201 4236 NdisCap - ok
00:09:18.0217 4236 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:09:18.0217 4236 NdisTapi - ok
00:09:18.0217 4236 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:09:18.0217 4236 Ndisuio - ok
00:09:18.0217 4236 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:09:18.0217 4236 NdisWan - ok
00:09:18.0217 4236 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:09:18.0217 4236 NDProxy - ok
00:09:18.0233 4236 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:09:18.0233 4236 NetBIOS - ok
00:09:18.0233 4236 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:09:18.0233 4236 NetBT - ok
00:09:18.0248 4236 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:09:18.0248 4236 Netlogon - ok
00:09:18.0264 4236 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:09:18.0264 4236 Netman - ok
00:09:18.0279 4236 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:09:18.0279 4236 NetMsmqActivator - ok
00:09:18.0279 4236 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:09:18.0279 4236 NetPipeActivator - ok
00:09:18.0295 4236 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:09:18.0295 4236 netprofm - ok
00:09:18.0295 4236 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:09:18.0295 4236 NetTcpActivator - ok
00:09:18.0311 4236 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:09:18.0311 4236 NetTcpPortSharing - ok
00:09:18.0545 4236 NETwNs64 (30933bb56fb611d0252bad488adfb533) C:\Windows\system32\DRIVERS\NETwNs64.sys
00:09:18.0591 4236 NETwNs64 - ok
00:09:18.0638 4236 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
00:09:18.0638 4236 nfrd960 - ok
00:09:18.0638 4236 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:09:18.0638 4236 NisDrv - ok
00:09:18.0654 4236 NisSrv (566ddd5d82520da01d75f81428ac4c38) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
00:09:18.0669 4236 NisSrv - ok
00:09:18.0685 4236 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:09:18.0685 4236 NlaSvc - ok
00:09:18.0685 4236 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:09:18.0685 4236 Npfs - ok
00:09:18.0701 4236 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:09:18.0701 4236 nsi - ok
00:09:18.0701 4236 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:09:18.0701 4236 nsiproxy - ok
00:09:18.0747 4236 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:09:18.0763 4236 Ntfs - ok
00:09:18.0794 4236 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:09:18.0794 4236 Null - ok
00:09:18.0794 4236 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys
00:09:18.0810 4236 nusb3hub - ok
00:09:18.0810 4236 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys
00:09:18.0810 4236 nusb3xhc - ok
00:09:18.0825 4236 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:09:18.0825 4236 nvraid - ok
00:09:18.0825 4236 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:09:18.0825 4236 nvstor - ok
00:09:18.0841 4236 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:09:18.0841 4236 nv_agp - ok
00:09:18.0841 4236 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:09:18.0841 4236 ohci1394 - ok
00:09:18.0857 4236 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:09:18.0857 4236 ose64 - ok
00:09:18.0981 4236 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:09:19.0028 4236 osppsvc - ok
00:09:19.0059 4236 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:09:19.0075 4236 p2pimsvc - ok
00:09:19.0091 4236 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:09:19.0091 4236 p2psvc - ok
00:09:19.0106 4236 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
00:09:19.0106 4236 Parport - ok
00:09:19.0106 4236 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:09:19.0106 4236 partmgr - ok
00:09:19.0106 4236 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:09:19.0122 4236 PcaSvc - ok
00:09:19.0122 4236 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:09:19.0122 4236 pci - ok
00:09:19.0122 4236 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:09:19.0122 4236 pciide - ok
00:09:19.0137 4236 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
00:09:19.0137 4236 pcmcia - ok
00:09:19.0137 4236 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:09:19.0137 4236 pcw - ok
00:09:19.0153 4236 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:09:19.0169 4236 PEAUTH - ok
00:09:19.0200 4236 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
00:09:19.0215 4236 PeerDistSvc - ok
00:09:19.0231 4236 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:09:19.0247 4236 PerfHost - ok
00:09:19.0325 4236 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:09:19.0325 4236 pla - ok
00:09:19.0371 4236 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:09:19.0371 4236 PlugPlay - ok
00:09:19.0371 4236 PnkBstrA - ok
00:09:19.0387 4236 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:09:19.0387 4236 PNRPAutoReg - ok
00:09:19.0403 4236 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:09:19.0403 4236 PNRPsvc - ok
00:09:19.0418 4236 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:09:19.0418 4236 PolicyAgent - ok
00:09:19.0434 4236 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:09:19.0434 4236 Power - ok
00:09:19.0434 4236 PowerBiosServer (969d428c21f71e552cef1ddd486455dc) C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
00:09:19.0434 4236 PowerBiosServer - ok
00:09:19.0449 4236 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:09:19.0449 4236 PptpMiniport - ok
00:09:19.0449 4236 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
00:09:19.0449 4236 Processor - ok
00:09:19.0465 4236 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
00:09:19.0465 4236 ProfSvc - ok
00:09:19.0465 4236 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:09:19.0465 4236 ProtectedStorage - ok
00:09:19.0465 4236 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:09:19.0481 4236 Psched - ok
00:09:19.0512 4236 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
00:09:19.0527 4236 ql2300 - ok
00:09:19.0574 4236 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
00:09:19.0574 4236 ql40xx - ok
00:09:19.0590 4236 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:09:19.0590 4236 QWAVE - ok
00:09:19.0590 4236 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:09:19.0590 4236 QWAVEdrv - ok
00:09:19.0590 4236 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:09:19.0590 4236 RasAcd - ok
00:09:19.0605 4236 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:09:19.0605 4236 RasAgileVpn - ok
00:09:19.0605 4236 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:09:19.0605 4236 RasAuto - ok
00:09:19.0605 4236 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:09:19.0605 4236 Rasl2tp - ok
00:09:19.0621 4236 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:09:19.0621 4236 RasMan - ok
00:09:19.0637 4236 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:09:19.0637 4236 RasPppoe - ok
00:09:19.0637 4236 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:09:19.0637 4236 RasSstp - ok
00:09:19.0652 4236 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:09:19.0652 4236 rdbss - ok
00:09:19.0652 4236 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:09:19.0652 4236 rdpbus - ok
00:09:19.0652 4236 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:09:19.0652 4236 RDPCDD - ok
00:09:19.0668 4236 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
00:09:19.0668 4236 RDPDR - ok
00:09:19.0668 4236 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:09:19.0668 4236 RDPENCDD - ok
00:09:19.0668 4236 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:09:19.0668 4236 RDPREFMP - ok
00:09:19.0683 4236 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
00:09:19.0683 4236 RdpVideoMiniport - ok
00:09:19.0683 4236 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
00:09:19.0683 4236 RDPWD - ok
00:09:19.0699 4236 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:09:19.0699 4236 rdyboost - ok
00:09:19.0715 4236 RegSrvc (9276f4d4109fc349925d28e00e533146) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
00:09:19.0730 4236 RegSrvc - ok
00:09:19.0730 4236 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:09:19.0730 4236 RemoteAccess - ok
