View Full Version : Smurf Dos attack and internet lag spikes
Ciythog127
2012-04-19, 18:10
Hi there,
My current scanner (MBAM) isn't finding anything but I'm getting entries in my router log from Taiwan and Japan. I was able to ascertain this by using whois dot net. Enclosed and attached are my dds and i have run Erunt to back up my registry.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by David at 9:01:11 on 2012-04-19
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8169.5544 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SmartTechnology\Software\ProfilerU.exe
C:\Program Files\SmartTechnology\Software\SaiMfd.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe --HiddenServiceDir "C:\Users\David\AppData\Roaming\tor\hidden_service" --HiddenServicePort "55080 127.0.0.1:55080"
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe (null)
C:\Windows\system32\svchost.exe ext "C:\Users\David\AppData\Roaming\Ikyw\buru.exe"
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\LogonUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [CPN Notifier] D:\program files (x86)\Cake Poker 2.0\PokerNotifier.exe
uRun: [cdloader] "C:\Users\David\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [{C33873B8-67FA-5CE5-79EC-29243156178F}] C:\Users\David\AppData\Roaming\Ikyw\buru.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\Users\David\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\David\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\Users\David\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAT9CH~1.LNK - C:\Users\David\AppData\Roaming\Microsoft\Installer\{72A099DE-9782-4679-85AD-0731EF87EA53}\_5B5E5C8CB886861B14F432.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\David\Desktop\PartyPoker.lnk
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{ADB0B0CD-4894-4315-8629-9892489B7A26} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{ADB0B0CD-4894-4315-8629-9892489B7A26}\D496E65674F614771697 : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO-X64: BitComet ClickCapture - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\David\Desktop\PartyPoker.lnk
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6j4eodbe.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\David\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6j4eodbe.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-3 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SaiK0CFA;SaiK0CFA;C:\Windows\system32\DRIVERS\SaiK0CFA.sys --> C:\Windows\system32\DRIVERS\SaiK0CFA.sys [?]
R3 SaiU0CFA;SaiU0CFA;C:\Windows\system32\DRIVERS\SaiU0CFA.sys --> C:\Windows\system32\DRIVERS\SaiU0CFA.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 253088]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-19 01:43:09 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5693081B-DCEA-46D4-8852-FACB4FA39444}\mpengine.dll
2012-04-14 12:54:39 -------- d-----w- C:\Users\David\AppData\Local\Ironclad Games
2012-04-11 11:25:41 711240 ----a-w- C:\Windows\isRS-000.tmp
2012-04-09 22:18:32 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-04-05 11:41:34 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-03 18:19:55 -------- d-----w- C:\Users\David\AppData\Roaming\Doublefine
2012-04-02 16:52:09 -------- d-----w- C:\ProgramData\Pendulo Studios
2012-04-02 16:46:02 -------- d-----w- C:\Program Files (x86)\Pendulo Studios
2012-04-02 16:36:35 -------- d-----w- C:\Users\David\AppData\Roaming\Ikyw
2012-04-02 16:36:35 -------- d-----w- C:\Users\David\AppData\Roaming\Gaxeb
2012-04-02 16:36:34 -------- d-----w- C:\Users\David\AppData\Roaming\tor
2012-04-02 16:25:55 306688 ----a-w- C:\Windows\IsUninst.exe
2012-04-01 02:59:08 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-01 02:15:39 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-14 18:01:13 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-05 11:41:30 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-04 21:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-02 16:50:20 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-04-02 16:50:20 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-04-02 16:50:20 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-04-02 16:50:20 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-02-29 19:26:36 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2012-02-29 19:26:36 28056 ----a-w- C:\Windows\System32\xfcodec64.dll
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-24 16:47:56 52160 ----a-w- C:\Windows\System32\drivers\SaiBus.sys
2012-01-24 16:47:56 24640 ----a-w- C:\Windows\System32\drivers\SaiMini.sys
2011-07-03 04:04:58 59836 --sh--w- C:\Windows\dtmn.exe
2011-07-03 04:04:50 66047 --sh--w- C:\Windows\kdhr.exe
.
============= FINISH: 9:01:50.96 ===============
I thank you in advance for helping me sort this out.
shelf life
2012-04-23, 03:59
hi Ciythog127,
Your post is a few days old. If you still need help simply reply back.
Ciythog127
2012-04-24, 16:32
Yes i still need help
shelf life
2012-04-25, 00:09
Ok. As for the logs and lags: Your torrent client can certainly be a drag on your traffic in its default setting. Looks like your also relaying traffic for the Tor network, more bandwidth saturation.
See if you can locate this .exe in a folder called Ikyw
C:\Users\David\AppData\Roaming\Ikyw\buru.exe
If you find it you can go here (http://www.bleepingcomputer.com/submit-malware.php?channel=67), browse for the file on your machine, then upload it using the send file button.
Are you experiencing any page re-direction, like ending up a unrequested websites?
Ciythog127
2012-04-25, 14:11
hey there,
no such file in the specified location or anywhere else on the drive.
i am not having problems with redirects. What is tor network?
-Dave
shelf life
2012-04-26, 00:21
That location may not show up in explorer unless all files are set to show. the default is to not show all files. Dont worry about it for now.
Whats Tor? (https://www.torproject.org/) Some people use Tor for there file sharing activities which isnt a good idea.
I was going by this in your log: tor\hidden_service
Now that I think about it, could just be a leftover after a uninstall.
We will get a download to use. Its called combofix. There is a guide to read first. Read through the guide then apply the directions on your own machine. Post the combofix log in your reply.
Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Ciythog127
2012-04-26, 13:45
Here ya go.
ComboFix 12-04-25.02 - David 04/26/2012 4:38.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8169.6232 [GMT -6:00]
Running from: c:\users\David\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6j4eodbe.default\weave\toFetch
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6j4eodbe.default\weave\toFetch\clients.json
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6j4eodbe.default\weave\toFetch\tabs.json
c:\windows\SysWow64\urttemp
c:\windows\SysWow64\urttemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))
.
.
2012-04-26 10:41 . 2012-04-26 10:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-26 10:41 . 2012-04-26 10:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-19 15:00 . 2012-04-19 15:00 -------- d-----w- c:\program files (x86)\ERUNT
2012-04-14 12:54 . 2012-04-14 12:54 -------- d-----w- c:\users\David\AppData\Local\Ironclad Games
2012-04-09 22:18 . 2012-04-09 22:18 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-04-05 11:41 . 2012-04-05 11:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-05 11:41 . 2012-04-05 11:41 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-03 18:19 . 2012-04-03 18:19 -------- d-----w- c:\users\David\AppData\Roaming\Doublefine
2012-04-02 16:52 . 2012-04-02 16:52 -------- d-----w- c:\programdata\Pendulo Studios
2012-04-02 16:46 . 2012-04-02 16:46 -------- d-----w- c:\program files (x86)\Pendulo Studios
2012-04-02 16:36 . 2012-04-20 01:14 -------- d-----w- c:\users\David\AppData\Roaming\Ikyw
2012-04-02 16:36 . 2012-04-20 01:14 -------- d-----w- c:\users\David\AppData\Roaming\Gaxeb
2012-04-02 16:36 . 2012-04-20 01:13 -------- d-----w- c:\users\David\AppData\Roaming\tor
2012-04-02 16:25 . 1998-10-29 22:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-04-01 02:59 . 2012-04-14 18:01 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-01 02:15 . 2012-04-14 18:01 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 18:01 . 2011-07-03 08:01 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 08:46 . 2012-01-01 07:57 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-05 11:41 . 2011-07-03 08:14 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 21:56 . 2011-07-03 08:23 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 16:50 . 2011-11-23 11:33 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-04-02 16:50 . 2011-11-23 11:33 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-04-02 16:50 . 2011-11-23 11:33 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-04-02 16:50 . 2011-11-23 11:33 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-29 19:26 . 2012-02-29 19:26 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-02-29 19:26 . 2012-02-29 19:26 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-02-10 18:57 . 2012-02-10 18:57 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{318B1F28-D156-45DA-84A5-2DC947702BA1}\gapaengine.dll
2012-01-31 12:44 . 2011-07-03 07:04 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-07-03 04:04 59836 --sh--w- c:\windows\dtmn.exe
2011-07-03 04:04 66047 --sh--w- c:\windows\kdhr.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-14 1242448]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"cdloader"="c:\users\David\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
RAT 9 Charge Indicator.lnk - c:\users\David\AppData\Roaming\Microsoft\Installer\{72A099DE-9782-4679-85AD-0731EF87EA53}\_5B5E5C8CB886861B14F432.exe [2012-2-21 75993]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\David\AppData\Local\Temp\005993F.tmp [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SaiK0CFA;SaiK0CFA;c:\windows\system32\DRIVERS\SaiK0CFA.sys [x]
S3 SaiU0CFA;SaiU0CFA;c:\windows\system32\DRIVERS\SaiU0CFA.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 18:01]
.