00:09:19.0746 4236 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:09:19.0746 4236 RemoteRegistry - ok
00:09:19.0761 4236 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
00:09:19.0761 4236 RFCOMM - ok
00:09:19.0761 4236 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:09:19.0761 4236 RpcEptMapper - ok
00:09:19.0761 4236 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:09:19.0761 4236 RpcLocator - ok
00:09:19.0777 4236 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:09:19.0777 4236 RpcSs - ok
00:09:19.0793 4236 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:09:19.0793 4236 rspndr - ok
00:09:19.0793 4236 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
00:09:19.0793 4236 s3cap - ok
00:09:19.0793 4236 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:09:19.0793 4236 SamSs - ok
00:09:19.0793 4236 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:09:19.0808 4236 sbp2port - ok
00:09:19.0808 4236 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:09:19.0808 4236 SCardSvr - ok
00:09:19.0808 4236 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:09:19.0808 4236 scfilter - ok
00:09:19.0839 4236 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:09:19.0855 4236 Schedule - ok
00:09:19.0855 4236 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:09:19.0855 4236 SCPolicySvc - ok
00:09:19.0871 4236 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
00:09:19.0871 4236 sdbus - ok
00:09:19.0871 4236 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:09:19.0886 4236 SDRSVC - ok
00:09:19.0886 4236 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:09:19.0886 4236 secdrv - ok
00:09:19.0886 4236 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:09:19.0886 4236 seclogon - ok
00:09:19.0886 4236 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
00:09:19.0886 4236 SENS - ok
00:09:19.0902 4236 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:09:19.0902 4236 SensrSvc - ok
00:09:19.0902 4236 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
00:09:19.0902 4236 Serenum - ok
00:09:19.0902 4236 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
00:09:19.0902 4236 Serial - ok
00:09:19.0902 4236 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
00:09:19.0902 4236 sermouse - ok
00:09:19.0917 4236 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:09:19.0917 4236 SessionEnv - ok
00:09:19.0917 4236 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:09:19.0917 4236 sffdisk - ok
00:09:19.0933 4236 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:09:19.0933 4236 sffp_mmc - ok
00:09:19.0933 4236 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:09:19.0933 4236 sffp_sd - ok
00:09:19.0933 4236 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
00:09:19.0933 4236 sfloppy - ok
00:09:19.0949 4236 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:09:19.0949 4236 SharedAccess - ok
00:09:19.0964 4236 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:09:19.0964 4236 ShellHWDetection - ok
00:09:19.0964 4236 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
00:09:19.0964 4236 SiSRaid2 - ok
00:09:19.0964 4236 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
00:09:19.0964 4236 SiSRaid4 - ok
00:09:19.0980 4236 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
00:09:19.0980 4236 SkypeUpdate - ok
00:09:19.0980 4236 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:09:19.0980 4236 Smb - ok
00:09:19.0995 4236 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:09:19.0995 4236 SNMPTRAP - ok
00:09:19.0995 4236 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:09:19.0995 4236 spldr - ok
00:09:20.0011 4236 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:09:20.0027 4236 Spooler - ok
00:09:20.0120 4236 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:09:20.0136 4236 sppsvc - ok
00:09:20.0183 4236 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:09:20.0183 4236 sppuinotify - ok
00:09:20.0198 4236 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:09:20.0198 4236 srv - ok
00:09:20.0214 4236 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:09:20.0229 4236 srv2 - ok
00:09:20.0229 4236 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:09:20.0229 4236 srvnet - ok
00:09:20.0245 4236 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:09:20.0245 4236 SSDPSRV - ok
00:09:20.0245 4236 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:09:20.0245 4236 SstpSvc - ok
00:09:20.0245 4236 Steam Client Service - ok
00:09:20.0261 4236 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
00:09:20.0261 4236 stexstor - ok
00:09:20.0276 4236 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:09:20.0276 4236 stisvc - ok
00:09:20.0276 4236 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
00:09:20.0292 4236 storflt - ok
00:09:20.0292 4236 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
00:09:20.0292 4236 storvsc - ok
00:09:20.0292 4236 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
00:09:20.0292 4236 swenum - ok
00:09:20.0307 4236 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:09:20.0307 4236 SwitchBoard - ok
00:09:20.0323 4236 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:09:20.0339 4236 swprv - ok
00:09:20.0339 4236 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
00:09:20.0339 4236 Synth3dVsc - ok
00:09:20.0354 4236 SynTP (c80b9cce2239d092421a390147a692ed) C:\Windows\system32\DRIVERS\SynTP.sys
00:09:20.0354 4236 SynTP - ok
00:09:20.0401 4236 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:09:20.0417 4236 SysMain - ok
00:09:20.0448 4236 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:09:20.0448 4236 TabletInputService - ok
00:09:20.0463 4236 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:09:20.0463 4236 TapiSrv - ok
00:09:20.0463 4236 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:09:20.0463 4236 TBS - ok
00:09:20.0526 4236 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:09:20.0541 4236 Tcpip - ok
00:09:20.0635 4236 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:09:20.0651 4236 TCPIP6 - ok
00:09:20.0682 4236 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:09:20.0682 4236 tcpipreg - ok
00:09:20.0697 4236 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:09:20.0697 4236 TDPIPE - ok
00:09:20.0697 4236 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:09:20.0697 4236 TDTCP - ok
00:09:20.0697 4236 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:09:20.0697 4236 tdx - ok
00:09:20.0713 4236 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
00:09:20.0713 4236 TermDD - ok
00:09:20.0713 4236 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
00:09:20.0713 4236 terminpt - ok
00:09:20.0729 4236 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:09:20.0744 4236 TermService - ok
00:09:20.0744 4236 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:09:20.0744 4236 Themes - ok
00:09:20.0744 4236 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:09:20.0744 4236 THREADORDER - ok
00:09:20.0760 4236 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:09:20.0760 4236 TrkWks - ok
00:09:20.0760 4236 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:09:20.0775 4236 TrustedInstaller - ok
00:09:20.0775 4236 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:09:20.0775 4236 tssecsrv - ok
00:09:20.0775 4236 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:09:20.0775 4236 TsUsbFlt - ok
00:09:20.0775 4236 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
00:09:20.0775 4236 TsUsbGD - ok
00:09:20.0791 4236 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
00:09:20.0791 4236 tsusbhub - ok
00:09:20.0791 4236 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:09:20.0791 4236 tunnel - ok
00:09:20.0791 4236 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
00:09:20.0791 4236 uagp35 - ok
00:09:20.0807 4236 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:09:20.0807 4236 udfs - ok
00:09:20.0822 4236 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:09:20.0822 4236 UI0Detect - ok
00:09:20.0822 4236 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:09:20.0822 4236 uliagpkx - ok
00:09:20.0822 4236 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
00:09:20.0822 4236 umbus - ok
00:09:20.0822 4236 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
00:09:20.0822 4236 UmPass - ok
00:09:20.0838 4236 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
00:09:20.0838 4236 UmRdpService - ok
00:09:20.0916 4236 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
00:09:20.0931 4236 UNS - ok
00:09:20.0978 4236 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:09:20.0978 4236 upnphost - ok
00:09:20.0994 4236 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
00:09:20.0994 4236 usbaudio - ok
00:09:21.0009 4236 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:09:21.0009 4236 usbccgp - ok
00:09:21.0009 4236 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:09:21.0009 4236 usbcir - ok
00:09:21.0009 4236 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
00:09:21.0009 4236 usbehci - ok
00:09:21.0025 4236 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:09:21.0025 4236 usbhub - ok
00:09:21.0041 4236 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:09:21.0041 4236 usbohci - ok
00:09:21.0041 4236 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
00:09:21.0041 4236 usbprint - ok
00:09:21.0041 4236 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:09:21.0041 4236 USBSTOR - ok
00:09:21.0041 4236 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:09:21.0041 4236 usbuhci - ok
00:09:21.0056 4236 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
00:09:21.0056 4236 usbvideo - ok
00:09:21.0056 4236 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:09:21.0056 4236 UxSms - ok
00:09:21.0072 4236 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:09:21.0072 4236 VaultSvc - ok
00:09:21.0072 4236 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:09:21.0072 4236 vdrvroot - ok
00:09:21.0087 4236 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:09:21.0087 4236 vds - ok
00:09:21.0087 4236 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:09:21.0087 4236 vga - ok
00:09:21.0103 4236 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:09:21.0103 4236 VgaSave - ok
00:09:21.0103 4236 VGPU - ok
00:09:21.0103 4236 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:09:21.0103 4236 vhdmp - ok
00:09:21.0119 4236 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:09:21.0119 4236 viaide - ok
00:09:21.0119 4236 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
00:09:21.0119 4236 vmbus - ok
00:09:21.0119 4236 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
00:09:21.0119 4236 VMBusHID - ok
00:09:21.0134 4236 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:09:21.0134 4236 volmgr - ok
00:09:21.0150 4236 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:09:21.0150 4236 volmgrx - ok
00:09:21.0150 4236 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:09:21.0165 4236 volsnap - ok
00:09:21.0165 4236 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
00:09:21.0165 4236 vsmraid - ok
00:09:21.0212 4236 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:09:21.0228 4236 VSS - ok
00:09:21.0259 4236 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:09:21.0259 4236 vwifibus - ok
00:09:21.0259 4236 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:09:21.0259 4236 vwififlt - ok
00:09:21.0275 4236 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:09:21.0275 4236 vwifimp - ok
00:09:21.0290 4236 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:09:21.0290 4236 W32Time - ok
00:09:21.0290 4236 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
00:09:21.0290 4236 WacomPen - ok
00:09:21.0306 4236 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:09:21.0306 4236 WANARP - ok
00:09:21.0306 4236 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:09:21.0306 4236 Wanarpv6 - ok
00:09:21.0353 4236 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:09:21.0353 4236 wbengine - ok
00:09:21.0399 4236 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:09:21.0399 4236 WbioSrvc - ok
00:09:21.0415 4236 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:09:21.0431 4236 wcncsvc - ok
00:09:21.0431 4236 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:09:21.0431 4236 WcsPlugInService - ok
00:09:21.0431 4236 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
00:09:21.0431 4236 Wd - ok
00:09:21.0462 4236 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:09:21.0462 4236 Wdf01000 - ok
00:09:21.0462 4236 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:09:21.0462 4236 WdiServiceHost - ok
00:09:21.0477 4236 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:09:21.0477 4236 WdiSystemHost - ok
00:09:21.0477 4236 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:09:21.0477 4236 WebClient - ok
00:09:21.0493 4236 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:09:21.0493 4236 Wecsvc - ok
00:09:21.0509 4236 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:09:21.0509 4236 wercplsupport - ok
00:09:21.0509 4236 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:09:21.0509 4236 WerSvc - ok
00:09:21.0524 4236 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:09:21.0524 4236 WfpLwf - ok
00:09:21.0524 4236 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:09:21.0524 4236 WIMMount - ok
00:09:21.0524 4236 WinDefend - ok
00:09:21.0524 4236 WinHttpAutoProxySvc - ok
00:09:21.0540 4236 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:09:21.0540 4236 Winmgmt - ok
00:09:21.0602 4236 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:09:21.0618 4236 WinRM - ok
00:09:21.0665 4236 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
00:09:21.0665 4236 WinUsb - ok
00:09:21.0696 4236 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:09:21.0696 4236 Wlansvc - ok
00:09:21.0774 4236 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:09:21.0789 4236 wlidsvc - ok
00:09:21.0821 4236 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:09:21.0821 4236 WmiAcpi - ok
00:09:21.0836 4236 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:09:21.0836 4236 wmiApSrv - ok
00:09:21.0852 4236 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:09:21.0852 4236 WPCSvc - ok
00:09:21.0852 4236 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:09:21.0852 4236 WPDBusEnum - ok
00:09:21.0867 4236 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:09:21.0867 4236 ws2ifsl - ok
00:09:21.0867 4236 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
00:09:21.0867 4236 wscsvc - ok
00:09:21.0883 4236 WSearch - ok
00:09:21.0945 4236 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
00:09:21.0961 4236 wuauserv - ok
00:09:22.0008 4236 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:09:22.0008 4236 WudfPf - ok
00:09:22.0008 4236 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:09:22.0008 4236 WUDFRd - ok
00:09:22.0008 4236 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:09:22.0023 4236 wudfsvc - ok
00:09:22.0023 4236 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:09:22.0023 4236 WwanSvc - ok
00:09:22.0055 4236 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
00:09:22.0055 4236 xnacc - ok
00:09:22.0055 4236 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
00:09:22.0070 4236 xusb21 - ok
00:09:22.0070 4236 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:09:22.0070 4236 \Device\Harddisk0\DR0 - ok
00:09:22.0117 4236 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
00:09:22.0117 4236 \Device\Harddisk1\DR1 - ok
00:09:22.0133 4236 Boot (0x1200) (feb893783d10712ebc2812a365312a27) \Device\Harddisk0\DR0\Partition0
00:09:22.0133 4236 \Device\Harddisk0\DR0\Partition0 - ok
00:09:22.0133 4236 Boot (0x1200) (061f18b3977568bbdeb33531068cc0c6) \Device\Harddisk1\DR1\Partition0
00:09:22.0148 4236 \Device\Harddisk1\DR1\Partition0 - ok
00:09:22.0148 4236 ============================================================
00:09:22.0148 4236 Scan finished
00:09:22.0148 4236 ============================================================
00:09:22.0148 5440 Detected object count: 0
00:09:22.0148 5440 Actual detected object count: 0
00:09:28.0092 5932 Deinitialize success
Attached Files
File Type: zip MBR.zip (545 Bytes, 13 views)
ninjasilver is offline  
Sponsored Links
Advertisement
 