2012-04-26 c:\windows\Tasks\At2.job
- c:\windows\kdhr.exe [2011-07-03 04:04]
.
2012-04-26 c:\windows\Tasks\At5.job
- c:\windows\dtmn.exe [2011-07-03 04:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-03 11545192]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-01-24 432640]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-01-24 158208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6j4eodbe.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-CPN Notifier - d:\program files (x86)\Cake Poker 2.0\PokerNotifier.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\David\AppData\Local\Temp\005993F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-26 04:43:22
ComboFix-quarantined-files.txt 2012-04-26 10:43
.
Pre-Run: 42,620,555,264 bytes free
Post-Run: 42,601,287,680 bytes free
.
- - End Of File - - CF80EB0241BF22C0D14C9B3EEE121481
shelf life
2012-04-27, 01:33
ok we will do two things. First you can browse to two files and upload them then we will use combofix to remove them.
By default OS files can be hidden, so follow this link (http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/) to change that.
Next using explorer browse to the C:/ Windows directory and see if you can find these two exe:
C:\Windows\dtmn.exe
C:\Windows\kdhr.exe
If so go here (http://www.bleepingcomputer.com/submit-malware.php?channel=67) browse for the files and upload them to my channel.
Next:
Before using combofix temporarily disable your AV then:
Start Notepad and click OK. (start>Programs>Accessories>Notepad)
Copy/paste the text in the code box below into notepad:
File::
C:\Windows\dtmn.exe
C:\Windows\kdhr.exe
Name the Notepad file: CFScript.txt and Save it to your desktop.
Now using your mouse drag the file you just saved right on top of the combofix icon and release. Combofix will start up and run. Post the new log once its done.
Ciythog127
2012-04-28, 02:47
files uploaded, here's the log...
ComboFix 12-04-25.02 - David 04/27/2012 17:37:42.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8169.7001 [GMT -6:00]
Running from: c:\users\David\Desktop\ComboFix.exe
Command switches used :: c:\users\David\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\dtmn.exe"
"c:\windows\kdhr.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\dtmn.exe
c:\windows\kdhr.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
.
.
2012-04-27 23:43 . 2012-04-27 23:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-27 23:43 . 2012-04-27 23:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-27 08:13 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9B679E4-4BD4-43DE-8053-D7DF87750837}\mpengine.dll
2012-04-26 18:02 . 2012-04-26 18:45 -------- d-----w- c:\users\David\AppData\Local\BladesOfTime
2012-04-26 17:59 . 2012-04-26 17:59 -------- d-----w- c:\program files (x86)\Konami
2012-04-26 10:32 . 2012-04-26 10:32 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-26 10:32 . 2012-04-26 10:32 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 10:32 . 2012-04-26 10:32 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-19 15:00 . 2012-04-19 15:00 -------- d-----w- c:\program files (x86)\ERUNT
2012-04-14 12:54 . 2012-04-14 12:54 -------- d-----w- c:\users\David\AppData\Local\Ironclad Games
2012-04-09 22:18 . 2012-04-09 22:18 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-04-05 11:41 . 2012-04-05 11:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-05 11:41 . 2012-04-05 11:41 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-03 18:19 . 2012-04-03 18:19 -------- d-----w- c:\users\David\AppData\Roaming\Doublefine
2012-04-02 16:52 . 2012-04-02 16:52 -------- d-----w- c:\programdata\Pendulo Studios
2012-04-02 16:46 . 2012-04-02 16:46 -------- d-----w- c:\program files (x86)\Pendulo Studios
2012-04-02 16:36 . 2012-04-20 01:14 -------- d-----w- c:\users\David\AppData\Roaming\Ikyw
2012-04-02 16:36 . 2012-04-20 01:14 -------- d-----w- c:\users\David\AppData\Roaming\Gaxeb
2012-04-02 16:36 . 2012-04-20 01:13 -------- d-----w- c:\users\David\AppData\Roaming\tor
2012-04-02 16:25 . 1998-10-29 22:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-04-01 02:59 . 2012-04-14 18:01 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-01 02:15 . 2012-04-14 18:01 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 18:01 . 2011-07-03 08:01 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 08:46 . 2012-01-01 07:57 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-05 11:41 . 2011-07-03 08:14 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 21:56 . 2011-07-03 08:23 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 16:50 . 2011-11-23 11:33 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-04-02 16:50 . 2011-11-23 11:33 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-04-02 16:50 . 2011-11-23 11:33 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-04-02 16:50 . 2011-11-23 11:33 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-29 19:26 . 2012-02-29 19:26 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-02-29 19:26 . 2012-02-29 19:26 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-02-10 18:57 . 2012-02-10 18:57 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{318B1F28-D156-45DA-84A5-2DC947702BA1}\gapaengine.dll
2012-01-31 12:44 . 2011-07-03 07:04 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-26_10.41.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-09-21 04:19 . 2012-04-26 04:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-09-21 04:19 . 2012-04-27 04:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-04-26 04:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-27 04:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-27 04:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-26 04:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-27 04:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-26 04:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-27 18:03 . 2012-04-27 18:03 89488 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2011-07-03 07:23 . 2012-04-27 23:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-03 07:23 . 2012-04-26 10:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-03 07:23 . 2012-04-26 10:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-03 07:23 . 2012-04-27 23:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-14 1242448]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"cdloader"="c:\users\David\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
RAT 9 Charge Indicator.lnk - c:\users\David\AppData\Roaming\Microsoft\Installer\{72A099DE-9782-4679-85AD-0731EF87EA53}\_5B5E5C8CB886861B14F432.exe [2012-2-21 75993]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\David\AppData\Local\Temp\005993F.tmp [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SaiK0CFA;SaiK0CFA;c:\windows\system32\DRIVERS\SaiK0CFA.sys [x]
S3 SaiU0CFA;SaiU0CFA;c:\windows\system32\DRIVERS\SaiU0CFA.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 18:01]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-03 11545192]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-01-24 432640]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-01-24 158208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6j4eodbe.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\David\AppData\Local\Temp\005993F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-27 17:45:44
ComboFix-quarantined-files.txt 2012-04-27 23:45
ComboFix2.txt 2012-04-26 10:43
.
Pre-Run: 39,352,664,064 bytes free
Post-Run: 39,278,018,560 bytes free
.
- - End Of File - - 17834E6DD96CDD6D6F1539E3D7B7F610
Thanks
-Dave
shelf life
2012-04-28, 19:54
Got the two exe. Lets use combofix once more. Just like before copy the following into notepad, name it and drop it onto the combofix icon. Post the new log.