Old 05-02-2012, 01:22 AM   #4
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



OK, thanks. We can begin now.
  1. Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place combofix.exe on your Desktop

  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

    You can get help on disabling your protection programs here

  3. Double click on combofix.exe & follow the prompts.

  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

  5. When finished, it shall produce a log for you. Post that log in your next reply


    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please reboot your machine.

    ---------------------------------------------------------------------------------------------

  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
__________________

amateur is offline  
Old 05-02-2012, 11:35 AM   #5
Registered Member
 
Join Date: Apr 2012
Posts: 6
OS: Windows 7 Ultimate 64bit SP1



ComboFix 12-05-02.03 - Sean 02/05/2012 9:58.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.8169.6475 [GMT -7:00]
Running from: c:\users\Sean\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Sean\AppData\Roaming\2 4
c:\users\Sean\AppData\Roaming\2 4\api-example.c
c:\users\Sean\AppData\Roaming\2 4\api-example.php
c:\users\Sean\AppData\Roaming\2 4\API.class
c:\users\Sean\AppData\Roaming\2 4\API.java
c:\users\Sean\AppData\Roaming\2 4\bat.bat
c:\users\Sean\AppData\Roaming\2 4\bt.lnk
c:\users\Sean\AppData\Roaming\2 4\example.conf
c:\users\Sean\AppData\Roaming\2 4\j.exe
c:\users\Sean\AppData\Roaming\2 4\l3.lnk
c:\users\Sean\AppData\Roaming\2 4\libcurl-4.dll
c:\users\Sean\AppData\Roaming\2 4\libpdcurses.dll
c:\users\Sean\AppData\Roaming\2 4\libpthread-2.dll
c:\users\Sean\AppData\Roaming\2 4\OpenCL.dll
c:\users\Sean\AppData\Roaming\2 4\phatk110817.cl
c:\users\Sean\AppData\Roaming\2 4\poclbm110817.cl
c:\users\Sean\AppData\Roaming\2 4\svchost.exe
c:\users\Sean\AppData\Roaming\2 8
c:\users\Sean\AppData\Roaming\2 8\api-example.c
c:\users\Sean\AppData\Roaming\2 8\api-example.php
c:\users\Sean\AppData\Roaming\2 8\API.class
c:\users\Sean\AppData\Roaming\2 8\API.java
c:\users\Sean\AppData\Roaming\2 8\bat.bat
c:\users\Sean\AppData\Roaming\2 8\bt.lnk
c:\users\Sean\AppData\Roaming\2 8\diablo120328.cl
c:\users\Sean\AppData\Roaming\2 8\diakgcn120223.cl
c:\users\Sean\AppData\Roaming\2 8\example.conf
c:\users\Sean\AppData\Roaming\2 8\j.exe
c:\users\Sean\AppData\Roaming\2 8\libcurl-4.dll
c:\users\Sean\AppData\Roaming\2 8\libpdcurses.dll
c:\users\Sean\AppData\Roaming\2 8\miner.php
c:\users\Sean\AppData\Roaming\2 8\OpenCL.dll
c:\users\Sean\AppData\Roaming\2 8\phatk120223.cl
c:\users\Sean\AppData\Roaming\2 8\phatk120223Bartsv2w128l4.bin
c:\users\Sean\AppData\Roaming\2 8\poclbm120327.cl
c:\users\Sean\AppData\Roaming\2 8\pthreadGC2.dll
c:\users\Sean\AppData\Roaming\2 8\settings.txt
c:\users\Sean\AppData\Roaming\2 8\svchost.exe
c:\users\Sean\AppData\Roaming\conhost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-02 17:11 . 2012-05-02 17:11 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-01 20:37 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4C4ADF1-7107-404F-B266-0AF730DC3EA4}\mpengine.dll
2012-04-29 19:41 . 2012-04-29 19:41 -------- d-----w- c:\windows\Temp49369AF7-1583-D58F-CB66-F2606A8AAD23-Signatures
2012-04-29 19:38 . 2012-04-29 19:38 -------- d-----w- c:\windows\Temp8BB2C5A9-976E-CE21-1370-2F463F05295B-Signatures
2012-04-29 19:37 . 2012-04-29 19:37 -------- d-----w- c:\windows\Temp1C8EF33F-4210-EEE0-71E1-25E63113D1D5-Signatures
2012-04-29 19:36 . 2012-04-29 19:36 -------- d-----w- c:\windows\Temp155C420E-7454-FB1E-51DE-1AE7BE0952F8-Signatures
2012-04-29 19:32 . 2012-04-29 19:32 -------- d-----w- c:\windows\Temp0B20CC23-3A8C-FE15-9060-079DBC8AD60A-Signatures
2012-04-29 19:11 . 2012-04-29 19:11 -------- d-----w- c:\windows\TempE6046FA5-2D78-119B-F818-241A39BCB5C6-Signatures
2012-04-29 15:32 . 2012-04-29 15:32 -------- d-----w- c:\windows\Temp62390B52-DE0B-96FC-850B-844FFC6D4B11-Signatures
2012-04-29 07:03 . 2012-04-29 07:03 -------- d-----w- c:\windows\Temp72773BAD-4ABA-DE70-5C73-839A3ADD58B1-Signatures
2012-04-28 17:03 . 2012-04-28 17:03 -------- d-----w- c:\windows\Temp5FE0CD7D-868D-4B26-B2D7-0615C1E04627-Signatures
2012-04-27 07:28 . 2012-04-27 07:28 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-27 00:20 . 2012-04-27 00:20 -------- d-----w- c:\windows\TempB3EF0588-F974-054B-DB7D-0CB93C6536C7-Signatures
2012-04-26 23:54 . 2012-04-26 23:54 -------- d-----w- c:\windows\TempE1303BD8-13D0-42E0-ECFB-5641C2C1EBEB-Signatures
2012-04-26 23:52 . 2012-04-26 23:52 -------- d-----w- c:\windows\Temp25A35CC7-FFE8-37E5-DE09-8615143AB16B-Signatures
2012-04-25 19:24 . 2012-04-25 19:24 -------- d-----w- c:\windows\Microsoft Antimalware
2012-04-23 15:31 . 2012-04-23 15:31 -------- d-----w- c:\users\Sean\AppData\Roaming\Malwarebytes
2012-04-23 15:31 . 2012-04-23 15:31 -------- d-----w- c:\programdata\Malwarebytes
2012-04-20 03:08 . 2012-04-20 03:08 -------- d-----w- c:\users\Sean\AppData\Local\Chromium
2012-04-20 01:51 . 2012-04-20 03:08 -------- d-----w- c:\programdata\Hi-Rez Studios
2012-04-17 18:58 . 2012-04-17 18:58 -------- d-----w- c:\program files\iTunes
2012-04-17 18:58 . 2012-04-17 18:58 -------- d-----w- c:\program files\iPod
2012-04-17 02:07 . 2012-04-17 02:07 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-04-17 02:07 . 2012-04-17 02:07 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-17 02:06 . 2011-12-19 22:16 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-04-16 01:25 . 2012-04-16 01:25 -------- d-----w- C:\MoTemp
2012-04-12 06:05 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 06:05 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 06:05 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 06:04 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 06:04 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 06:04 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 06:04 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 06:04 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 06:04 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 06:04 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-04 20:49 . 2012-04-25 00:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-29 19:07 . 2010-11-21 03:24 6656 ----a-w- c:\windows\system32\lpcio.dll
2012-04-25 00:37 . 2011-07-09 16:18 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 04:17 . 2011-10-25 08:26 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-19 04:17 . 2011-08-14 20:51 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-19 04:05 . 2011-10-25 08:26 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-17 02:46 . 2011-10-25 08:25 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-13 08:46 . 2011-07-10 16:45 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-18 01:27 . 2011-08-29 05:49 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-17 06:38 . 2012-03-13 20:03 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-13 20:03 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 20:03 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 20:03 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 20:03 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-11 00:16 . 2012-02-11 00:16 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14C5DCCF-DEC6-4CB4-9E4D-F0699B6237E0}\gapaengine.dll
2012-02-10 06:36 . 2012-03-14 04:33 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 04:33 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 04:33 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FMCore.exe"="c:\program files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe" [2011-07-11 8125440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Razer Orochi Driver"="c:\program files (x86)\Razer\Orochi\RazerOrochiTray.exe" [2009-10-22 2548056]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-2-16 3077120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 253088]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-07-09 1431888]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-03 983104]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-02-15 33792]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 00:37]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2104385273-1558365276-2501730529-1000Core.job
- c:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 01:58]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2104385273-1558365276-2501730529-1000UA.job
- c:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 01:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-07 11663464]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\8bhtnmad.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig
FF - prefs.js: network.proxy.ftp - 220.227.90.238
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 220.227.90.238
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 220.227.90.238
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 220.227.90.238
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-ESN Sonar-0.70.0 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-05-02 10:23:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-02 17:23
.
Pre-Run: 68,392,861,696 bytes free
Post-Run: 71,436,587,008 bytes free
.
- - End Of File - - 9A4FB4EB2AA7B8E147ABAE350010FB18