Folder::
c:\users\David\AppData\Roaming\Ikyw
c:\users\David\AppData\Roaming\Gaxeb
c:\users\David\AppData\Roaming\tor
Ciythog127
2012-04-29, 11:39
new log
ComboFix 12-04-25.02 - David 04/29/2012 2:34.3.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8169.6470 [GMT -6:00]
Running from: c:\users\David\Desktop\ComboFix.exe
Command switches used :: c:\users\David\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\David\AppData\Roaming\Gaxeb
c:\users\David\AppData\Roaming\Gaxeb\usduq.ifd
c:\users\David\AppData\Roaming\Ikyw
c:\users\David\AppData\Roaming\tor
c:\users\David\AppData\Roaming\tor\cached-certs
c:\users\David\AppData\Roaming\tor\cached-consensus
c:\users\David\AppData\Roaming\tor\cached-descriptors
c:\users\David\AppData\Roaming\tor\cached-descriptors.new
c:\users\David\AppData\Roaming\tor\hidden_service\hostname
c:\users\David\AppData\Roaming\tor\hidden_service\private_key
c:\users\David\AppData\Roaming\tor\lock
c:\users\David\AppData\Roaming\tor\state
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-29 08:37 . 2012-04-29 08:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-29 08:37 . 2012-04-29 08:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-29 08:32 . 2012-04-29 08:32 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD4EC3F2-D6EF-4E86-87EE-159B96FA701F}\offreg.dll
2012-04-29 08:13 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD4EC3F2-D6EF-4E86-87EE-159B96FA701F}\mpengine.dll
2012-04-26 18:02 . 2012-04-26 18:45 -------- d-----w- c:\users\David\AppData\Local\BladesOfTime
2012-04-26 17:59 . 2012-04-26 17:59 -------- d-----w- c:\program files (x86)\Konami
2012-04-26 10:32 . 2012-04-26 10:32 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-26 10:32 . 2012-04-26 10:32 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 10:32 . 2012-04-26 10:32 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-19 15:00 . 2012-04-19 15:00 -------- d-----w- c:\program files (x86)\ERUNT
2012-04-14 12:54 . 2012-04-14 12:54 -------- d-----w- c:\users\David\AppData\Local\Ironclad Games
2012-04-09 22:18 . 2012-04-09 22:18 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-04-05 11:41 . 2012-04-05 11:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-05 11:41 . 2012-04-05 11:41 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-03 18:19 . 2012-04-03 18:19 -------- d-----w- c:\users\David\AppData\Roaming\Doublefine
2012-04-02 16:52 . 2012-04-02 16:52 -------- d-----w- c:\programdata\Pendulo Studios
2012-04-02 16:46 . 2012-04-02 16:46 -------- d-----w- c:\program files (x86)\Pendulo Studios
2012-04-02 16:25 . 1998-10-29 22:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-04-01 02:59 . 2012-04-14 18:01 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-01 02:15 . 2012-04-14 18:01 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 18:01 . 2011-07-03 08:01 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-13 08:46 . 2012-01-01 07:57 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-05 11:41 . 2011-07-03 08:14 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 21:56 . 2011-07-03 08:23 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 16:50 . 2011-11-23 11:33 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-04-02 16:50 . 2011-11-23 11:33 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-04-02 16:50 . 2011-11-23 11:33 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-04-02 16:50 . 2011-11-23 11:33 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-29 19:26 . 2012-02-29 19:26 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-02-29 19:26 . 2012-02-29 19:26 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-02-10 18:57 . 2012-02-10 18:57 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{318B1F28-D156-45DA-84A5-2DC947702BA1}\gapaengine.dll
2012-01-31 12:44 . 2011-07-03 07:04 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-26_10.41.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-09-21 04:19 . 2012-04-26 04:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-09-21 04:19 . 2012-04-27 04:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-04-26 04:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-27 04:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-27 04:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-26 04:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-27 04:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-26 04:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-27 18:03 . 2012-04-27 18:03 89488 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2011-07-03 07:23 . 2012-04-29 08:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-03 07:23 . 2012-04-26 10:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-03 07:23 . 2012-04-26 10:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-03 07:23 . 2012-04-29 08:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-14 1242448]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"cdloader"="c:\users\David\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
RAT 9 Charge Indicator.lnk - c:\users\David\AppData\Roaming\Microsoft\Installer\{72A099DE-9782-4679-85AD-0731EF87EA53}\_5B5E5C8CB886861B14F432.exe [2012-2-21 75993]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\David\AppData\Local\Temp\005993F.tmp [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SaiK0CFA;SaiK0CFA;c:\windows\system32\DRIVERS\SaiK0CFA.sys [x]
S3 SaiU0CFA;SaiU0CFA;c:\windows\system32\DRIVERS\SaiU0CFA.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 18:01]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-03 11545192]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-01-24 432640]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-01-24 158208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\6j4eodbe.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\David\AppData\Local\Temp\005993F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-29 02:38:24
ComboFix-quarantined-files.txt 2012-04-29 08:38
ComboFix2.txt 2012-04-27 23:45
ComboFix3.txt 2012-04-26 10:43
.
Pre-Run: 42,081,976,320 bytes free
Post-Run: 41,873,068,032 bytes free
.
- - End Of File - - F157B3D6B21AE0067A348E5828C5C6E2
shelf life
2012-04-29, 21:30
Hows it looking on your end now?
Ciythog127
2012-04-30, 14:12
Kinda looks like it always has. :0 I'm still having these wierd internet lag spikes, it might be something from outside which has been known to happen. Ill give my ISP a call, and have them cycle my IP addy. You gotta understand, I am the most immaculate person when it comes to the cleanliness of my machine. Spent some time working in a Repair shop... doing this kind of work also, cleaning viruses and whatnot. This one stumped me... but hey life goes on. Thank you again, for your help and advice.
-David
shelf life
2012-05-01, 02:46
Dont really see any malware left that needs to be removed. Could be network (ISP) related and out of your control. If it was malware on your machine pulling a new ip wouldnt help.
We can get one more download just for a additional check. Its called Tdsskiller:
Please download TDSS Killer.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your desktop
Double click to launch the utility. Vista and Windows 7 right click and "run as admin.." After it initializes click the start scan button.
"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
A report can also be found in your Root drive Local Disk (C) as TDSSKiller.2.4.12.0_02.01.2011_17.32.21_log.txt (name, version, date, time, log.txt)
Please post the log report
Ciythog127
2012-05-01, 02:57
1 suspicious object found...
17:53:35.0377 2756 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
17:53:35.0827 2756 ============================================================
17:53:35.0827 2756 Current date / time: 2012/04/30 17:53:35.0827
17:53:35.0827 2756 SystemInfo:
17:53:35.0827 2756
17:53:35.0827 2756 OS Version: 6.1.7601 ServicePack: 1.0
17:53:35.0827 2756 Product type: Workstation
17:53:35.0827 2756 ComputerName: RESOLLIFE
17:53:35.0827 2756 UserName: David
17:53:35.0827 2756 Windows directory: C:\Windows
17:53:35.0827 2756 System windows directory: C:\Windows
17:53:35.0827 2756 Running under WOW64
17:53:35.0827 2756 Processor architecture: Intel x64
17:53:35.0827 2756 Number of processors: 8
17:53:35.0827 2756 Page size: 0x1000
17:53:35.0827 2756 Boot type: Normal boot
17:53:35.0827 2756 ============================================================
17:53:36.0470 2756 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x50BB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
17:53:36.0479 2756 Drive \Device\Harddisk1\DR1 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:53:36.0498 2756 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:53:36.0503 2756 ============================================================
17:53:36.0503 2756 \Device\Harddisk0\DR0:
17:53:36.0503 2756 MBR partitions:
17:53:36.0503 2756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:53:36.0503 2756 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129D2800
17:53:36.0503 2756 \Device\Harddisk1\DR1:
17:53:36.0503 2756 MBR partitions:
17:53:36.0503 2756 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x17BD7800
17:53:36.0503 2756 \Device\Harddisk2\DR2:
17:53:36.0503 2756 MBR partitions:
17:53:36.0503 2756 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
17:53:36.0503 2756 ============================================================
17:53:36.0534 2756 C: <-> \Device\Harddisk0\DR0\Partition1
17:53:36.0560 2756 D: <-> \Device\Harddisk1\DR1\Partition0
17:53:36.0574 2756 E: <-> \Device\Harddisk2\DR2\Partition0
17:53:36.0574 2756 ============================================================
17:53:36.0574 2756 Initialize success
17:53:36.0574 2756 ============================================================
17:54:22.0495 4696 ============================================================
17:54:22.0495 4696 Scan started
17:54:22.0495 4696 Mode: Manual;
17:54:22.0495 4696 ============================================================
17:54:23.0052 4696 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:54:23.0062 4696 1394ohci - ok