MSE hasn't detected any problems, so this is a good sign :)
ninjasilver is offline  
Old 05-02-2012, 01:00 PM   #6
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Hi,

Are you using a proxy in India with your Firefox?


====================
  • Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it won’t work)
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Click Format and ensure Wordwrap is unchecked.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

You can get help on disabling your protection programs here

Code:
DirLook::
c:\windows\Temp49369AF7-1583-D58F-CB66-F2606A8AAD23-Signatures
c:\windows\Temp25A35CC7-FFE8-37E5-DE09-8615143AB16B-Signature
Save this as CFScript.txt on your Desktop.



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • ComboFix may request an update; please allow it.
  • When finished, please post the log it produced in your next reply.
Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.
__________________

amateur is offline  
Old 05-02-2012, 02:18 PM   #7
Registered Member
 
Join Date: Apr 2012
Posts: 6
OS: Windows 7 Ultimate 64bit SP1



No, I'm in Canada, and I'm not using a proxy I do enjoy Indian cuisine once in a while though. Why?

Here's the new log:

ComboFix 12-05-02.03 - Sean 02/05/2012 12:56:34.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.8169.6197 [GMT -7:00]
Running from: c:\users\Sean\Desktop\ComboFix.exe
Command switches used :: c:\users\Sean\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-02 20:03 . 2012-05-02 20:03 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-02 20:03 . 2012-05-02 20:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-02 17:35 . 2012-05-02 17:35 -------- d-----w- c:\windows\TempA68744F3-C06D-CB72-FBB8-430CF189D227-Signatures
2012-05-02 17:28 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8E46AB9-6F4B-448B-8C35-08E64DA5AAAB}\mpengine.dll
2012-04-29 19:41 . 2012-04-29 19:41 -------- d-----w- c:\windows\Temp49369AF7-1583-D58F-CB66-F2606A8AAD23-Signatures
2012-04-29 19:38 . 2012-04-29 19:38 -------- d-----w- c:\windows\Temp8BB2C5A9-976E-CE21-1370-2F463F05295B-Signatures
2012-04-29 19:37 . 2012-04-29 19:37 -------- d-----w- c:\windows\Temp1C8EF33F-4210-EEE0-71E1-25E63113D1D5-Signatures
2012-04-29 19:36 . 2012-04-29 19:36 -------- d-----w- c:\windows\Temp155C420E-7454-FB1E-51DE-1AE7BE0952F8-Signatures
2012-04-29 19:32 . 2012-04-29 19:32 -------- d-----w- c:\windows\Temp0B20CC23-3A8C-FE15-9060-079DBC8AD60A-Signatures
2012-04-29 19:11 . 2012-04-29 19:11 -------- d-----w- c:\windows\TempE6046FA5-2D78-119B-F818-241A39BCB5C6-Signatures
2012-04-29 15:32 . 2012-04-29 15:32 -------- d-----w- c:\windows\Temp62390B52-DE0B-96FC-850B-844FFC6D4B11-Signatures
2012-04-29 07:03 . 2012-04-29 07:03 -------- d-----w- c:\windows\Temp72773BAD-4ABA-DE70-5C73-839A3ADD58B1-Signatures
2012-04-28 17:03 . 2012-04-28 17:03 -------- d-----w- c:\windows\Temp5FE0CD7D-868D-4B26-B2D7-0615C1E04627-Signatures
2012-04-27 07:28 . 2012-04-27 07:28 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-27 00:20 . 2012-04-27 00:20 -------- d-----w- c:\windows\TempB3EF0588-F974-054B-DB7D-0CB93C6536C7-Signatures
2012-04-26 23:54 . 2012-04-26 23:54 -------- d-----w- c:\windows\TempE1303BD8-13D0-42E0-ECFB-5641C2C1EBEB-Signatures
2012-04-26 23:52 . 2012-04-26 23:52 -------- d-----w- c:\windows\Temp25A35CC7-FFE8-37E5-DE09-8615143AB16B-Signatures
2012-04-25 19:24 . 2012-04-25 19:24 -------- d-----w- c:\windows\Microsoft Antimalware
2012-04-23 15:31 . 2012-04-23 15:31 -------- d-----w- c:\users\Sean\AppData\Roaming\Malwarebytes
2012-04-23 15:31 . 2012-04-23 15:31 -------- d-----w- c:\programdata\Malwarebytes
2012-04-20 03:08 . 2012-04-20 03:08 -------- d-----w- c:\users\Sean\AppData\Local\Chromium
2012-04-20 01:51 . 2012-04-20 03:08 -------- d-----w- c:\programdata\Hi-Rez Studios
2012-04-17 18:58 . 2012-04-17 18:58 -------- d-----w- c:\program files\iTunes
2012-04-17 18:58 . 2012-04-17 18:58 -------- d-----w- c:\program files\iPod
2012-04-17 02:07 . 2012-04-17 02:07 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-04-17 02:07 . 2012-04-17 02:07 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-17 02:06 . 2011-12-19 22:16 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-04-16 01:25 . 2012-04-16 01:25 -------- d-----w- C:\MoTemp
2012-04-12 06:05 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 06:05 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 06:05 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 06:04 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 06:04 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 06:04 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 06:04 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 06:04 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 06:04 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 06:04 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-04 20:49 . 2012-04-25 00:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-29 19:07 . 2010-11-21 03:24 6656 ----a-w- c:\windows\system32\lpcio.dll
2012-04-25 00:37 . 2011-07-09 16:18 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 04:17 . 2011-10-25 08:26 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-19 04:17 . 2011-08-14 20:51 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-19 04:05 . 2011-10-25 08:26 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-17 02:46 . 2011-10-25 08:25 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-13 08:46 . 2011-07-10 16:45 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-18 01:27 . 2011-08-29 05:49 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-17 06:38 . 2012-03-13 20:03 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-13 20:03 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 20:03 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 20:03 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 20:03 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-11 00:16 . 2012-02-11 00:16 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14C5DCCF-DEC6-4CB4-9E4D-F0699B6237E0}\gapaengine.dll