17:54:23.0115 4696 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:54:23.0128 4696 ACPI - ok
17:54:23.0151 4696 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:54:23.0151 4696 AcpiPmi - ok
17:54:23.0224 4696 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:54:23.0225 4696 AdobeARMservice - ok
17:54:23.0350 4696 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:54:23.0357 4696 AdobeFlashPlayerUpdateSvc - ok
17:54:23.0406 4696 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:54:23.0419 4696 adp94xx - ok
17:54:23.0455 4696 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:54:23.0463 4696 adpahci - ok
17:54:23.0480 4696 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:54:23.0484 4696 adpu320 - ok
17:54:23.0508 4696 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:54:23.0509 4696 AeLookupSvc - ok
17:54:23.0563 4696 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:54:23.0581 4696 AFD - ok
17:54:23.0626 4696 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:54:23.0628 4696 agp440 - ok
17:54:23.0645 4696 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:54:23.0646 4696 ALG - ok
17:54:23.0665 4696 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:54:23.0666 4696 aliide - ok
17:54:23.0677 4696 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:54:23.0678 4696 amdide - ok
17:54:23.0705 4696 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:54:23.0706 4696 AmdK8 - ok
17:54:23.0712 4696 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:54:23.0718 4696 AmdPPM - ok
17:54:23.0733 4696 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
17:54:23.0739 4696 amdsata - ok
17:54:23.0768 4696 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:54:23.0780 4696 amdsbs - ok
17:54:23.0786 4696 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
17:54:23.0787 4696 amdxata - ok
17:54:23.0847 4696 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:54:23.0848 4696 AppID - ok
17:54:23.0870 4696 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:54:23.0871 4696 AppIDSvc - ok
17:54:23.0909 4696 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:54:23.0910 4696 Appinfo - ok
17:54:23.0946 4696 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:54:23.0958 4696 AppMgmt - ok
17:54:23.0992 4696 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:54:23.0997 4696 arc - ok
17:54:24.0010 4696 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:54:24.0015 4696 arcsas - ok
17:54:24.0054 4696 aspnet_state - ok
17:54:24.0075 4696 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:54:24.0076 4696 AsyncMac - ok
17:54:24.0113 4696 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:54:24.0114 4696 atapi - ok
17:54:24.0139 4696 AthBTPort (aaae03f8eda817ec28c5445193ea8bf3) C:\Windows\system32\DRIVERS\btath_flt.sys
17:54:24.0140 4696 AthBTPort - ok
17:54:24.0167 4696 ATHDFU (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys
17:54:24.0168 4696 ATHDFU - ok
17:54:24.0239 4696 AtherosSvc (c34b28d6285ead94b3a2faba84e90da5) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
17:54:24.0241 4696 AtherosSvc - ok
17:54:24.0306 4696 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:54:24.0320 4696 AudioEndpointBuilder - ok
17:54:24.0324 4696 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:54:24.0326 4696 AudioSrv - ok
17:54:24.0375 4696 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:54:24.0378 4696 AxInstSV - ok
17:54:24.0419 4696 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:54:24.0431 4696 b06bdrv - ok
17:54:24.0465 4696 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:54:24.0473 4696 b57nd60a - ok
17:54:24.0509 4696 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:54:24.0514 4696 BDESVC - ok
17:54:24.0526 4696 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:54:24.0527 4696 Beep - ok
17:54:24.0594 4696 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:54:24.0611 4696 BFE - ok
17:54:24.0737 4696 BITCOMET_HELPER_SERVICE - ok
17:54:24.0810 4696 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
17:54:24.0831 4696 BITS - ok
17:54:24.0877 4696 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:54:24.0878 4696 blbdrive - ok
17:54:24.0907 4696 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:54:24.0912 4696 bowser - ok
17:54:24.0926 4696 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:54:24.0927 4696 BrFiltLo - ok
17:54:24.0936 4696 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:54:24.0937 4696 BrFiltUp - ok
17:54:24.0964 4696 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:54:24.0970 4696 BridgeMP - ok
17:54:25.0025 4696 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:54:25.0035 4696 Browser - ok
17:54:25.0051 4696 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:54:25.0063 4696 Brserid - ok
17:54:25.0074 4696 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:54:25.0075 4696 BrSerWdm - ok
17:54:25.0082 4696 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:54:25.0082 4696 BrUsbMdm - ok
17:54:25.0087 4696 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:54:25.0087 4696 BrUsbSer - ok
17:54:25.0124 4696 BTATH_A2DP (3b1b573371b206d1d5f25e0ef5fcd6d6) C:\Windows\system32\drivers\btath_a2dp.sys
17:54:25.0133 4696 BTATH_A2DP - ok
17:54:25.0168 4696 BTATH_BUS (2d0446336d9db55a742b999ec16adf15) C:\Windows\system32\DRIVERS\btath_bus.sys
17:54:25.0169 4696 BTATH_BUS - ok
17:54:25.0183 4696 BTATH_HCRP (9a9694bbeb2849eaf95dffcae5df02ad) C:\Windows\system32\DRIVERS\btath_hcrp.sys
17:54:25.0195 4696 BTATH_HCRP - ok
17:54:25.0224 4696 BTATH_LWFLT (fc0a8075ddf2e9c66267aec91e0676f9) C:\Windows\system32\DRIVERS\btath_lwflt.sys
17:54:25.0225 4696 BTATH_LWFLT - ok
17:54:25.0243 4696 BTATH_RCP (5eb4815cbddba4541f2380dae6e269ab) C:\Windows\system32\DRIVERS\btath_rcp.sys
17:54:25.0252 4696 BTATH_RCP - ok
17:54:25.0283 4696 BtFilter (0ecede7b33cfd9a52a61220abbd09a50) C:\Windows\system32\DRIVERS\btfilter.sys
17:54:25.0296 4696 BtFilter - ok
17:54:25.0323 4696 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
17:54:25.0324 4696 BthEnum - ok
17:54:25.0350 4696 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:54:25.0351 4696 BTHMODEM - ok
17:54:25.0364 4696 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:54:25.0371 4696 BthPan - ok
17:54:25.0413 4696 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
17:54:25.0424 4696 BTHPORT - ok
17:54:25.0452 4696 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:54:25.0459 4696 bthserv - ok
17:54:25.0480 4696 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
17:54:25.0481 4696 BTHUSB - ok
17:54:25.0510 4696 catchme - ok
17:54:25.0538 4696 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:54:25.0544 4696 cdfs - ok
17:54:25.0588 4696 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:54:25.0592 4696 cdrom - ok
17:54:25.0637 4696 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:54:25.0639 4696 CertPropSvc - ok
17:54:25.0663 4696 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:54:25.0664 4696 circlass - ok
17:54:25.0702 4696 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:54:25.0713 4696 CLFS - ok
17:54:25.0757 4696 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:54:25.0759 4696 clr_optimization_v2.0.50727_32 - ok
17:54:25.0806 4696 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:54:25.0812 4696 clr_optimization_v2.0.50727_64 - ok
17:54:25.0919 4696 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:54:25.0924 4696 clr_optimization_v4.0.30319_32 - ok
17:54:25.0966 4696 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:54:25.0976 4696 clr_optimization_v4.0.30319_64 - ok
17:54:26.0000 4696 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:54:26.0001 4696 CmBatt - ok
17:54:26.0030 4696 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:54:26.0031 4696 cmdide - ok
17:54:26.0085 4696 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:54:26.0096 4696 CNG - ok
17:54:26.0108 4696 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:54:26.0109 4696 Compbatt - ok
17:54:26.0133 4696 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:54:26.0134 4696 CompositeBus - ok
17:54:26.0136 4696 COMSysApp - ok
17:54:26.0160 4696 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:54:26.0161 4696 crcdisk - ok
17:54:26.0216 4696 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:54:26.0220 4696 CryptSvc - ok
17:54:26.0270 4696 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:54:26.0280 4696 CSC - ok
17:54:26.0348 4696 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:54:26.0363 4696 CscService - ok
17:54:26.0425 4696 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:54:26.0437 4696 DcomLaunch - ok
17:54:26.0479 4696 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:54:26.0485 4696 defragsvc - ok
17:54:26.0536 4696 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:54:26.0541 4696 DfsC - ok
17:54:26.0599 4696 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:54:26.0607 4696 Dhcp - ok
17:54:26.0632 4696 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:54:26.0633 4696 discache - ok
17:54:26.0657 4696 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:54:26.0659 4696 Disk - ok
17:54:26.0697 4696 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:54:26.0708 4696 Dnscache - ok
17:54:26.0759 4696 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:54:26.0766 4696 dot3svc - ok
17:54:26.0807 4696 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:54:26.0819 4696 DPS - ok
17:54:26.0844 4696 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:54:26.0845 4696 drmkaud - ok
17:54:26.0918 4696 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:54:26.0946 4696 DXGKrnl - ok
17:54:26.0993 4696 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
17:54:27.0005 4696 e1cexpress - ok
17:54:27.0013 4696 EagleX64 - ok
17:54:27.0039 4696 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:54:27.0051 4696 EapHost - ok
17:54:27.0210 4696 ebdrv (dc5d737f51be844d8c82c695eb17372f)
Ciythog127
2012-05-01, 02:58
heres the rest....
C:\Windows\system32\DRIVERS\evbda.sys
17:54:27.0279 4696 ebdrv - ok
17:54:27.0355 4696 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:54:27.0357 4696 EFS - ok
17:54:27.0444 4696 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:54:27.0460 4696 ehRecvr - ok
17:54:27.0486 4696 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:54:27.0491 4696 ehSched - ok
17:54:27.0554 4696 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:54:27.0567 4696 elxstor - ok
17:54:27.0600 4696 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:54:27.0601 4696 ErrDev - ok
17:54:27.0640 4696 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:54:27.0650 4696 EventSystem - ok
17:54:27.0681 4696 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:54:27.0690 4696 exfat - ok
17:54:27.0713 4696 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:54:27.0720 4696 fastfat - ok
17:54:27.0791 4696 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:54:27.0806 4696 Fax - ok
17:54:27.0827 4696 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:54:27.0827 4696 fdc - ok
17:54:27.0855 4696 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:54:27.0856 4696 fdPHost - ok
17:54:27.0865 4696 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:54:27.0866 4696 FDResPub - ok
17:54:27.0889 4696 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:54:27.0890 4696 FileInfo - ok
17:54:27.0900 4696 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:54:27.0901 4696 Filetrace - ok
17:54:27.0913 4696 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:54:27.0914 4696 flpydisk - ok
17:54:27.0964 4696 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:54:27.0977 4696 FltMgr - ok
17:54:28.0069 4696 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
17:54:28.0099 4696 FontCache - ok
17:54:28.0189 4696 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:54:28.0190 4696 FontCache3.0.0.0 - ok
17:54:28.0229 4696 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:54:28.0231 4696 FsDepends - ok
17:54:28.0249 4696 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:54:28.0250 4696 Fs_Rec - ok
17:54:28.0301 4696 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:54:28.0308 4696 fvevol - ok
17:54:28.0326 4696 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:54:28.0328 4696 gagp30kx - ok
17:54:28.0392 4696 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:54:28.0415 4696 gpsvc - ok
17:54:28.0465 4696 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
17:54:28.0466 4696 hamachi - ok
17:54:28.0654 4696 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
17:54:28.0698 4696 Hamachi2Svc - ok
17:54:28.0796 4696 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:54:28.0797 4696 hcw85cir - ok
17:54:28.0855 4696 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:54:28.0869 4696 HdAudAddService - ok
17:54:28.0900 4696 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:54:28.0911 4696 HDAudBus - ok
17:54:28.0915 4696 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:54:28.0916 4696 HidBatt - ok
17:54:28.0931 4696 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:54:28.0935 4696 HidBth - ok
17:54:28.0962 4696 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:54:28.0963 4696 HidIr - ok
17:54:28.0978 4696 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:54:28.0979 4696 hidserv - ok
17:54:29.0016 4696 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:54:29.0017 4696 HidUsb - ok
17:54:29.0063 4696 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:54:29.0067 4696 hkmsvc - ok
17:54:29.0123 4696 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:54:29.0131 4696 HomeGroupListener - ok
17:54:29.0173 4696 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:54:29.0181 4696 HomeGroupProvider - ok
17:54:29.0225 4696 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:54:29.0226 4696 HpSAMD - ok
17:54:29.0290 4696 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:54:29.0306 4696 HTTP - ok
17:54:29.0319 4696 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:54:29.0320 4696 hwpolicy - ok
17:54:29.0378 4696 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:54:29.0383 4696 i8042prt - ok
17:54:29.0406 4696 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
17:54:29.0422 4696 iaStorV - ok
17:54:29.0536 4696 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:54:29.0555 4696 idsvc - ok
17:54:29.0597 4696 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:54:29.0598 4696 iirsp - ok
17:54:29.0655 4696 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:54:29.0672 4696 IKEEXT - ok
17:54:29.0836 4696 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
17:54:29.0885 4696 IntcAzAudAddService - ok
17:54:29.0989 4696 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:54:29.0990 4696 intelide - ok
17:54:30.0014 4696 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:54:30.0015 4696 intelppm - ok
17:54:30.0047 4696 Intel® PROSet Monitoring Service (068ec06f3b6dd7b81b365d8fd2ce27e6) C:\Windows\system32\IProsetMonitor.exe
17:54:30.0051 4696 Intel® PROSet Monitoring Service - ok
17:54:30.0083 4696 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:54:30.0087 4696 IPBusEnum - ok
17:54:30.0133 4696 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:54:30.0138 4696 IpFilterDriver - ok
17:54:30.0204 4696 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:54:30.0222 4696 iphlpsvc - ok
17:54:30.0253 4696 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:54:30.0255 4696 IPMIDRV - ok
17:54:30.0283 4696 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:54:30.0289 4696 IPNAT - ok
17:54:30.0304 4696 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:54:30.0305 4696 IRENUM - ok
17:54:30.0351 4696 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:54:30.0352 4696 isapnp - ok
17:54:30.0373 4696 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:54:30.0382 4696 iScsiPrt - ok
17:54:30.0400 4696 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:54:30.0402 4696 kbdclass - ok
17:54:30.0422 4696 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:54:30.0423 4696 kbdhid - ok
17:54:30.0445 4696 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:54:30.0446 4696 KeyIso - ok
17:54:30.0461 4696 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:54:30.0466 4696 KSecDD - ok
17:54:30.0482 4696 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:54:30.0492 4696 KSecPkg - ok
17:54:30.0515 4696 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:54:30.0516 4696 ksthunk - ok
17:54:30.0551 4696 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:54:30.0561 4696 KtmRm - ok
17:54:30.0621 4696 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:54:30.0630 4696 LanmanServer - ok
17:54:30.0672 4696 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:54:30.0676 4696 LanmanWorkstation - ok
17:54:30.0796 4696 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
17:54:30.0807 4696 LBTServ - ok
17:54:30.0856 4696 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:54:30.0858 4696 LHidFilt - ok
17:54:30.0885 4696 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:54:30.0887 4696 lltdio - ok
17:54:30.0922 4696 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:54:30.0932 4696 lltdsvc - ok
17:54:30.0948 4696 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:54:30.0949 4696 lmhosts - ok
17:54:30.0962 4696 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:54:30.0964 4696 LMouFilt - ok
17:54:30.0987 4696 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:54:30.0992 4696 LSI_FC - ok
17:54:31.0018 4696 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:54:31.0029 4696 LSI_SAS - ok
17:54:31.0041 4696 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:54:31.0042 4696 LSI_SAS2 - ok
17:54:31.0054 4696 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:54:31.0065 4696 LSI_SCSI - ok
17:54:31.0090 4696 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:54:31.0102 4696 luafv - ok
17:54:31.0143 4696 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:54:31.0148 4696 Mcx2Svc - ok
17:54:31.0160 4696 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:54:31.0161 4696 megasas - ok
17:54:31.0189 4696 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:54:31.0203 4696 MegaSR - ok
17:54:31.0235 4696 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
17:54:31.0236 4696 MEIx64 - ok
17:54:31.0264 4696 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:54:31.0265 4696 MMCSS - ok
17:54:31.0276 4696 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:54:31.0277 4696 Modem - ok
17:54:31.0313 4696 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:54:31.0314 4696 monitor - ok
17:54:31.0370 4696 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:54:31.0371 4696 mouclass - ok
17:54:31.0392 4696 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:54:31.0392 4696 mouhid - ok
17:54:31.0440 4696 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:54:31.0443 4696 mountmgr - ok
17:54:31.0512 4696 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:54:31.0522 4696 MozillaMaintenance - ok
17:54:31.0573 4696 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
17:54:31.0581 4696 MpFilter - ok
17:54:31.0622 4696 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:54:31.0632 4696 mpio - ok
17:54:31.0646 4696 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
17:54:31.0647 4696 MpNWMon - ok
17:54:31.0669 4696 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:54:31.0671 4696 mpsdrv - ok
17:54:31.0739 4696 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:54:31.0761 4696 MpsSvc - ok
17:54:31.0802 4696 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:54:31.0811 4696 MRxDAV - ok
17:54:31.0839 4696 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:54:31.0848 4696 mrxsmb - ok
17:54:31.0898 4696 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:54:31.0909 4696 mrxsmb10 - ok
17:54:31.0927 4696 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:54:31.0939 4696 mrxsmb20 - ok
17:54:31.0973 4696 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:54:31.0974 4696 msahci - ok
17:54:31.0989 4696 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:54:31.0994 4696 msdsm - ok
17:54:32.0022 4696 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:54:32.0027 4696 MSDTC - ok
17:54:32.0056 4696 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:54:32.0057 4696 Msfs - ok
17:54:32.0072 4696 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:54:32.0073 4696 mshidkmdf - ok
17:54:32.0081 4696 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:54:32.0081 4696 msisadrv - ok
17:54:32.0095 4696 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:54:32.0106 4696 MSiSCSI - ok
17:54:32.0108 4696 msiserver - ok
17:54:32.0128 4696 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:54:32.0128 4696 MSKSSRV - ok
17:54:32.0213 4696 MsMpSvc (157e9e498206a3366baa7e4697bdd947) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
17:54:32.0214 4696 MsMpSvc - ok
17:54:32.0222 4696 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:54:32.0222 4696 MSPCLOCK - ok
17:54:32.0227 4696 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:54:32.0228 4696 MSPQM - ok
17:54:32.0281 4696 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:54:32.0297 4696 MsRPC - ok
17:54:32.0342 4696 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:54:32.0343 4696 mssmbios - ok
17:54:32.0354 4696 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:54:32.0354 4696 MSTEE - ok
17:54:32.0360 4696 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:54:32.0361 4696 MTConfig - ok
17:54:32.0370 4696 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:54:32.0371 4696 Mup - ok
17:54:32.0431 4696 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:54:32.0441 4696 napagent - ok
17:54:32.0488 4696 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:54:32.0497 4696 NativeWifiP - ok
17:54:32.0590 4696 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:54:32.0625 4696 NDIS - ok
17:54:32.0657 4696 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:54:32.0658 4696 NdisCap - ok
17:54:32.0678 4696 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:54:32.0679 4696 NdisTapi - ok
17:54:32.0723 4696 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:54:32.0724 4696 Ndisuio - ok
17:54:32.0772 4696 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:54:32.0782 4696 NdisWan - ok
17:54:32.0821 4696 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:54:32.0822 4696 NDProxy - ok
17:54:32.0842 4696 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:54:32.0843 4696 NetBIOS - ok
17:54:32.0885 4696 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:54:32.0897 4696 NetBT - ok
17:54:32.0935 4696 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:54:32.0936 4696 Netlogon - ok
17:54:32.0972 4696 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:54:32.0985 4696 Netman - ok
17:54:33.0092 4696 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:54:33.0103 4696 NetMsmqActivator - ok
17:54:33.0105 4696 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:54:33.0106 4696 NetPipeActivator - ok
17:54:33.0132 4696 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:54:33.0150 4696 netprofm - ok
17:54:33.0224 4696 netr28x (d66596db0a0739a89c25b590ce36d628) C:\Windows\system32\DRIVERS\netr28x.sys
17:54:33.0239 4696 netr28x - ok
17:54:33.0333 4696 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:54:33.0334 4696 NetTcpActivator - ok
17:54:33.0336 4696 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:54:33.0336 4696 NetTcpPortSharing - ok
17:54:33.0377 4696 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:54:33.0378 4696 nfrd960 - ok
17:54:33.0415 4696 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:54:33.0419 4696 NisDrv - ok
17:54:33.0499 4696 NisSrv (566ddd5d82520da01d75f81428ac4c38) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
17:54:33.0514 4696 NisSrv - ok
17:54:33.0570 4696 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:54:33.0582 4696 NlaSvc - ok
17:54:33.0606 4696 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:54:33.0607 4696 Npfs - ok
17:54:33.0633 4696 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:54:33.0634 4696 nsi - ok
17:54:33.0648 4696 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:54:33.0649 4696 nsiproxy - ok
17:54:33.0776 4696 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
17:54:33.0808 4696 Ntfs - ok
17:54:33.0901 4696 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:54:33.0902 4696 Null - ok
17:54:33.0927 4696 nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
17:54:33.0929 4696 nusb3hub - ok
17:54:33.0955 4696 nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:54:33.0964 4696 nusb3xhc - ok
17:54:34.0017 4696 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
17:54:34.0025 4696 NVHDA - ok
17:54:34.0569 4696 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:54:34.0809 4696 nvlddmkm - ok
17:54:34.0925 4696 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
17:54:34.0930 4696 nvraid - ok
17:54:34.0949 4696 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
17:54:34.0960 4696 nvstor - ok
17:54:35.0044 4696 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
17:54:35.0079 4696 nvsvc - ok
17:54:35.0218 4696 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
17:54:35.0262 4696 nvUpdatusService - ok
17:54:35.0395 4696 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:54:35.0400 4696 nv_agp - ok
17:54:35.0417 4696 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:54:35.0418 4696 ohci1394 - ok
17:54:35.0451 4696 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:54:35.0465 4696 p2pimsvc - ok
17:54:35.0500 4696 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:54:35.0517 4696 p2psvc - ok
17:54:35.0534 4696 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:54:35.0540 4696 Parport - ok
17:54:35.0579 4696 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:54:35.0580 4696 partmgr - ok
17:54:35.0598 4696 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:54:35.0610 4696 PcaSvc - ok
17:54:35.0649 4696 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:54:35.0661 4696 pci - ok
17:54:35.0673 4696 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:54:35.0674 4696 pciide - ok
17:54:35.0700 4696 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:54:35.0711 4696 pcmcia - ok
17:54:35.0727 4696 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:54:35.0728 4696 pcw - ok
17:54:35.0763 4696 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:54:35.0781 4696 PEAUTH - ok
17:54:35.0877 4696 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:54:35.0909 4696 PeerDistSvc - ok
17:54:35.0994 4696 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:54:35.0995 4696 PerfHost - ok
17:54:36.0207 4696 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:54:36.0239 4696 pla - ok
17:54:36.0287 4696 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:54:36.0304 4696 PlugPlay - ok
17:54:36.0315 4696 PnkBstrA - ok
17:54:36.0329 4696 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:54:36.0330 4696 PNRPAutoReg - ok
17:54:36.0360 4696 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:54:36.0361 4696 PNRPsvc - ok
17:54:36.0413 4696 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:54:36.0426 4696 PolicyAgent - ok
17:54:36.0460 4696 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:54:36.0471 4696 Power - ok
17:54:36.0537 4696 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:54:36.0549 4696 PptpMiniport - ok
17:54:36.0572 4696 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:54:36.0574 4696 Processor - ok
17:54:36.0614 4696 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:54:36.0622 4696 ProfSvc - ok
17:54:36.0642 4696 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:54:36.0643 4696 ProtectedStorage - ok
17:54:36.0685 4696 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:54:36.0688 4696 Psched - ok
17:54:36.0780 4696 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:54:36.0814 4696 ql2300 - ok
17:54:36.0901 4696 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:54:36.0907 4696 ql40xx - ok
17:54:36.0932 4696 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:54:36.0942 4696 QWAVE - ok
17:54:36.0951 4696 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:54:36.0952 4696 QWAVEdrv - ok
17:54:36.0960 4696 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:54:36.0960 4696 RasAcd - ok
17:54:36.0977 4696 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:54:36.0978 4696 RasAgileVpn - ok
17:54:37.0000 4696 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:54:37.0006 4696 RasAuto - ok
17:54:37.0043 4696 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:54:37.0048 4696 Rasl2tp - ok
17:54:37.0102 4696 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:54:37.0118 4696 RasMan - ok
17:54:37.0139 4696 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:54:37.0143 4696 RasPppoe - ok
17:54:37.0163 4696 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:54:37.0169 4696 RasSstp - ok
17:54:37.0215 4696 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:54:37.0224 4696 rdbss - ok
17:54:37.0242 4696 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:54:37.0242 4696 rdpbus - ok
17:54:37.0264 4696 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:54:37.0265 4696 RDPCDD - ok
17:54:37.0313 4696 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:54:37.0326 4696 RDPDR - ok
17:54:37.0360 4696 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:54:37.0361 4696 RDPENCDD - ok
17:54:37.0371 4696 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:54:37.0373 4696 RDPREFMP - ok
17:54:37.0436 4696 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
17:54:37.0437 4696 RdpVideoMiniport - ok
17:54:37.0478 4696 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:54:37.0486 4696 RDPWD - ok
17:54:37.0510 4696 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:54:37.0519 4696 rdyboost - ok
17:54:37.0547 4696 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:54:37.0551 4696 RemoteAccess - ok
17:54:37.0583 4696 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:54:37.0594 4696 RemoteRegistry - ok
17:54:37.0631 4696 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:54:37.0640 4696 RFCOMM - ok
17:54:37.0652 4696 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:54:37.0654 4696 RpcEptMapper - ok
17:54:37.0673 4696 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:54:37.0674 4696 RpcLocator - ok
17:54:37.0732 4696 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:54:37.0734 4696 RpcSs - ok
17:54:37.0761 4696 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:54:37.0762 4696 rspndr - ok
17:54:37.0829 4696 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:54:37.0840 4696 RTL8167 - ok
17:54:37.0876 4696 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:54:37.0877 4696 s3cap - ok
17:54:37.0917 4696 SaiK0CFA (acbb94340905d4596c2b10b622160d02) C:\Windows\system32\DRIVERS\SaiK0CFA.sys
17:54:37.0929 4696 SaiK0CFA - ok
17:54:37.0951 4696 SaiMini (e124bcfb55adcd4aa273e73c3d666f9f) C:\Windows\system32\DRIVERS\SaiMini.sys
17:54:37.0952 4696 SaiMini - ok
17:54:37.0988 4696 SaiNtBus (94ab59e2d3f301dc2b6ea97a027cebfa) C:\Windows\system32\drivers\SaiBus.sys
17:54:37.0989 4696 SaiNtBus - ok
17:54:38.0006 4696 SaiU0CFA (c4541b918865b015e4b04416e456aab7) C:\Windows\system32\DRIVERS\SaiU0CFA.sys
17:54:38.0008 4696 SaiU0CFA - ok
17:54:38.0033 4696 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:54:38.0033 4696 SamSs - ok
17:54:38.0067 4696 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:54:38.0073 4696 sbp2port - ok
17:54:38.0101 4696 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:54:38.0113 4696 SCardSvr - ok
17:54:38.0142 4696 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
17:54:38.0152 4696 SCDEmu - ok
17:54:38.0181 4696 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:54:38.0182 4696 scfilter - ok
17:54:38.0262 4696 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:54:38.0286 4696 Schedule - ok
17:54:38.0324 4696 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:54:38.0324 4696 SCPolicySvc - ok
17:54:38.0369 4696 ScreamBAudioSvc (8b56bdce6a303dde63d63440d1cf9ad1) C:\Windows\system32\drivers\ScreamingBAudio64.sys
17:54:38.0370 4696 ScreamBAudioSvc - ok
17:54:38.0408 4696 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:54:38.0418 4696 SDRSVC - ok
17:54:38.0452 4696 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:54:38.0453 4696 secdrv - ok
17:54:38.0485 4696 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:54:38.0487 4696 seclogon - ok
17:54:38.0520 4696 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:54:38.0521 4696 SENS - ok
17:54:38.0536 4696 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:54:38.0537 4696 SensrSvc - ok
17:54:38.0557 4696 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:54:38.0558 4696 Serenum - ok
17:54:38.0591 4696 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:54:38.0596 4696 Serial - ok
17:54:38.0648 4696 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:54:38.0649 4696 sermouse - ok
17:54:38.0688 4696 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:54:38.0699 4696 SessionEnv - ok
17:54:38.0703 4696 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:54:38.0704 4696 sffdisk - ok
17:54:38.0716 4696 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:54:38.0717 4696 sffp_mmc - ok
17:54:38.0723 4696 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:54:38.0723 4696 sffp_sd - ok
17:54:38.0742 4696 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:54:38.0742 4696 sfloppy - ok
17:54:38.0789 4696 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:54:38.0802 4696 SharedAccess - ok
17:54:38.0853 4696 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:54:38.0867 4696 ShellHWDetection - ok
17:54:38.0890 4696 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:54:38.0891 4696 SiSRaid2 - ok
17:54:38.0904 4696 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:54:38.0905 4696 SiSRaid4 - ok
17:54:38.0931 4696 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:54:38.0937 4696 Smb - ok
17:54:38.0967 4696 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:54:38.0968 4696 SNMPTRAP - ok
17:54:38.0973 4696 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:54:38.0974 4696 spldr - ok
17:54:39.0032 4696 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:54:39.0048 4696 Spooler - ok
17:54:39.0218 4696 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:54:39.0289 4696 sppsvc - ok
17:54:39.0373 4696 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:54:39.0375 4696 sppuinotify - ok
17:54:39.0434 4696 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\system32\Drivers\sptd.sys
17:54:39.0434 4696 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34f974f8b3c86de03a30dcbe79091c97
17:54:39.0441 4696 sptd ( LockedFile.Multi.Generic ) - warning
17:54:39.0442 4696 sptd - detected LockedFile.Multi.Generic (1)
17:54:39.0478 4696 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:54:39.0493 4696 srv - ok
17:54:39.0519 4696 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:54:39.0530 4696 srv2 - ok
17:54:39.0556 4696 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:54:39.0565 4696 srvnet - ok
17:54:39.0612 4696 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:54:39.0621 4696 SSDPSRV - ok
17:54:39.0633 4696 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:54:39.0635 4696 SstpSvc - ok
17:54:39.0673 4696 Steam Client Service - ok
17:54:39.0776 4696 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:54:39.0790 4696 Stereo Service - ok
17:54:39.0811 4696 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:54:39.0812 4696 stexstor - ok
17:54:39.0886 4696 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:54:39.0899 4696 stisvc - ok
17:54:39.0948 4696 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:54:39.0949 4696 storflt - ok
17:54:39.0978 4696 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:54:39.0979 4696 storvsc - ok
17:54:40.0005 4696 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:54:40.0006 4696 swenum - ok
17:54:40.0051 4696 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:54:40.0069 4696 swprv - ok
17:54:40.0076 4696 Synth3dVsc - ok
17:54:40.0192 4696 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:54:40.0231 4696 SysMain - ok
17:54:40.0318 4696 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:54:40.0324 4696 TabletInputService - ok
17:54:40.0368 4696 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:54:40.0377 4696 TapiSrv - ok
17:54:40.0401 4696 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:54:40.0403 4696 TBS - ok
17:54:40.0526 4696 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:54:40.0565 4696 Tcpip - ok
17:54:40.0721 4696 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:54:40.0729 4696 TCPIP6 - ok
17:54:40.0803 4696 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:54:40.0804 4696 tcpipreg - ok
17:54:40.0827 4696 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:54:40.0828 4696 TDPIPE - ok
17:54:40.0835 4696 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:54:40.0836 4696 TDTCP - ok
17:54:40.0870 4696 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:54:40.0876 4696 tdx - ok
17:54:40.0909 4696 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:54:40.0910 4696 TermDD - ok
17:54:40.0971 4696 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:54:40.0990 4696 TermService - ok
17:54:41.0012 4696 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:54:41.0013 4696 Themes - ok
17:54:41.0042 4696 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:54:41.0043 4696 THREADORDER - ok
17:54:41.0060 4696 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:54:41.0064 4696 TrkWks - ok
17:54:41.0121 4696 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:54:41.0128 4696 TrustedInstaller - ok
17:54:41.0165 4696 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:54:41.0167 4696 tssecsrv - ok
17:54:41.0203 4696 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:54:41.0204 4696 TsUsbFlt - ok
17:54:41.0206 4696 tsusbhub - ok
17:54:41.0251 4696 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:54:41.0255 4696 tunnel - ok
17:54:41.0276 4696 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:54:41.0278 4696 uagp35 - ok
17:54:41.0332 4696 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:54:41.0345 4696 udfs - ok
17:54:41.0373 4696 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:54:41.0375 4696 UI0Detect - ok
17:54:41.0423 4696 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:54:41.0424 4696 uliagpkx - ok
17:54:41.0445 4696 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:54:41.0446 4696 umbus - ok
17:54:41.0476 4696 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:54:41.0477 4696 UmPass - ok
17:54:41.0521 4696 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:54:41.0529 4696 UmRdpService - ok
17:54:41.0568 4696 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:54:41.0576 4696 upnphost - ok
17:54:41.0616 4696 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:54:41.0621 4696 usbaudio - ok
17:54:41.0665 4696 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
17:54:41.0669 4696 usbccgp - ok
17:54:41.0695 4696 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:54:41.0699 4696 usbcir - ok
17:54:41.0735 4696 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
17:54:41.0736 4696 usbehci - ok
17:54:41.0760 4696 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
17:54:41.0770 4696 usbhub - ok
17:54:41.0802 4696 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
17:54:41.0803 4696 usbohci - ok
17:54:41.0830 4696 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:54:41.0831 4696 usbprint - ok
17:54:41.0871 4696 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:54:41.0872 4696 usbscan - ok
17:54:41.0909 4696 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:54:41.0916 4696 USBSTOR - ok
17:54:41.0935 4696 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
17:54:41.0936 4696 usbuhci - ok
17:54:41.0950 4696 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:54:41.0952 4696 UxSms - ok
17:54:41.0973 4696 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:54:41.0974 4696 VaultSvc - ok
17:54:42.0019 4696 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:54:42.0020 4696 vdrvroot - ok
17:54:42.0083 4696 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:54:42.0099 4696 vds - ok
17:54:42.0119 4696 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:54:42.0120 4696 vga - ok
17:54:42.0127 4696 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:54:42.0128 4696 VgaSave - ok
17:54:42.0134 4696 VGPU - ok
17:54:42.0159 4696 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:54:42.0167 4696 vhdmp - ok
17:54:42.0178 4696 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:54:42.0179 4696 viaide - ok
17:54:42.0194 4696 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:54:42.0204 4696 vmbus - ok
17:54:42.0213 4696 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:54:42.0213 4696 VMBusHID - ok
17:54:42.0242 4696 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:54:42.0243 4696 volmgr - ok
17:54:42.0295 4696 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:54:42.0306 4696 volmgrx - ok
17:54:42.0350 4696 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:54:42.0357 4696 volsnap - ok
17:54:42.0395 4696 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:54:42.0407 4696 vsmraid - ok
17:54:42.0513 4696 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:54:42.0549 4696 VSS - ok
17:54:42.0626 4696 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:54:42.0627 4696 vwifibus - ok
17:54:42.0649 4696 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:54:42.0650 4696 vwififlt - ok
17:54:42.0673 4696 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:54:42.0673 4696 vwifimp - ok
17:54:42.0712 4696 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:54:42.0729 4696 W32Time - ok
17:54:42.0742 4696 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:54:42.0743 4696 WacomPen - ok
17:54:42.0791 4696 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:54:42.0797 4696 WANARP - ok
17:54:42.0798 4696 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:54:42.0799 4696 Wanarpv6 - ok
17:54:42.0871 4696 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:54:42.0902 4696 WatAdminSvc - ok
17:54:42.0995 4696 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:54:43.0025 4696 wbengine - ok
17:54:43.0111 4696 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:54:43.0122 4696 WbioSrvc - ok
17:54:43.0175 4696 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:54:43.0191 4696 wcncsvc - ok
17:54:43.0204 4696 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:54:43.0206 4696 WcsPlugInService - ok
17:54:43.0245 4696 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:54:43.0246 4696 Wd - ok
17:54:43.0284 4696 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:54:43.0301 4696 Wdf01000 - ok
17:54:43.0324 4696 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:54:43.0328 4696 WdiServiceHost - ok
17:54:43.0330 4696 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:54:43.0331 4696 WdiSystemHost - ok
17:54:43.0375 4696 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:54:43.0385 4696 WebClient - ok
17:54:43.0405 4696 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:54:43.0416 4696 Wecsvc - ok
17:54:43.0430 4696 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:54:43.0436 4696 wercplsupport - ok
17:54:43.0456 4696 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:54:43.0458 4696 WerSvc - ok
17:54:43.0489 4696 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:54:43.0490 4696 WfpLwf - ok
17:54:43.0509 4696 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:54:43.0510 4696 WIMMount - ok
17:54:43.0534 4696 WinDefend - ok
17:54:43.0537 4696 WinHttpAutoProxySvc - ok
17:54:43.0579 4696 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:54:43.0591 4696 Winmgmt - ok
17:54:43.0716 4696 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:54:43.0765 4696 WinRM - ok
17:54:43.0884 4696 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:54:43.0885 4696 WinUsb - ok
17:54:43.0943 4696 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:54:43.0962 4696 Wlansvc - ok
17:54:44.0011 4696 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:54:44.0012 4696 WmiAcpi - ok
17:54:44.0070 4696 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:54:44.0077 4696 wmiApSrv - ok
17:54:44.0126 4696 WMPNetworkSvc - ok
17:54:44.0144 4696 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:54:44.0145 4696 WPCSvc - ok
17:54:44.0177 4696 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:54:44.0189 4696 WPDBusEnum - ok
17:54:44.0213 4696 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:54:44.0214 4696 ws2ifsl - ok
17:54:44.0230 4696 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:54:44.0234 4696 wscsvc - ok
17:54:44.0236 4696 WSearch - ok
17:54:44.0365 4696 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:54:44.0424 4696 wuauserv - ok
17:54:44.0533 4696 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:54:44.0545 4696 WudfPf - ok
17:54:44.0571 4696 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:54:44.0581 4696 WUDFRd - ok
17:54:44.0612 4696 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:54:44.0615 4696 wudfsvc - ok
17:54:44.0643 4696 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:54:44.0651 4696 WwanSvc - ok
17:54:44.0725 4696 X6va005 - ok
17:54:44.0789 4696 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
17:54:44.0810 4696 xnacc - ok
17:54:44.0865 4696 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
17:54:44.0866 4696 xusb21 - ok
17:54:44.0900 4696 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:54:44.0946 4696 \Device\Harddisk0\DR0 - ok
17:54:44.0947 4696 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
17:54:44.0948 4696 \Device\Harddisk1\DR1 - ok
17:54:44.0950 4696 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
17:54:44.0951 4696 \Device\Harddisk2\DR2 - ok
17:54:44.0952 4696 Boot (0x1200) (55c514398c22b0f50f34f8def648f44a) \Device\Harddisk0\DR0\Partition0
17:54:44.0953 4696 \Device\Harddisk0\DR0\Partition0 - ok
17:54:44.0958 4696 Boot (0x1200) (ef034e6a3eaf7d9ff8a078c9f3c574d1) \Device\Harddisk0\DR0\Partition1
17:54:44.0959 4696 \Device\Harddisk0\DR0\Partition1 - ok
17:54:44.0960 4696 Boot (0x1200) (dd89921de77eafaeca32560849f426d9) \Device\Harddisk1\DR1\Partition0
17:54:44.0961 4696 \Device\Harddisk1\DR1\Partition0 - ok
17:54:44.0988 4696 Boot (0x1200) (ce4fc4e65c0c7680ab9bbc44d6dee05a) \Device\Harddisk2\DR2\Partition0
17:54:44.0990 4696 \Device\Harddisk2\DR2\Partition0 - ok
17:54:44.0990 4696 ============================================================
17:54:44.0990 4696 Scan finished
17:54:44.0990 4696 ============================================================
17:54:44.0994 4540 Detected object count: 1
17:54:44.0994 4540 Actual detected object count: 1
17:55:01.0095 4540 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:55:01.0095 4540 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
shelf life
2012-05-01, 23:23
Nothing in there to worry about. May has well get one more tool as another check:
Please download aswmbr.exe (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
Ciythog127
2012-05-02, 15:24
aswmbr log...
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-02 06:22:43
-----------------------------
06:22:43.619 OS Version: Windows x64 6.1.7601 Service Pack 1
06:22:43.619 Number of processors: 8 586 0x2A07
06:22:43.619 ComputerName: RESOLLIFE UserName: David
06:22:44.443 Initialize success
06:22:56.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-6
06:22:56.908 Disk 0 Vendor: ST3160815AS 3.ADA Size: 152587MB BusType: 11
06:22:56.909 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP6T0L0-8
06:22:56.910 Disk 1 Vendor: Maxtor_6B200M0 BANC1B70 Size: 194481MB BusType: 11
06:22:56.911 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP7T0L0-9
06:22:56.912 Disk 2 Vendor: ST3500418AS CC46 Size: 476940MB BusType: 11
06:22:56.916 Disk 0 MBR read successfully
06:22:56.917 Disk 0 MBR scan
06:22:56.919 Disk 0 Windows 7 default MBR code
06:22:56.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
06:22:56.932 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152485 MB offset 206848
06:22:56.946 Disk 0 scanning C:\Windows\system32\drivers
06:23:03.710 Service scanning
06:23:10.383 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
06:23:15.129 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
06:23:18.655 Modules scanning
06:23:18.660 Disk 0 trace - called modules:
06:23:18.673 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80070722c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
06:23:18.676 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077fb790]
06:23:18.678 3 CLASSPNP.SYS[fffff88001b9143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-6[0xfffffa8007538680]
06:23:18.687 \Driver\atapi[0xfffffa800752ce70] -> IRP_MJ_CREATE -> 0xfffffa80070722c0
06:23:18.693 Scan finished successfully
06:23:28.915 Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat"
06:23:28.919 The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"
shelf life
2012-05-02, 23:26
That all looks ok. The sptd file can be installed with various CD/DVD software.
You can delete the tdsskiller and aswmbr icons and there logs.
Combofix can be removed like this:
Start>type in the search box: combofix /uninstall
click ok or enter
note the space after the x and before the /
If all is good on your part, for your reference:
10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.
No software can think for you. Help yourself. In no special order:
1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) frequently or use the Windows auto-update feature. (http://www.microsoft.com/windows/downloads/windowsupdate/automaticupdate.mspx) Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes, media players, browser plugins and add-ons. More and more third party applications are being targeted. Not sure if you are using the latest version of software? Check their version status and get the updates here. (http://secunia.com/vulnerability_scanning/online/)
2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.malwarevault.com/signs.html)that you may have malware on your computer.
3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.
4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks (http://www.fraud.org/tips/internet/phishing.htm).
5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.
6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?
7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Vista and Windows 7&8 attempt to address.
8) Install and understand the *limitations* of a software firewall.
9) The why and how to secure (http://www.cert.org/tech_tips/securing_browser/) your browser for safer surfing.
10) Warez, cracks, keygens etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p, (another vector for malware) networks you will encounter malware. A file can be named anything, be nothing but malware or have malware bundled in it.
Do you really trust the source?
More info/tips with pictures in links below.
Happy Safe Surfing.
Ciythog127
2012-05-02, 23:31
Thank you muchly for all your help...
-Dave
shelf life
2012-05-02, 23:39
Your welcome. Happy safe surfing out there.