2012-02-10 06:36 . 2012-03-14 04:33 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 04:33 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 04:33 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\Temp25A35CC7-FFE8-37E5-DE09-8615143AB16B-Signature ----
.
.
---- Directory of c:\windows\Temp49369AF7-1583-D58F-CB66-F2606A8AAD23-Signatures ----
.
2012-04-29 19:41 . 2012-04-29 15:40 1338872 ----a-w- c:\windows\Temp49369AF7-1583-D58F-CB66-F2606A8AAD23-Signatures\mpavdlta.vdm
2012-04-29 19:41 . 2012-04-29 15:40 507384 ----a-w- c:\windows\Temp49369AF7-1583-D58F-CB66-F2606A8AAD23-Signatures\mpasdlta.vdm
2012-04-29 19:41 . 2012-04-19 20:50 44365304 ----a-w- c:\windows\Temp49369AF7-1583-D58F-CB66-F2606A8AAD23-Signatures\mpavbase.vdm
2012-04-29 19:41 . 2012-04-19 20:50 14290424 ----a-w- c:\windows\Temp49369AF7-1583-D58F-CB66-F2606A8AAD23-Signatures\mpasbase.vdm
2012-04-29 19:41 . 2012-04-13 08:46 8917360 ----a-w- c:\windows\Temp49369AF7-1583-D58F-CB66-F2606A8AAD23-Signatures\mpengine.dll
.
.
((((((((((((((((((((((((((((( [email protected]_17.20.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-08 23:47 . 2012-05-02 19:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-08 23:47 . 2012-04-30 23:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-02 19:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-30 23:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-10 07:06 . 2012-05-02 19:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-10 07:06 . 2012-05-02 17:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-10 07:06 . 2012-05-02 19:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-10 07:06 . 2012-05-02 17:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-02 17:12 . 2012-05-02 17:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-02 20:03 . 2012-05-02 20:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-02 17:12 . 2012-05-02 17:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-02 20:03 . 2012-05-02 20:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-09 15:08 . 2012-05-02 19:24 728376 c:\windows\system32\perfh019.dat
- 2011-07-09 15:08 . 2012-05-02 17:16 728376 c:\windows\system32\perfh019.dat
+ 2011-07-09 15:08 . 2012-05-02 19:24 421634 c:\windows\system32\perfh011.dat
- 2011-07-09 15:08 . 2012-05-02 17:16 421634 c:\windows\system32\perfh011.dat
- 2009-07-14 02:36 . 2012-05-02 17:16 666200 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-02 19:24 666200 c:\windows\system32\perfh009.dat
- 2011-07-09 15:08 . 2012-05-02 17:16 154090 c:\windows\system32\perfc019.dat
+ 2011-07-09 15:08 . 2012-05-02 19:24 154090 c:\windows\system32\perfc019.dat
+ 2011-07-09 15:08 . 2012-05-02 19:24 125804 c:\windows\system32\perfc011.dat
- 2011-07-09 15:08 . 2012-05-02 17:16 125804 c:\windows\system32\perfc011.dat
+ 2009-07-14 02:36 . 2012-05-02 19:24 125804 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-02 17:16 125804 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-05-02 20:03 331116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-02 17:12 331116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-02 17:35 . 2012-04-13 08:46 8917360 c:\windows\TempA68744F3-C06D-CB72-FBB8-430CF189D227-Signatures\mpengine.dll
+ 2011-07-09 04:22 . 2012-05-02 20:03 9155584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-07-09 17:55 . 2012-05-02 20:03 35115364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2104385273-1558365276-2501730529-1000-8192.dat
- 2011-07-09 17:55 . 2012-05-02 17:12 35115364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2104385273-1558365276-2501730529-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FMCore.exe"="c:\program files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe" [2011-07-11 8125440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Razer Orochi Driver"="c:\program files (x86)\Razer\Orochi\RazerOrochiTray.exe" [2009-10-22 2548056]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-2-16 3077120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 253088]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-07-09 1431888]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-03 983104]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-02-15 33792]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 00:37]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2104385273-1558365276-2501730529-1000Core.job
- c:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 01:58]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2104385273-1558365276-2501730529-1000UA.job
- c:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 01:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-07 11663464]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\8bhtnmad.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig
FF - prefs.js: network.proxy.ftp - 220.227.90.238
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 220.227.90.238
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 220.227.90.238
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 220.227.90.238
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-05-02 13:12:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-02 20:12
.
Pre-Run: 71,502,381,056 bytes free
Post-Run: 71,179,010,048 bytes free
.
- - End Of File - - 53CED236384400B576C47DACCB0015FD
ninjasilver is offline  
Old 05-02-2012, 02:41 PM   #8
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Quote:
No, I'm in Canada, and I'm not using a proxy I do enjoy Indian cuisine once in a while though. Why?
Because 220.227.90.238 is a proxy IP in India, mainly used for spamming. We'll use Combofix to remove it.
  • Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it won’t work)
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Click Format and ensure Wordwrap is unchecked.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

You can get help on disabling your protection programs here

Code:
FireFox::
FF - ProfilePath - c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\8bhtnmad.default\
FF - prefs.js: network.proxy.ftp - 220.227.90.238
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 220.227.90.238
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 220.227.90.238
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 220.227.90.238
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
Save this as CFScript.txt on your Desktop.



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • ComboFix may request an update; please allow it.
  • When finished, please post the log it produced in your next reply.
Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.


=================

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Launch Malwarebyte's, and select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.
Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

===============

It's important to run an online scan to search for any remnants that may be hiding. Please go to here to run the online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
__________________

amateur is offline  
Old 05-02-2012, 04:14 PM   #9
Registered Member
 
Join Date: Apr 2012
Posts: 6
OS: Windows 7 Ultimate 64bit SP1



Malwarebytes found nothing. It seems like ESET online scanner's results were what combofix had quarantined.



ComboFix 12-05-02.03 - Sean 02/05/2012 14:14:07.3.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.8169.6466 [GMT -7:00]
Running from: c:\users\Sean\Desktop\ComboFix.exe
Command switches used :: c:\users\Sean\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-02 21:20 . 2012-05-02 21:20 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-02 21:20 . 2012-05-02 21:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-02 21:11 . 2012-05-02 21:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-02 21:11 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-02 20:54 . 2012-05-02 20:54 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-02 20:54 . 2012-05-02 20:54 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-02 20:21 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA1FFD21-A4C9-4ABF-9A19-EC3439BD1945}\mpengine.dll
2012-05-02 17:35 . 2012-05-02 17:35 -------- d-----w- c:\windows\TempA68744F3-C06D-CB72-FBB8-430CF189D227-Signatures
2012-04-29 19:41 . 2012-04-29 19:41 -------- d-----w- c:\windows\Temp49369AF7-1583-D58F-CB66-F2606A8AAD23-Signatures
2012-04-29 19:38 . 2012-04-29 19:38 -------- d-----w- c:\windows\Temp8BB2C5A9-976E-CE21-1370-2F463F05295B-Signatures
2012-04-29 19:37 . 2012-04-29 19:37 -------- d-----w- c:\windows\Temp1C8EF33F-4210-EEE0-71E1-25E63113D1D5-Signatures
2012-04-29 19:36 . 2012-04-29 19:36 -------- d-----w- c:\windows\Temp155C420E-7454-FB1E-51DE-1AE7BE0952F8-Signatures
2012-04-29 19:32 . 2012-04-29 19:32 -------- d-----w- c:\windows\Temp0B20CC23-3A8C-FE15-9060-079DBC8AD60A-Signatures
2012-04-29 19:11 . 2012-04-29 19:11 -------- d-----w- c:\windows\TempE6046FA5-2D78-119B-F818-241A39BCB5C6-Signatures
2012-04-29 15:32 . 2012-04-29 15:32 -------- d-----w- c:\windows\Temp62390B52-DE0B-96FC-850B-844FFC6D4B11-Signatures
2012-04-29 07:03 . 2012-04-29 07:03 -------- d-----w- c:\windows\Temp72773BAD-4ABA-DE70-5C73-839A3ADD58B1-Signatures
2012-04-28 17:03 . 2012-04-28 17:03 -------- d-----w- c:\windows\Temp5FE0CD7D-868D-4B26-B2D7-0615C1E04627-Signatures
2012-04-27 07:28 . 2012-04-27 07:28 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-27 00:20 . 2012-04-27 00:20 -------- d-----w- c:\windows\TempB3EF0588-F974-054B-DB7D-0CB93C6536C7-Signatures
2012-04-26 23:54 . 2012-04-26 23:54 -------- d-----w- c:\windows\TempE1303BD8-13D0-42E0-ECFB-5641C2C1EBEB-Signatures
2012-04-26 23:52 . 2012-04-26 23:52 -------- d-----w- c:\windows\Temp25A35CC7-FFE8-37E5-DE09-8615143AB16B-Signatures
2012-04-25 19:24 . 2012-04-25 19:24 -------- d-----w- c:\windows\Microsoft Antimalware
2012-04-23 15:31 . 2012-04-23 15:31 -------- d-----w- c:\users\Sean\AppData\Roaming\Malwarebytes
2012-04-23 15:31 . 2012-04-23 15:31 -------- d-----w- c:\programdata\Malwarebytes
2012-04-20 03:08 . 2012-04-20 03:08 -------- d-----w- c:\users\Sean\AppData\Local\Chromium
2012-04-20 01:51 . 2012-04-20 03:08 -------- d-----w- c:\programdata\Hi-Rez Studios
2012-04-17 18:58 . 2012-04-17 18:58 -------- d-----w- c:\program files\iTunes
2012-04-17 18:58 . 2012-04-17 18:58 -------- d-----w- c:\program files\iPod
2012-04-17 02:07 . 2012-04-17 02:07 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-04-17 02:07 . 2012-04-17 02:07 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-17 02:06 . 2011-12-19 22:16 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-04-16 01:25 . 2012-04-16 01:25 -------- d-----w- C:\MoTemp
2012-04-12 06:05 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 06:05 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 06:05 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 06:04 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 06:04 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 06:04 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 06:04 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 06:04 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 06:04 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 06:04 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-04 20:49 . 2012-04-25 00:37 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-29 19:07 . 2010-11-21 03:24 6656 ----a-w- c:\windows\system32\lpcio.dll
2012-04-25 00:37 . 2011-07-09 16:18 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 04:17 . 2011-10-25 08:26 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-19 04:17 . 2011-08-14 20:51 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-19 04:05 . 2011-10-25 08:26 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-17 02:46 . 2011-10-25 08:25 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-13 08:46 . 2011-07-10 16:45 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-18 01:27 . 2011-08-29 05:49 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-17 06:38 . 2012-03-13 20:03 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-13 20:03 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 20:03 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 20:03 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 20:03 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-11 00:16 . 2012-02-11 00:16 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14C5DCCF-DEC6-4CB4-9E4D-F0699B6237E0}\gapaengine.dll
2012-02-10 06:36 . 2012-03-14 04:33 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 04:33 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 04:33 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( [email protected]_17.20.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-08 23:47 . 2012-05-02 19:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-08 23:47 . 2012-04-30 23:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-02 19:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-30 23:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-10 07:06 . 2012-05-02 21:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-10 07:06 . 2012-05-02 17:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-10 07:06 . 2012-05-02 21:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-10 07:06 . 2012-05-02 17:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-02 17:12 . 2012-05-02 17:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-02 21:21 . 2012-05-02 21:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-02 17:12 . 2012-05-02 17:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-02 21:21 . 2012-05-02 21:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-09 15:08 . 2012-05-02 20:18 728376 c:\windows\system32\perfh019.dat
- 2011-07-09 15:08 . 2012-05-02 17:16 728376 c:\windows\system32\perfh019.dat
+ 2011-07-09 15:08 . 2012-05-02 20:18 421634 c:\windows\system32\perfh011.dat
- 2011-07-09 15:08 . 2012-05-02 17:16 421634 c:\windows\system32\perfh011.dat
- 2009-07-14 02:36 . 2012-05-02 17:16 666200 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-02 20:18 666200 c:\windows\system32\perfh009.dat
- 2011-07-09 15:08 . 2012-05-02 17:16 154090 c:\windows\system32\perfc019.dat
+ 2011-07-09 15:08 . 2012-05-02 20:18 154090 c:\windows\system32\perfc019.dat
+ 2011-07-09 15:08 . 2012-05-02 20:18 125804 c:\windows\system32\perfc011.dat
- 2011-07-09 15:08 . 2012-05-02 17:16 125804 c:\windows\system32\perfc011.dat
+ 2009-07-14 02:36 . 2012-05-02 20:18 125804 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-02 17:16 125804 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-05-02 21:20 331116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-02 17:12 331116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-02 17:35 . 2012-04-13 08:46 8917360 c:\windows\TempA68744F3-C06D-CB72-FBB8-430CF189D227-Signatures\mpengine.dll
+ 2011-07-09 04:22 . 2012-05-02 21:20 9155664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-07-09 17:55 . 2012-05-02 21:20 35115364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2104385273-1558365276-2501730529-1000-8192.dat
- 2011-07-09 17:55 . 2012-05-02 17:12 35115364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2104385273-1558365276-2501730529-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FMCore.exe"="c:\program files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe" [2011-07-11 8125440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Razer Orochi Driver"="c:\program files (x86)\Razer\Orochi\RazerOrochiTray.exe" [2009-10-22 2548056]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-2-16 3077120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 253088]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-07-09 1431888]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-03 983104]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-02-15 33792]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 00:37]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2104385273-1558365276-2501730529-1000Core.job
- c:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 01:58]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2104385273-1558365276-2501730529-1000UA.job
- c:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 01:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-07 11663464]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\8bhtnmad.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-05-02 14:27:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-02 21:27
ComboFix2.txt 2012-05-02 20:12
.
Pre-Run: 71,245,164,544 bytes free
Post-Run: 71,151,398,912 bytes free
.
- - End Of File - - DE713F96F19840ABD1985013BC5FB515


=========================================================


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: v2012.05.02.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Sean :: SEAN-P170HM [administrator]

Protection: Disabled

02/05/2012 2:32:44 PM
mbam-log-2012-05-02 (14-32-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198683
Time elapsed: 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


=========================================================


C:\Qoobox\Quarantine\C\Users\Sean\AppData\Roaming\2 4\svchost.exe.vir a variant of Win32/BitCoinMiner.D application
C:\Qoobox\Quarantine\C\Users\Sean\AppData\Roaming\2 8\svchost.exe.vir a variant of Win32/BitCoinMiner.D application
ninjasilver is offline  
Old 05-03-2012, 12:47 AM   #10
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Hi,

It's looking good now.

Quote:
It seems like ESET online scanner's results were what combofix had quarantined.
That's correct. They will be cleared when Combofix uninstalled properly as part of the final steps.

I see that you have uTorrent installed. This practice can make you vulnerable to data and identity theft. Please read this sticky:

Perils of P2P File Sharing

I would strongly recommend that you uninstall it via Programs and Features in Control Panel as suggested in our
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help page.

Quote:
  • p2p programs like uTorrent, Bittorrent, LimeWire, Morpheus, etc., as they are a major conduit for malware and a likely source of your current issues. See this link


==================

If you have no further issues, we should be done here. The logs are clean.

Please disable all protection applications as before .
  • Click Start thenRun
  • Now type ComboFix /Uninstall in the run box and click OK. Notice the space between the Combofix and the /

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore to prevent reinfection from old restore points.

You may re-enable your security applications now.

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article:

Strong passwords: How to create and use them


You may also consider a password keeper, to keep all your passwords safe.

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

It's vital that you keep all your software up-to-date as older versions may have some security vulnerabilities. Secunia Software Inspector Scan can help you find out which programs need to be updated.

Please respond to this thread one more time so we can mark this thread as resolved.

Surf Safely and Think Prevention!
__________________

amateur is offline  
Old 05-03-2012, 12:58 AM   #11
Registered Member
 
Join Date: Apr 2012
Posts: 6
OS: Windows 7 Ultimate 64bit SP1



Thanks for all the help! Not sure how I got this one because I'm pretty adamant about keeping my computer safe. Thanks again for your time.
ninjasilver is offline  
Old 05-03-2012, 02:18 AM   #12
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



You're welcome. Glad to have been able to help.

It's hard to know exactly how the infection may have gotten into the machine. There are various ways an infection can enter a system. Rogue security programs are one of the most common sources of malware infection, as well as visiting crack, varez, gaming and unsavory sites . Also, attackers exploit unpatched security vulnerabilites in some popular software such as Adobe, Java, media players, even the Windows operating system, to mention a few. Another way of getting infected is using p2p file sharing programs, which I already mentioned. Infections can also be spread via flash drives. Sometimes, the legitimate websites are compromised through various hacking techniques. So, the first line of defense is the user himself/herself. One needs to be very careful about the websites being visited, email attachments, and links in the mail or at social websites.
Here’s a very good article by Ed Bott:
Trojans, viruses, worms: How does malware get on PCs and Macs? | ZDNet

Stay safe!
__________________

amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 05:40 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts