Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

TR/ATRAPS.Gen2/consrv.dll

Started by hollow9mm , May 05 2012 11:36 AM

This topic is locked

16 replies to this topic

#1 hollow9mm

New Member

Members
8 posts

Posted 05 May 2012 - 11:36 AM

Hello and thank you for taking the time to read and help me with this problem.

I went to enable my peerblock program earlier today and it told me that I needed base filtering engine enabled. I went to services and tried to enable it and it was not there. I searched around and found a reg entry to re-enable it. I did that and when I went to try and start it this time it was there but It gave me ERROR #5 Acesses Denied. I Looked up this error and most searches ended up with some kind of a virus as the culprit. I checked my Avira's real time logs and It has blocked TR/ATRAPS.Gen2 several times. I have tried to remove it quite a few times now and nothing I try has worked. It keeps coming back. I don't know exactly what it is doing to my system since I have not noticed any performance loss or redirects. But I would like it to be removed. If anyone could help me, I would be very much appreciative.

DDS.txt 22.66K 3 downloads

Attach.txt 9.83K 0 downloads

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by Hurr at 11:24:10 on 2012-05-05
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4541 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
E:\Program Files\Steam\Steam.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Winamp\winamp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "E:\Program Files\Steam\steam.exe" -silent
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
dRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMBalloonTip = 1 (0x1)
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{DBEFBA17-3A09-4AF4-B76B-0E8E02E07CF0} : DhcpNameServer = 192.168.1.254
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hurr\AppData\Roaming\Mozilla\Firefox\Profiles\7xlwiilx.default\
FF - prefs.js: browser.startup.homepage - www.bing.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Hurr\AppData\Roaming\Mozilla\Firefox\Profiles\7xlwiilx.default\extensions\npretoxstable@stable.heroesandgenerals.com\plugins\npretoxstable.dll
FF - plugin: C:\Windows\system32\C2MP\npdivx32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-14 361984]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-11-22 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-11-22 110032]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-5 654408]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-25 253088]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-4-8 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-4-8 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 129976]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-8-20 24176]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-1-31 735080]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-05 14:05:25 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-05 14:05:25 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-05-05 14:05:25 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-05 14:05:25 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-05 14:05:25 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-05 14:05:25 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-05 14:05:24 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-05 13:49:03 -------- d-----w- C:\Windows\CheckSur
2012-05-05 13:01:52 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-05-05 13:01:46 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2012-05-05 12:56:34 -------- d-----w- C:\Users\Hurr\AppData\Roaming\Malwarebytes
2012-05-05 12:56:30 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-05 12:56:29 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-05 12:56:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-04 19:09:26 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-04 19:09:25 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-04 19:09:25 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-02 16:41:37 -------- d-----w- C:\Users\Hurr\AppData\Local\SniperV2
2012-05-01 01:31:46 -------- d-----w- C:\$$current$$
2012-04-30 07:01:09 -------- d-----w- C:\ProgramData\Fallout2
2012-04-28 10:11:16 -------- d-----w- C:\Program Files (x86)\GOG.com
2012-04-26 01:14:01 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-22 08:22:14 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-04-22 08:22:11 -------- d-----w- C:\Program Files\AMD
2012-04-22 08:22:11 -------- d-----w- C:\Program Files (x86)\AMD
2012-04-22 08:22:09 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-04-22 07:31:56 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-04-22 07:31:40 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-04-22 07:31:25 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-04-22 07:31:24 327680 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-04-22 07:30:58 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-04-22 07:30:43 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-04-22 07:30:36 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-04-22 07:30:34 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-04-22 07:30:27 7551488 ----a-w- C:\Windows\System32\atiumd64.dll
2012-04-22 07:30:27 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2012-04-22 07:29:58 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-04-22 07:29:53 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-04-22 07:29:41 95248 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2012-04-22 07:29:37 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-04-22 07:29:29 496128 ----a-w- C:\Windows\System32\atieclxx.exe
2012-04-22 07:29:29 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-04-22 07:29:12 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-04-22 07:29:12 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-04-22 07:28:55 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-04-22 07:28:55 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-04-22 07:28:55 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-04-22 07:28:55 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-04-21 07:00:39 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-04-20 20:51:05 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-04-20 20:41:45 -------- d-----w- C:\ProgramData\Battle.net
2012-04-19 22:46:03 -------- d-----w- C:\Users\Hurr\AppData\Local\SniperV2 Demo
2012-04-13 05:55:19 -------- d-----w- C:\Program Files (x86)\Wakfu
2012-04-08 12:45:24 7062 ----a-w- C:\Windows\SysWow64\audiopid.vxd
2012-04-08 12:44:52 -------- d-----w- C:\Program Files (x86)\Common Files\Creative
2012-04-08 12:44:50 -------- d--h--w- C:\Program Files (x86)\Creative Installation Information
2012-04-08 12:44:20 102400 ----a-w- C:\Windows\SysWow64\cttele32.dll
2012-04-08 12:43:06 -------- d-----w- C:\Windows\SysWow64\Data
2012-04-08 12:42:21 -------- d-----w- C:\Program Files (x86)\Common Files\Creative Labs Shared
2012-04-08 12:42:06 -------- d-----w- C:\Program Files\Creative
2012-04-08 12:40:53 -------- d-----w- C:\Program Files (x86)\Creative
2012-04-08 12:10:21 -------- d-----w- C:\Program Files (x86)\Phyxion.net
.
==================== Find3M ====================
.
2012-04-26 01:14:01 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-22 07:33:14 25839104 ----a-w- C:\Windows\System32\atio6axx.dll
2012-04-22 07:33:07 10856960 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-04-22 07:31:23 957952 ----a-w- C:\Windows\System32\aticfx64.dll
2012-04-22 07:31:01 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-04-22 07:30:56 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-04-22 07:30:27 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-04-22 07:30:11 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
2012-04-22 07:29:49 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-04-22 07:29:45 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-04-22 07:29:39 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-04-22 07:29:06 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-04-12 00:52:40 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-04-12 00:52:40 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-04-08 23:18:51 794408 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-04-08 23:18:51 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-04-08 12:44:15 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-04-08 12:44:15 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-04-08 12:44:15 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-04-08 12:44:15 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-03-27 08:14:22 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-02-28 06:49:50 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2012-02-28 06:35:54 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:33:03 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-02-28 05:40:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 05:38:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-02-28 05:17:41 482816 ----a-w- C:\Windows\System32\html.iec
2012-02-28 04:35:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 04:31:46 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-02-28 03:57:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-18 19:23:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-15 03:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-02-15 03:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-02-15 03:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-02-15 03:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-02-15 03:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll
2012-02-15 03:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-02-15 03:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-02-15 03:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
.
============= FINISH: 11:24:55.98 ===============

Edited by Noviciate, 05 May 2012 - 02:07 PM.
DDS added from attachment.

BC Ads
BleepingComputer.com

#2 gringo_pr

Bleepin Gringo

Malware Response Team
120,587 posts

Gender:Male
Location:Puerto rico

Posted 05 May 2012 - 02:37 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

Download Security Check by screen317 from here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

#3 hollow9mm

New Member

Members
8 posts

Posted 05 May 2012 - 04:20 PM

Results of screen317's Security Check version 0.99.32
x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Avira Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Java™ 6 Update 31
Adobe Reader X (10.1.1)
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

ComboFix 12-05-05.06 - Hurr 05/05/2012 16:04:41.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4609 [GMT -5:00]
Running from: c:\users\Hurr\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-05 21:08 . 2012-05-05 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-05 14:05 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-05 14:05 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-05 14:05 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-05 14:05 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-05 14:05 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-05 14:05 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-05 14:05 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-05 13:49 . 2012-05-05 13:49 -------- d-----w- c:\windows\CheckSur
2012-05-05 13:01 . 2012-05-05 13:01 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-05-05 13:01 . 2012-05-05 13:01 -------- d-----w- c:\program files (x86)\Tweaking.com
2012-05-05 12:56 . 2012-05-05 12:56 -------- d-----w- c:\users\Hurr\AppData\Roaming\Malwarebytes
2012-05-05 12:56 . 2012-05-05 12:56 -------- d-----w- c:\programdata\Malwarebytes
2012-05-05 12:56 . 2012-05-05 12:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-05 12:56 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-04 19:09 . 2012-05-04 19:09 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-04 19:09 . 2012-05-04 19:09 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-04 19:09 . 2012-05-04 19:09 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-02 16:41 . 2012-05-02 16:43 -------- d-----w- c:\users\Hurr\AppData\Local\SniperV2
2012-05-01 01:31 . 2012-05-02 12:51 -------- d-----w- C:\$$current$$
2012-04-30 07:01 . 2012-04-30 07:01 -------- d-----w- c:\programdata\Fallout2
2012-04-28 10:11 . 2012-04-30 12:38 -------- d-----w- c:\program files (x86)\GOG.com
2012-04-26 01:14 . 2012-04-26 01:14 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-22 08:27 . 2012-04-22 08:27 -------- d-----w- c:\programdata\ATI
2012-04-22 08:22 . 2012-04-22 08:22 -------- d-----w- c:\program files (x86)\AMD AVT
2012-04-22 08:22 . 2012-04-22 08:22 -------- d-----w- c:\program files\AMD
2012-04-22 08:22 . 2012-04-22 08:22 -------- d-----w- c:\program files (x86)\AMD
2012-04-22 08:22 . 2012-04-22 08:22 -------- d-----w- c:\program files (x86)\AMD APP
2012-04-22 07:31 . 2012-04-22 07:31 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-22 07:31 . 2012-04-22 07:31 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-22 07:31 . 2012-04-22 07:31 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-22 07:31 . 2012-04-22 07:31 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-22 07:30 . 2012-04-22 07:31 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-22 07:30 . 2012-04-22 07:30 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-22 07:30 . 2012-04-22 07:30 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-22 07:30 . 2012-04-22 07:30 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-22 07:30 . 2012-04-22 07:30 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-22 07:30 . 2012-04-22 07:30 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-22 07:29 . 2012-04-22 07:30 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-22 07:29 . 2012-04-22 07:31 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-22 07:29 . 2012-04-22 07:29 95248 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2012-04-22 07:29 . 2012-04-22 07:29 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-22 07:29 . 2012-04-22 07:29 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-22 07:29 . 2012-04-22 07:29 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-22 07:29 . 2012-04-22 07:29 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-22 07:29 . 2012-04-22 07:29 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-22 07:28 . 2012-04-22 07:29 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-22 07:28 . 2012-04-22 07:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-22 07:28 . 2012-04-22 07:28 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-22 07:28 . 2012-04-22 07:28 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-21 07:00 . 2012-04-21 07:00 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-04-20 20:51 . 2012-04-20 20:51 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-04-20 20:41 . 2012-04-20 20:42 -------- d-----w- c:\programdata\Battle.net
2012-04-19 22:46 . 2012-04-19 22:47 -------- d-----w- c:\users\Hurr\AppData\Local\SniperV2 Demo
2012-04-13 05:55 . 2012-04-17 07:35 -------- d-----w- c:\program files (x86)\Wakfu
2012-04-09 18:03 . 2012-04-09 18:03 -------- d-----w- c:\users\Hurr\AppData\Roaming\Media Player Classic
2012-04-08 12:54 . 2012-04-08 12:54 -------- d-----w- c:\users\Hurr\AppData\Roaming\Creative
2012-04-08 12:45 . 2003-06-13 04:25 7062 ----a-w- c:\windows\SysWow64\audiopid.vxd
2012-04-08 12:44 . 2012-04-08 12:44 -------- d-----w- c:\program files (x86)\Common Files\Creative
2012-04-08 12:44 . 2012-04-08 12:44 -------- d--h--w- c:\program files (x86)\Creative Installation Information
2012-04-08 12:44 . 2008-02-04 15:27 102400 ----a-w- c:\windows\SysWow64\cttele32.dll
2012-04-08 12:43 . 2012-04-08 12:44 -------- d-----w- c:\windows\SysWow64\Data
2012-04-08 12:42 . 2012-04-08 12:42 -------- d-----w- c:\program files (x86)\Common Files\Creative Labs Shared
2012-04-08 12:42 . 2012-04-08 12:47 -------- d-----w- c:\program files\Creative
2012-04-08 12:40 . 2012-04-08 12:48 -------- d-----w- c:\program files (x86)\Creative
2012-04-08 12:10 . 2012-04-08 12:10 -------- d-----w- c:\program files (x86)\Phyxion.net
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 01:14 . 2011-08-20 02:44 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-22 07:32 . 2011-12-26 09:22 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-22 07:32 . 2011-12-26 09:21 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-22 07:31 . 2011-07-28 21:39 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-22 07:31 . 2011-07-28 21:01 58880 ----a-w- c:\windows\system32\coinst.dll
2012-04-22 07:30 . 2011-12-26 09:24 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-22 07:30 . 2011-12-26 09:23 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-22 07:30 . 2011-07-28 21:20 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-22 07:29 . 2011-10-26 01:21 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-22 07:29 . 2011-07-28 20:53 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-22 07:29 . 2011-12-26 09:24 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-22 07:29 . 2011-07-28 20:53 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-12 00:52 . 2011-09-09 02:53 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-12 00:52 . 2011-09-04 22:51 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-08 23:18 . 2011-10-27 03:13 794408 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-04-08 23:18 . 2011-09-04 22:51 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-08 12:44 . 2011-08-20 00:04 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-04-08 12:44 . 2011-08-20 00:04 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-04-08 12:44 . 2011-08-20 00:04 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2012-04-08 12:44 . 2011-08-20 00:04 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-03-27 08:14 . 2011-09-04 22:51 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-02-28 06:49 . 2011-09-16 09:44 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-18 19:23 . 2011-08-26 16:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-16 02:37 . 2011-11-23 02:38 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-15 06:27 . 2012-03-14 07:35 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 07:35 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 07:35 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 07:35 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 03:05 . 2012-02-15 03:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-15 03:05 . 2012-02-15 03:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-15 03:05 . 2012-02-15 03:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-15 03:05 . 2012-02-15 03:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-15 03:05 . 2012-02-15 03:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-15 03:04 . 2012-02-15 03:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-15 03:03 . 2012-02-15 03:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-15 03:03 . 2012-02-15 03:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-10 06:18 . 2012-03-14 07:41 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 06:17 . 2012-03-14 07:41 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 06:17 . 2012-03-14 07:41 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-10 06:17 . 2012-03-14 07:41 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 06:17 . 2012-03-14 07:41 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 07:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 05:41 . 2012-03-14 07:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-14 07:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 07:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-10 05:41 . 2012-03-14 07:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Steam"="e:\program files\Steam\steam.exe" [2012-02-23 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-01-12 37888]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"VolPanel"="c:\program files (x86)\Creative\Volume Panel\VolPanlu.exe" [2010-02-18 241789]
"CTxfiHlp"="CTXFIHLP.EXE" [2011-08-22 25600]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 253088]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-04-08 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-04-08 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-02-09 735080]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-15 361984]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 01:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Hurr\AppData\Roaming\Mozilla\Firefox\Profiles\7xlwiilx.default\
FF - prefs.js: browser.startup.homepage - www.bing.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2149505465-312763643-1046854565-1001\Software\SecuROM\License information*]
"datasecu"=hex:70,3e,ed,f9,18,2c,97,b8,03,3b,f4,d3,7e,4a,b6,71,72,e4,02,d4,3d,
a5,98,1c,fe,b5,a9,d2,55,15,b0,d0,37,f5,ea,ef,83,e3,a9,6f,bb,4e,89,be,f8,9c,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\Ctxfihlp.exe
c:\windows\SysWOW64\CTXFISPI.EXE
.
**************************************************************************
.
Completion time: 2012-05-05 16:14:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-05 21:14
.
Pre-Run: 250,310,983,680 bytes free
Post-Run: 250,334,076,928 bytes free
.
- - End Of File - - 438E8051A62FFD2C70E57D650A62E1AB

When I ran combofix it still said my Avira was activated. I followed the instructions to disable but it still said it was detected.

As far as how my computer is doing. It is exactly the same so far, except it said firefox wasnt my default browser when I used it just now. Like I said before though, I never even noticed I had the virus till a bit ago, its not slowing my pc at all and I havent had any redirects or popups.

EDIT: I just checked and I can acesses my Base filtering engine and windows firewall now. I can also run peerblock now when before I could not due to not having my Base Filtering Engine service started due to the Error #5 Acesses Denied.

Edited by hollow9mm, 05 May 2012 - 04:24 PM.

#4 gringo_pr

Bleepin Gringo

Malware Response Team
120,587 posts

Gender:Male
Location:Puerto rico

Posted 05 May 2012 - 05:33 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

#5 hollow9mm

New Member

Members
8 posts

Posted 05 May 2012 - 06:26 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-05 18:08:10
-----------------------------
18:08:10.597 OS Version: Windows x64 6.1.7600
18:08:10.597 Number of processors: 4 586 0x402
18:08:10.597 ComputerName: DURR UserName: Hurr
18:08:11.579 Initialize success
18:09:54.933 AVAST engine defs: 12050501
18:10:02.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:10:02.062 Disk 0 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 3
18:10:02.078 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
18:10:02.078 Disk 1 Vendor: ST3750640AS 3.AAE Size: 715404MB BusType: 3
18:10:02.093 Disk 0 MBR read successfully
18:10:02.093 Disk 0 MBR scan
18:10:02.093 Disk 0 Windows 7 default MBR code
18:10:02.109 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:10:02.109 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
18:10:02.124 Disk 0 scanning C:\Windows\system32\drivers
18:10:10.205 Service scanning
18:10:26.351 Modules scanning
18:10:26.351 Disk 0 trace - called modules:
18:10:26.850 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:10:26.850 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006245060]
18:10:26.866 3 CLASSPNP.SYS[fffff8800108743f] -> nt!IofCallDriver -> [0xfffffa80060d8940]
18:10:26.866 5 ACPI.sys[fffff88000f54781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80061a8060]
18:10:28.005 AVAST engine scan C:\Windows
18:10:31.874 AVAST engine scan C:\Windows\system32
18:13:56.406 AVAST engine scan C:\Windows\system32\drivers
18:14:05.032 AVAST engine scan C:\Users\Hurr
18:16:46.524 File: C:\Users\Hurr\AppData\Roaming\Adobe\Flash Player\NativeCache\87751633C509CE0559A2FCA8D73AC9CC\40e357a1\adobecp-200489-1.dll **INFECTED** Win32:Malware-gen
18:18:23.462 AVAST engine scan C:\ProgramData
18:19:13.741 Scan finished successfully
18:20:11.884 Disk 0 MBR has been saved successfully to "C:\Users\Hurr\Desktop\MBR.dat"
18:20:11.899 The log file has been saved successfully to "C:\Users\Hurr\Desktop\aswMBR.txt"

18:24:51.0326 4152 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
18:24:51.0747 4152 ============================================================
18:24:51.0747 4152 Current date / time: 2012/05/05 18:24:51.0747
18:24:51.0747 4152 SystemInfo:
18:24:51.0747 4152
18:24:51.0747 4152 OS Version: 6.1.7600 ServicePack: 0.0
18:24:51.0747 4152 Product type: Workstation
18:24:51.0747 4152 ComputerName: DURR
18:24:51.0763 4152 UserName: Hurr
18:24:51.0763 4152 Windows directory: C:\Windows
18:24:51.0763 4152 System windows directory: C:\Windows
18:24:51.0763 4152 Running under WOW64
18:24:51.0763 4152 Processor architecture: Intel x64
18:24:51.0763 4152 Number of processors: 4
18:24:51.0763 4152 Page size: 0x1000
18:24:51.0763 4152 Boot type: Normal boot
18:24:51.0763 4152 ============================================================
18:24:52.0153 4152 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:24:52.0153 4152 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:24:52.0184 4152 ============================================================
18:24:52.0184 4152 \Device\Harddisk0\DR0:
18:24:52.0184 4152 MBR partitions:
18:24:52.0184 4152 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:24:52.0184 4152 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
18:24:52.0184 4152 \Device\Harddisk1\DR1:
18:24:52.0184 4152 MBR partitions:
18:24:52.0184 4152 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000
18:24:52.0184 4152 ============================================================
18:24:52.0215 4152 C: <-> \Device\Harddisk0\DR0\Partition1
18:24:52.0231 4152 E: <-> \Device\Harddisk1\DR1\Partition0
18:24:52.0231 4152 ============================================================
18:24:52.0231 4152 Initialize success
18:24:52.0231 4152 ============================================================
18:24:54.0836 4280 ============================================================
18:24:54.0836 4280 Scan started
18:24:54.0836 4280 Mode: Manual;
18:24:54.0836 4280 ============================================================
18:24:55.0585 4280 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:24:55.0585 4280 1394ohci - ok
18:24:55.0616 4280 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:24:55.0616 4280 ACPI - ok
18:24:55.0632 4280 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:24:55.0632 4280 AcpiPmi - ok
18:24:55.0725 4280 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:24:55.0725 4280 AdobeARMservice - ok
18:24:55.0944 4280 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:24:55.0944 4280 AdobeFlashPlayerUpdateSvc - ok
18:24:56.0006 4280 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:24:56.0006 4280 adp94xx - ok
18:24:56.0069 4280 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:24:56.0069 4280 adpahci - ok
18:24:56.0100 4280 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:24:56.0100 4280 adpu320 - ok
18:24:56.0162 4280 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:24:56.0162 4280 AeLookupSvc - ok
18:24:56.0209 4280 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
18:24:56.0209 4280 AFD - ok
18:24:56.0225 4280 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:24:56.0225 4280 agp440 - ok
18:24:56.0240 4280 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:24:56.0240 4280 ALG - ok
18:24:56.0256 4280 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:24:56.0256 4280 aliide - ok
18:24:56.0287 4280 AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe
18:24:56.0287 4280 AMD External Events Utility - ok
18:24:56.0334 4280 AMD FUEL Service - ok
18:24:56.0349 4280 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:24:56.0349 4280 amdide - ok
18:24:56.0381 4280 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
18:24:56.0381 4280 amdiox64 - ok
18:24:56.0381 4280 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:24:56.0381 4280 AmdK8 - ok
18:24:57.0254 4280 amdkmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
18:24:57.0301 4280 amdkmdag - ok
18:24:57.0457 4280 amdkmdap (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys
18:24:57.0457 4280 amdkmdap - ok
18:24:57.0488 4280 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:24:57.0488 4280 AmdPPM - ok
18:24:57.0519 4280 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
18:24:57.0519 4280 amdsata - ok
18:24:57.0551 4280 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:24:57.0551 4280 amdsbs - ok
18:24:57.0551 4280 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
18:24:57.0551 4280 amdxata - ok
18:24:57.0644 4280 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:24:57.0644 4280 AntiVirSchedulerService - ok
18:24:57.0675 4280 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:24:57.0675 4280 AntiVirService - ok
18:24:57.0722 4280 AODDriver4.01 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:24:57.0722 4280 AODDriver4.01 - ok
18:24:57.0722 4280 AODDriver4.1 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:24:57.0722 4280 AODDriver4.1 - ok
18:24:57.0738 4280 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:24:57.0738 4280 AppID - ok
18:24:57.0753 4280 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:24:57.0753 4280 AppIDSvc - ok
18:24:57.0753 4280 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
18:24:57.0753 4280 Appinfo - ok
18:24:57.0800 4280 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:24:57.0800 4280 Apple Mobile Device - ok
18:24:57.0816 4280 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
18:24:57.0831 4280 AppMgmt - ok
18:24:57.0831 4280 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:24:57.0831 4280 arc - ok
18:24:57.0847 4280 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:24:57.0847 4280 arcsas - ok
18:24:57.0956 4280 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:24:57.0956 4280 aspnet_state - ok
18:24:57.0956 4280 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:24:57.0956 4280 AsyncMac - ok
18:24:57.0972 4280 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:24:57.0972 4280 atapi - ok
18:24:58.0003 4280 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
18:24:58.0019 4280 AtiHDAudioService - ok
18:24:58.0050 4280 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:24:58.0050 4280 AtiPcie - ok
18:24:58.0097 4280 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
18:24:58.0097 4280 atksgt - ok
18:24:58.0175 4280 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:24:58.0175 4280 AudioEndpointBuilder - ok
18:24:58.0175 4280 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
18:24:58.0175 4280 AudioSrv - ok
18:24:58.0221 4280 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
18:24:58.0221 4280 avgntflt - ok
18:24:58.0253 4280 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
18:24:58.0253 4280 avipbb - ok
18:24:58.0268 4280 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:24:58.0268 4280 avkmgr - ok
18:24:58.0284 4280 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
18:24:58.0284 4280 AxInstSV - ok
18:24:58.0331 4280 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:24:58.0331 4280 b06bdrv - ok
18:24:58.0362 4280 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:24:58.0362 4280 b57nd60a - ok
18:24:58.0393 4280 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:24:58.0393 4280 Beep - ok
18:24:58.0455 4280 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
18:24:58.0471 4280 BFE - ok
18:24:58.0549 4280 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
18:24:58.0549 4280 BITS - ok
18:24:58.0596 4280 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:24:58.0596 4280 blbdrive - ok
18:24:58.0705 4280 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:24:58.0705 4280 Bonjour Service - ok
18:24:58.0736 4280 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:24:58.0736 4280 bowser - ok
18:24:58.0752 4280 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:24:58.0752 4280 BrFiltLo - ok
18:24:58.0752 4280 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:24:58.0752 4280 BrFiltUp - ok
18:24:58.0767 4280 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:24:58.0767 4280 BridgeMP - ok
18:24:58.0783 4280 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
18:24:58.0799 4280 Browser - ok
18:24:58.0830 4280 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:24:58.0830 4280 Brserid - ok
18:24:58.0845 4280 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:24:58.0845 4280 BrSerWdm - ok
18:24:58.0845 4280 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:24:58.0845 4280 BrUsbMdm - ok
18:24:58.0845 4280 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:24:58.0845 4280 BrUsbSer - ok
18:24:58.0861 4280 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:24:58.0861 4280 BTHMODEM - ok
18:24:58.0877 4280 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:24:58.0877 4280 bthserv - ok
18:24:58.0892 4280 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:24:58.0892 4280 cdfs - ok
18:24:58.0908 4280 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:24:58.0908 4280 cdrom - ok
18:24:58.0923 4280 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:24:58.0923 4280 CertPropSvc - ok
18:24:58.0939 4280 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:24:58.0939 4280 circlass - ok
18:24:58.0986 4280 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:24:58.0986 4280 CLFS - ok
18:24:59.0033 4280 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:24:59.0033 4280 clr_optimization_v2.0.50727_32 - ok
18:24:59.0064 4280 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:24:59.0064 4280 clr_optimization_v2.0.50727_64 - ok
18:24:59.0142 4280 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:24:59.0142 4280 clr_optimization_v4.0.30319_32 - ok
18:24:59.0189 4280 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:24:59.0189 4280 clr_optimization_v4.0.30319_64 - ok
18:24:59.0204 4280 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:24:59.0204 4280 CmBatt - ok
18:24:59.0220 4280 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:24:59.0220 4280 cmdide - ok
18:24:59.0267 4280 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
18:24:59.0267 4280 CNG - ok
18:24:59.0298 4280 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:24:59.0298 4280 Compbatt - ok
18:24:59.0298 4280 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:24:59.0298 4280 CompositeBus - ok
18:24:59.0298 4280 COMSysApp - ok
18:24:59.0313 4280 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:24:59.0313 4280 crcdisk - ok
18:24:59.0391 4280 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
18:24:59.0391 4280 Creative ALchemy AL6 Licensing Service - ok
18:24:59.0407 4280 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
18:24:59.0407 4280 Creative Audio Engine Licensing Service - ok
18:24:59.0423 4280 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
18:24:59.0423 4280 CryptSvc - ok
18:24:59.0469 4280 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
18:24:59.0469 4280 CSC - ok
18:24:59.0532 4280 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
18:24:59.0532 4280 CscService - ok
18:24:59.0579 4280 CT20XUT (df908dfc09a49f6f71a88e1ebfed97d6) C:\Windows\system32\drivers\CT20XUT.SYS
18:24:59.0579 4280 CT20XUT - ok
18:24:59.0594 4280 CT20XUT.SYS (df908dfc09a49f6f71a88e1ebfed97d6) C:\Windows\System32\drivers\CT20XUT.SYS
18:24:59.0594 4280 CT20XUT.SYS - ok
18:24:59.0657 4280 ctac32k (8b15225c82e7f6064d4523df494bf112) C:\Windows\system32\drivers\ctac32k.sys
18:24:59.0657 4280 ctac32k - ok
18:24:59.0719 4280 ctaud2k (80298ae72bdcf141de89cf4dd54e286a) C:\Windows\system32\drivers\ctaud2k.sys
18:24:59.0719 4280 ctaud2k - ok
18:24:59.0797 4280 CTAudSvcService (5ce3d0e1d1b3832ee052cfc442eee0fa) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
18:24:59.0797 4280 CTAudSvcService - ok
18:24:59.0891 4280 CTEXFIFX (76e301b0465f0f8d4ad50b1e21a429f2) C:\Windows\system32\drivers\CTEXFIFX.SYS
18:24:59.0906 4280 CTEXFIFX - ok
18:25:00.0140 4280 CTEXFIFX.SYS (76e301b0465f0f8d4ad50b1e21a429f2) C:\Windows\System32\drivers\CTEXFIFX.SYS
18:25:00.0140 4280 CTEXFIFX.SYS - ok
18:25:00.0218 4280 CTHWIUT (9dd0c0d2eaabb276229b0fbadbabbcde) C:\Windows\system32\drivers\CTHWIUT.SYS
18:25:00.0218 4280 CTHWIUT - ok
18:25:00.0218 4280 CTHWIUT.SYS (9dd0c0d2eaabb276229b0fbadbabbcde) C:\Windows\System32\drivers\CTHWIUT.SYS
18:25:00.0218 4280 CTHWIUT.SYS - ok
18:25:00.0234 4280 ctprxy2k (95fe230fb90aae0240ed6b5882659236) C:\Windows\system32\drivers\ctprxy2k.sys
18:25:00.0234 4280 ctprxy2k - ok
18:25:00.0265 4280 ctsfm2k (95deedac0eb4ea39e8e52c82874ecd55) C:\Windows\system32\drivers\ctsfm2k.sys
18:25:00.0265 4280 ctsfm2k - ok
18:25:00.0327 4280 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:25:00.0327 4280 DcomLaunch - ok
18:25:00.0359 4280 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:25:00.0359 4280 defragsvc - ok
18:25:00.0390 4280 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
18:25:00.0390 4280 DfsC - ok
18:25:00.0421 4280 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
18:25:00.0421 4280 Dhcp - ok
18:25:00.0437 4280 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:25:00.0452 4280 discache - ok
18:25:00.0452 4280 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:25:00.0452 4280 Disk - ok
18:25:00.0483 4280 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
18:25:00.0483 4280 Dnscache - ok
18:25:00.0515 4280 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
18:25:00.0515 4280 dot3svc - ok
18:25:00.0546 4280 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
18:25:00.0546 4280 DPS - ok
18:25:00.0577 4280 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:25:00.0577 4280 drmkaud - ok
18:25:00.0655 4280 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
18:25:00.0655 4280 DXGKrnl - ok
18:25:00.0686 4280 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
18:25:00.0686 4280 E1G60 - ok
18:25:00.0717 4280 EagleX64 - ok
18:25:00.0749 4280 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:25:00.0749 4280 EapHost - ok
18:25:01.0014 4280 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:25:01.0029 4280 ebdrv - ok
18:25:01.0139 4280 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
18:25:01.0139 4280 EFS - ok
18:25:01.0217 4280 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
18:25:01.0217 4280 ehRecvr - ok
18:25:01.0232 4280 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:25:01.0232 4280 ehSched - ok
18:25:01.0310 4280 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:25:01.0310 4280 elxstor - ok
18:25:01.0341 4280 emupia (1125e333bb0ba07ea83c13aeda00eccb) C:\Windows\system32\drivers\emupia2k.sys
18:25:01.0341 4280 emupia - ok
18:25:01.0357 4280 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:25:01.0357 4280 ErrDev - ok
18:25:01.0404 4280 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:25:01.0404 4280 EventSystem - ok
18:25:01.0435 4280 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:25:01.0435 4280 exfat - ok
18:25:01.0451 4280 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:25:01.0451 4280 fastfat - ok
18:25:01.0529 4280 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
18:25:01.0529 4280 Fax - ok
18:25:01.0544 4280 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:25:01.0544 4280 fdc - ok
18:25:01.0560 4280 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:25:01.0560 4280 fdPHost - ok
18:25:01.0560 4280 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:25:01.0575 4280 FDResPub - ok
18:25:01.0575 4280 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:25:01.0575 4280 FileInfo - ok
18:25:01.0591 4280 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:25:01.0591 4280 Filetrace - ok
18:25:01.0607 4280 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:25:01.0607 4280 flpydisk - ok
18:25:01.0638 4280 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:25:01.0638 4280 FltMgr - ok
18:25:01.0747 4280 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
18:25:01.0747 4280 FontCache - ok
18:25:01.0809 4280 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:25:01.0809 4280 FontCache3.0.0.0 - ok
18:25:01.0841 4280 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:25:01.0841 4280 FsDepends - ok
18:25:01.0856 4280 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
18:25:01.0856 4280 Fs_Rec - ok
18:25:01.0872 4280 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:25:01.0872 4280 gagp30kx - ok
18:25:01.0934 4280 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:25:01.0934 4280 GEARAspiWDM - ok
18:25:02.0012 4280 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
18:25:02.0012 4280 gpsvc - ok
18:25:02.0168 4280 ha20x2k (fb82ce21d7b134de2d270db9da646818) C:\Windows\system32\drivers\ha20x2k.sys
18:25:02.0168 4280 ha20x2k - ok
18:25:02.0324 4280 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
18:25:02.0324 4280 hamachi - ok
18:25:02.0558 4280 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
18:25:02.0574 4280 Hamachi2Svc - ok
18:25:02.0652 4280 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:25:02.0652 4280 hcw85cir - ok
18:25:02.0699 4280 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:25:02.0699 4280 HdAudAddService - ok
18:25:02.0730 4280 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:25:02.0730 4280 HDAudBus - ok
18:25:02.0745 4280 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:25:02.0745 4280 HidBatt - ok
18:25:02.0761 4280 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:25:02.0761 4280 HidBth - ok
18:25:02.0777 4280 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:25:02.0777 4280 HidIr - ok
18:25:02.0792 4280 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:25:02.0792 4280 hidserv - ok
18:25:02.0792 4280 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:25:02.0792 4280 HidUsb - ok
18:25:02.0823 4280 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
18:25:02.0823 4280 hkmsvc - ok
18:25:02.0855 4280 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
18:25:02.0855 4280 HomeGroupListener - ok
18:25:02.0886 4280 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
18:25:02.0886 4280 HomeGroupProvider - ok
18:25:02.0917 4280 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:25:02.0917 4280 HpSAMD - ok
18:25:02.0979 4280 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:25:02.0979 4280 HTTP - ok
18:25:03.0011 4280 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:25:03.0011 4280 hwpolicy - ok
18:25:03.0026 4280 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:25:03.0026 4280 i8042prt - ok
18:25:03.0073 4280 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
18:25:03.0073 4280 iaStorV - ok
18:25:03.0198 4280 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:25:03.0198 4280 idsvc - ok
18:25:03.0213 4280 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:25:03.0213 4280 iirsp - ok
18:25:03.0291 4280 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
18:25:03.0291 4280 IKEEXT - ok
18:25:03.0307 4280 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:25:03.0307 4280 intelide - ok
18:25:03.0323 4280 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:25:03.0323 4280 intelppm - ok
18:25:03.0338 4280 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:25:03.0338 4280 IPBusEnum - ok
18:25:03.0338 4280 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:25:03.0354 4280 IpFilterDriver - ok
18:25:03.0447 4280 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
18:25:03.0447 4280 iphlpsvc - ok
18:25:03.0463 4280 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:25:03.0463 4280 IPMIDRV - ok
18:25:03.0479 4280 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:25:03.0479 4280 IPNAT - ok
18:25:03.0603 4280 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
18:25:03.0603 4280 iPod Service - ok
18:25:03.0619 4280 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:25:03.0619 4280 IRENUM - ok
18:25:03.0635 4280 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:25:03.0635 4280 isapnp - ok
18:25:03.0666 4280 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:25:03.0666 4280 iScsiPrt - ok
18:25:03.0681 4280 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:25:03.0681 4280 kbdclass - ok
18:25:03.0697 4280 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:25:03.0697 4280 kbdhid - ok
18:25:03.0713 4280 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:25:03.0713 4280 KeyIso - ok
18:25:03.0744 4280 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
18:25:03.0744 4280 KSecDD - ok
18:25:03.0775 4280 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
18:25:03.0775 4280 KSecPkg - ok
18:25:03.0775 4280 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:25:03.0775 4280 ksthunk - ok
18:25:03.0837 4280 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:25:03.0837 4280 KtmRm - ok
18:25:03.0884 4280 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
18:25:03.0884 4280 LanmanServer - ok
18:25:03.0915 4280 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
18:25:03.0915 4280 LanmanWorkstation - ok
18:25:03.0947 4280 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
18:25:03.0947 4280 lirsgt - ok
18:25:03.0962 4280 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:25:03.0962 4280 lltdio - ok
18:25:03.0993 4280 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:25:03.0993 4280 lltdsvc - ok
18:25:03.0993 4280 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:25:03.0993 4280 lmhosts - ok
18:25:04.0009 4280 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:25:04.0009 4280 LSI_FC - ok
18:25:04.0025 4280 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:25:04.0025 4280 LSI_SAS - ok
18:25:04.0040 4280 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:25:04.0040 4280 LSI_SAS2 - ok
18:25:04.0056 4280 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:25:04.0056 4280 LSI_SCSI - ok
18:25:04.0056 4280 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:25:04.0056 4280 luafv - ok
18:25:04.0071 4280 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
18:25:04.0071 4280 MBAMProtector - ok
18:25:04.0181 4280 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:25:04.0196 4280 MBAMService - ok
18:25:04.0196 4280 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
18:25:04.0196 4280 Mcx2Svc - ok
18:25:04.0212 4280 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:25:04.0212 4280 megasas - ok
18:25:04.0243 4280 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:25:04.0243 4280 MegaSR - ok
18:25:04.0259 4280 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:25:04.0259 4280 MMCSS - ok
18:25:04.0274 4280 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:25:04.0274 4280 Modem - ok
18:25:04.0274 4280 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:25:04.0274 4280 monitor - ok
18:25:04.0290 4280 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:25:04.0290 4280 mouclass - ok
18:25:04.0305 4280 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:25:04.0305 4280 mouhid - ok
18:25:04.0321 4280 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:25:04.0321 4280 mountmgr - ok
18:25:04.0352 4280 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:25:04.0368 4280 MozillaMaintenance - ok
18:25:04.0383 4280 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:25:04.0383 4280 mpio - ok
18:25:04.0399 4280 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:25:04.0399 4280 mpsdrv - ok
18:25:04.0524 4280 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
18:25:04.0524 4280 MpsSvc - ok
18:25:04.0555 4280 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:25:04.0555 4280 MRxDAV - ok
18:25:04.0586 4280 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:25:04.0586 4280 mrxsmb - ok
18:25:04.0617 4280 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:25:04.0617 4280 mrxsmb10 - ok
18:25:04.0649 4280 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:25:04.0649 4280 mrxsmb20 - ok
18:25:04.0649 4280 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
18:25:04.0649 4280 msahci - ok
18:25:04.0664 4280 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:25:04.0664 4280 msdsm - ok
18:25:04.0680 4280 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:25:04.0680 4280 MSDTC - ok
18:25:04.0711 4280 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:25:04.0711 4280 Msfs - ok
18:25:04.0727 4280 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:25:04.0727 4280 mshidkmdf - ok
18:25:04.0727 4280 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:25:04.0727 4280 msisadrv - ok
18:25:04.0758 4280 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:25:04.0758 4280 MSiSCSI - ok
18:25:04.0773 4280 msiserver - ok
18:25:04.0789 4280 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:25:04.0789 4280 MSKSSRV - ok
18:25:04.0805 4280 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:25:04.0805 4280 MSPCLOCK - ok
18:25:04.0805 4280 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:25:04.0805 4280 MSPQM - ok
18:25:04.0851 4280 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:25:04.0851 4280 MsRPC - ok
18:25:04.0851 4280 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:25:04.0851 4280 mssmbios - ok
18:25:04.0867 4280 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:25:04.0867 4280 MSTEE - ok
18:25:04.0867 4280 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:25:04.0867 4280 MTConfig - ok
18:25:04.0898 4280 MTsensor (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys
18:25:04.0898 4280 MTsensor - ok
18:25:04.0914 4280 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:25:04.0914 4280 Mup - ok
18:25:04.0976 4280 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
18:25:04.0976 4280 napagent - ok
18:25:05.0023 4280 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:25:05.0023 4280 NativeWifiP - ok
18:25:05.0101 4280 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:25:05.0117 4280 NDIS - ok
18:25:05.0117 4280 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:25:05.0117 4280 NdisCap - ok
18:25:05.0132 4280 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:25:05.0132 4280 NdisTapi - ok
18:25:05.0148 4280 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:25:05.0148 4280 Ndisuio - ok
18:25:05.0163 4280 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:25:05.0163 4280 NdisWan - ok
18:25:05.0179 4280 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:25:05.0179 4280 NDProxy - ok
18:25:05.0179 4280 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:25:05.0179 4280 NetBIOS - ok
18:25:05.0210 4280 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:25:05.0210 4280 NetBT - ok
18:25:05.0241 4280 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:25:05.0241 4280 Netlogon - ok
18:25:05.0273 4280 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:25:05.0273 4280 Netman - ok
18:25:05.0366 4280 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:25:05.0366 4280 NetMsmqActivator - ok
18:25:05.0366 4280 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:25:05.0366 4280 NetPipeActivator - ok
18:25:05.0413 4280 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:25:05.0413 4280 netprofm - ok
18:25:05.0413 4280 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:25:05.0429 4280 NetTcpActivator - ok
18:25:05.0429 4280 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:25:05.0429 4280 NetTcpPortSharing - ok
18:25:05.0460 4280 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:25:05.0460 4280 nfrd960 - ok
18:25:05.0491 4280 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
18:25:05.0491 4280 NlaSvc - ok
18:25:05.0491 4280 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:25:05.0491 4280 Npfs - ok
18:25:05.0507 4280 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:25:05.0507 4280 nsi - ok
18:25:05.0507 4280 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:25:05.0507 4280 nsiproxy - ok
18:25:05.0663 4280 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
18:25:05.0663 4280 Ntfs - ok
18:25:05.0772 4280 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:25:05.0772 4280 Null - ok
18:25:05.0787 4280 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
18:25:05.0787 4280 nvraid - ok
18:25:05.0803 4280 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
18:25:05.0803 4280 nvstor - ok
18:25:05.0819 4280 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:25:05.0819 4280 nv_agp - ok
18:25:05.0834 4280 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:25:05.0834 4280 ohci1394 - ok
18:25:05.0865 4280 ossrv (fa78441f605c39545810f33a08528aea) C:\Windows\system32\drivers\ctoss2k.sys
18:25:05.0881 4280 ossrv - ok
18:25:05.0912 4280 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:25:05.0912 4280 p2pimsvc - ok
18:25:05.0959 4280 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:25:05.0975 4280 p2psvc - ok
18:25:05.0990 4280 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:25:05.0990 4280 Parport - ok
18:25:05.0990 4280 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
18:25:05.0990 4280 partmgr - ok
18:25:06.0006 4280 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:25:06.0021 4280 PcaSvc - ok
18:25:06.0037 4280 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:25:06.0037 4280 pci - ok
18:25:06.0037 4280 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
18:25:06.0037 4280 pciide - ok
18:25:06.0068 4280 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:25:06.0068 4280 pcmcia - ok
18:25:06.0084 4280 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:25:06.0084 4280 pcw - ok
18:25:06.0146 4280 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:25:06.0146 4280 PEAUTH - ok
18:25:06.0271 4280 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
18:25:06.0271 4280 PeerDistSvc - ok
18:25:06.0333 4280 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:25:06.0333 4280 PerfHost - ok
18:25:06.0521 4280 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
18:25:06.0521 4280 pla - ok
18:25:06.0567 4280 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
18:25:06.0567 4280 PlugPlay - ok
18:25:06.0599 4280 PnkBstrA - ok
18:25:06.0599 4280 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:25:06.0599 4280 PNRPAutoReg - ok
18:25:06.0630 4280 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:25:06.0630 4280 PNRPsvc - ok
18:25:06.0692 4280 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
18:25:06.0692 4280 PolicyAgent - ok
18:25:06.0723 4280 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:25:06.0723 4280 Power - ok
18:25:06.0770 4280 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:25:06.0770 4280 PptpMiniport - ok
18:25:06.0786 4280 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:25:06.0786 4280 Processor - ok
18:25:06.0817 4280 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
18:25:06.0817 4280 ProfSvc - ok
18:25:06.0848 4280 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:25:06.0848 4280 ProtectedStorage - ok
18:25:06.0864 4280 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:25:06.0864 4280 Psched - ok
18:25:06.0989 4280 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:25:06.0989 4280 ql2300 - ok
18:25:07.0082 4280 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:25:07.0082 4280 ql40xx - ok
18:25:07.0113 4280 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:25:07.0113 4280 QWAVE - ok
18:25:07.0129 4280 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:25:07.0129 4280 QWAVEdrv - ok
18:25:07.0145 4280 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:25:07.0145 4280 RasAcd - ok
18:25:07.0160 4280 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:25:07.0160 4280 RasAgileVpn - ok
18:25:07.0176 4280 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:25:07.0176 4280 RasAuto - ok
18:25:07.0191 4280 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:25:07.0191 4280 Rasl2tp - ok
18:25:07.0223 4280 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
18:25:07.0223 4280 RasMan - ok
18:25:07.0238 4280 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:25:07.0238 4280 RasPppoe - ok
18:25:07.0254 4280 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:25:07.0254 4280 RasSstp - ok
18:25:07.0285 4280 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:25:07.0285 4280 rdbss - ok
18:25:07.0301 4280 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:25:07.0301 4280 rdpbus - ok
18:25:07.0301 4280 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:25:07.0301 4280 RDPCDD - ok
18:25:07.0332 4280 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
18:25:07.0332 4280 RDPDR - ok
18:25:07.0347 4280 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:25:07.0347 4280 RDPENCDD - ok
18:25:07.0363 4280 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:25:07.0363 4280 RDPREFMP - ok
18:25:07.0394 4280 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
18:25:07.0394 4280 RDPWD - ok
18:25:07.0410 4280 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
18:25:07.0410 4280 rdyboost - ok
18:25:07.0425 4280 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:25:07.0425 4280 RemoteAccess - ok
18:25:07.0441 4280 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:25:07.0457 4280 RemoteRegistry - ok
18:25:07.0472 4280 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:25:07.0472 4280 RpcEptMapper - ok
18:25:07.0488 4280 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:25:07.0488 4280 RpcLocator - ok
18:25:07.0535 4280 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
18:25:07.0535 4280 RpcSs - ok
18:25:07.0550 4280 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:25:07.0550 4280 rspndr - ok
18:25:07.0613 4280 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:25:07.0613 4280 RTL8167 - ok
18:25:07.0644 4280 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
18:25:07.0644 4280 s3cap - ok
18:25:07.0659 4280 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:25:07.0659 4280 SamSs - ok
18:25:07.0691 4280 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:25:07.0691 4280 sbp2port - ok
18:25:07.0722 4280 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:25:07.0722 4280 SCardSvr - ok
18:25:07.0722 4280 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:25:07.0722 4280 scfilter - ok
18:25:07.0831 4280 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
18:25:07.0831 4280 Schedule - ok
18:25:07.0847 4280 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
18:25:07.0847 4280 SCPolicySvc - ok
18:25:07.0878 4280 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
18:25:07.0878 4280 SDRSVC - ok
18:25:07.0909 4280 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:25:07.0909 4280 secdrv - ok
18:25:07.0909 4280 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
18:25:07.0925 4280 seclogon - ok
18:25:07.0940 4280 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:25:07.0940 4280 SENS - ok
18:25:07.0940 4280 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:25:07.0940 4280 SensrSvc - ok
18:25:07.0956 4280 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:25:07.0956 4280 Serenum - ok
18:25:07.0971 4280 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:25:07.0971 4280 Serial - ok
18:25:07.0987 4280 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:25:07.0987 4280 sermouse - ok
18:25:08.0003 4280 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
18:25:08.0003 4280 SessionEnv - ok
18:25:08.0018 4280 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:25:08.0018 4280 sffdisk - ok
18:25:08.0034 4280 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:25:08.0034 4280 sffp_mmc - ok
18:25:08.0034 4280 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:25:08.0034 4280 sffp_sd - ok
18:25:08.0049 4280 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:25:08.0049 4280 sfloppy - ok
18:25:08.0096 4280 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:25:08.0096 4280 SharedAccess - ok
18:25:08.0143 4280 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
18:25:08.0159 4280 ShellHWDetection - ok
18:25:08.0159 4280 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:25:08.0159 4280 SiSRaid2 - ok
18:25:08.0174 4280 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:25:08.0174 4280 SiSRaid4 - ok
18:25:08.0190 4280 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:25:08.0190 4280 Smb - ok
18:25:08.0205 4280 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:25:08.0205 4280 SNMPTRAP - ok
18:25:08.0237 4280 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:25:08.0237 4280 spldr - ok
18:25:08.0283 4280 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
18:25:08.0299 4280 Spooler - ok
18:25:08.0580 4280 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
18:25:08.0595 4280 sppsvc - ok
18:25:08.0705 4280 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:25:08.0705 4280 sppuinotify - ok
18:25:08.0720 4280 sptd - ok
18:25:08.0814 4280 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
18:25:08.0814 4280 srv - ok
18:25:08.0861 4280 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
18:25:08.0861 4280 srv2 - ok
18:25:08.0876 4280 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
18:25:08.0876 4280 srvnet - ok
18:25:08.0907 4280 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:25:08.0907 4280 SSDPSRV - ok
18:25:08.0923 4280 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:25:08.0923 4280 SstpSvc - ok
18:25:08.0939 4280 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:25:08.0939 4280 stexstor - ok
18:25:09.0017 4280 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
18:25:09.0017 4280 stisvc - ok
18:25:09.0048 4280 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
18:25:09.0048 4280 storflt - ok
18:25:09.0063 4280 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
18:25:09.0063 4280 storvsc - ok
18:25:09.0063 4280 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:25:09.0063 4280 swenum - ok
18:25:09.0188 4280 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:25:09.0188 4280 SwitchBoard - ok
18:25:09.0235 4280 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:25:09.0235 4280 swprv - ok
18:25:09.0391 4280 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
18:25:09.0391 4280 SysMain - ok
18:25:09.0547 4280 tap0901 (f9be29d5e097f03f81d3cd12b794cb66) C:\Windows\system32\DRIVERS\tap0901.sys
18:25:09.0547 4280 tap0901 - ok
18:25:09.0578 4280 tap0901t (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys
18:25:09.0578 4280 tap0901t - ok
18:25:09.0609 4280 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
18:25:09.0609 4280 TapiSrv - ok
18:25:09.0625 4280 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:25:09.0625 4280 TBS - ok
18:25:09.0797 4280 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
18:25:09.0812 4280 Tcpip - ok
18:25:10.0015 4280 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
18:25:10.0031 4280 TCPIP6 - ok
18:25:10.0124 4280 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:25:10.0124 4280 tcpipreg - ok
18:25:10.0140 4280 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:25:10.0140 4280 TDPIPE - ok
18:25:10.0155 4280 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
18:25:10.0155 4280 TDTCP - ok
18:25:10.0171 4280 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:25:10.0171 4280 tdx - ok
18:25:10.0187 4280 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:25:10.0187 4280 TermDD - ok
18:25:10.0265 4280 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
18:25:10.0265 4280 TermService - ok
18:25:10.0280 4280 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:25:10.0296 4280 Themes - ok
18:25:10.0311 4280 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:25:10.0311 4280 THREADORDER - ok
18:25:10.0343 4280 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:25:10.0343 4280 TrkWks - ok
18:25:10.0374 4280 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
18:25:10.0374 4280 TrustedInstaller - ok
18:25:10.0389 4280 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:25:10.0389 4280 tssecsrv - ok
18:25:10.0405 4280 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:25:10.0405 4280 tunnel - ok
18:25:10.0530 4280 TunngleService (9911a023bf2948eef5c7394bc8efbc6d) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
18:25:10.0545 4280 TunngleService - ok
18:25:10.0545 4280 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:25:10.0561 4280 uagp35 - ok
18:25:10.0592 4280 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
18:25:10.0592 4280 udfs - ok
18:25:10.0608 4280 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:25:10.0608 4280 UI0Detect - ok
18:25:10.0608 4280 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:25:10.0608 4280 uliagpkx - ok
18:25:10.0623 4280 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:25:10.0623 4280 umbus - ok
18:25:10.0639 4280 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:25:10.0639 4280 UmPass - ok
18:25:10.0655 4280 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
18:25:10.0655 4280 UmRdpService - ok
18:25:10.0701 4280 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:25:10.0701 4280 upnphost - ok
18:25:10.0733 4280 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:25:10.0733 4280 USBAAPL64 - ok
18:25:10.0748 4280 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
18:25:10.0748 4280 usbccgp - ok
18:25:10.0764 4280 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:25:10.0764 4280 usbcir - ok
18:25:10.0795 4280 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
18:25:10.0795 4280 usbehci - ok
18:25:10.0826 4280 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
18:25:10.0826 4280 usbhub - ok
18:25:10.0826 4280 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
18:25:10.0826 4280 usbohci - ok
18:25:10.0842 4280 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:25:10.0842 4280 usbprint - ok
18:25:10.0857 4280 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:25:10.0857 4280 USBSTOR - ok
18:25:10.0873 4280 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
18:25:10.0873 4280 usbuhci - ok
18:25:10.0889 4280 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:25:10.0889 4280 UxSms - ok
18:25:10.0904 4280 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
18:25:10.0904 4280 VaultSvc - ok
18:25:10.0920 4280 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:25:10.0920 4280 vdrvroot - ok
18:25:10.0967 4280 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
18:25:10.0967 4280 vds - ok
18:25:10.0998 4280 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:25:10.0998 4280 vga - ok
18:25:11.0013 4280 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:25:11.0013 4280 VgaSave - ok
18:25:11.0029 4280 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:25:11.0029 4280 vhdmp - ok
18:25:11.0045 4280 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:25:11.0045 4280 viaide - ok
18:25:11.0060 4280 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
18:25:11.0060 4280 vmbus - ok
18:25:11.0076 4280 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
18:25:11.0076 4280 VMBusHID - ok
18:25:11.0091 4280 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:25:11.0091 4280 volmgr - ok
18:25:11.0123 4280 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:25:11.0123 4280 volmgrx - ok
18:25:11.0154 4280 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:25:11.0154 4280 volsnap - ok
18:25:11.0169 4280 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:25:11.0169 4280 vsmraid - ok
18:25:11.0310 4280 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
18:25:11.0310 4280 VSS - ok
18:25:11.0435 4280 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:25:11.0435 4280 vwifibus - ok
18:25:11.0481 4280 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:25:11.0481 4280 W32Time - ok
18:25:11.0497 4280 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:25:11.0497 4280 WacomPen - ok
18:25:11.0513 4280 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:25:11.0513 4280 WANARP - ok
18:25:11.0513 4280 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:25:11.0513 4280 Wanarpv6 - ok
18:25:11.0637 4280 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
18:25:11.0653 4280 wbengine - ok
18:25:11.0731 4280 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:25:11.0731 4280 WbioSrvc - ok
18:25:11.0778 4280 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
18:25:11.0778 4280 wcncsvc - ok
18:25:11.0809 4280 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:25:11.0809 4280 WcsPlugInService - ok
18:25:11.0825 4280 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:25:11.0825 4280 Wd - ok
18:25:11.0887 4280 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:25:11.0887 4280 Wdf01000 - ok
18:25:11.0903 4280 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:25:11.0903 4280 WdiServiceHost - ok
18:25:11.0903 4280 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:25:11.0903 4280 WdiSystemHost - ok
18:25:11.0949 4280 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
18:25:11.0949 4280 WebClient - ok
18:25:11.0965 4280 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:25:11.0981 4280 Wecsvc - ok
18:25:11.0996 4280 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:25:11.0996 4280 wercplsupport - ok
18:25:12.0012 4280 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:25:12.0012 4280 WerSvc - ok
18:25:12.0027 4280 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:25:12.0027 4280 WfpLwf - ok
18:25:12.0043 4280 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:25:12.0043 4280 WIMMount - ok
18:25:12.0074 4280 WinDefend - ok
18:25:12.0090 4280 WinHttpAutoProxySvc - ok
18:25:12.0137 4280 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:25:12.0137 4280 Winmgmt - ok
18:25:12.0308 4280 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
18:25:12.0324 4280 WinRM - ok
18:25:12.0464 4280 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
18:25:12.0464 4280 WinUsb - ok
18:25:12.0542 4280 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:25:12.0542 4280 Wlansvc - ok
18:25:12.0792 4280 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:25:12.0807 4280 wlidsvc - ok
18:25:12.0885 4280 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:25:12.0885 4280 WmiAcpi - ok
18:25:12.0932 4280 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:25:12.0932 4280 wmiApSrv - ok
18:25:12.0979 4280 WMPNetworkSvc - ok
18:25:12.0995 4280 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:25:12.0995 4280 WPCSvc - ok
18:25:13.0010 4280 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
18:25:13.0010 4280 WPDBusEnum - ok
18:25:13.0026 4280 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:25:13.0026 4280 ws2ifsl - ok
18:25:13.0073 4280 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
18:25:13.0073 4280 wscsvc - ok
18:25:13.0088 4280 WSearch - ok
18:25:13.0291 4280 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
18:25:13.0307 4280 wuauserv - ok
18:25:13.0431 4280 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:25:13.0431 4280 WudfPf - ok
18:25:13.0447 4280 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:25:13.0447 4280 WUDFRd - ok
18:25:13.0463 4280 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
18:25:13.0463 4280 wudfsvc - ok
18:25:13.0494 4280 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:25:13.0494 4280 WwanSvc - ok
18:25:13.0525 4280 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:25:13.0572 4280 \Device\Harddisk0\DR0 - ok
18:25:13.0587 4280 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:25:13.0587 4280 \Device\Harddisk1\DR1 - ok
18:25:13.0587 4280 Boot (0x1200) (4b82a0b632c96015ed87bb8f651270d9) \Device\Harddisk0\DR0\Partition0
18:25:13.0587 4280 \Device\Harddisk0\DR0\Partition0 - ok
18:25:13.0603 4280 Boot (0x1200) (330cc414f91e9e7e0631944fcec079c6) \Device\Harddisk0\DR0\Partition1
18:25:13.0603 4280 \Device\Harddisk0\DR0\Partition1 - ok
18:25:13.0603 4280 Boot (0x1200) (fbf362c5083e3967ae57622ec1d3d329) \Device\Harddisk1\DR1\Partition0
18:25:13.0603 4280 \Device\Harddisk1\DR1\Partition0 - ok
18:25:13.0603 4280 ============================================================
18:25:13.0603 4280 Scan finished
18:25:13.0603 4280 ============================================================
18:25:13.0619 3872 Detected object count: 0
18:25:13.0619 3872 Actual detected object count: 0
18:25:16.0910 3524 Deinitialize success

#6 gringo_pr

Bleepin Gringo

Malware Response Team
120,587 posts

Gender:Male
Location:Puerto rico

Posted 05 May 2012 - 08:32 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\Users\Hurr\AppData\Roaming\Adobe\Flash Player\NativeCache\87751633C509CE0559A2FCA8D73AC9CC\40e357a1\adobecp-200489-1.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following

report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?

Gringo

#7 hollow9mm

New Member

Members
8 posts

Posted 06 May 2012 - 01:25 AM

ComboFix 12-05-05.07 - Hurr 05/06/2012 1:09.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6143.4569 [GMT -5:00]
Running from: c:\users\Hurr\Desktop\ComboFix.exe
Command switches used :: c:\users\Hurr\Desktop\cfscript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
.
FILE ::
"c:\users\Hurr\AppData\Roaming\Adobe\Flash Player\NativeCache\87751633C509CE0559A2FCA8D73AC9CC\40e357a1\adobecp-200489-1.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hurr\AppData\Roaming\Adobe\Flash Player\NativeCache\87751633C509CE0559A2FCA8D73AC9CC\40e357a1\adobecp-200489-1.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-06 to 2012-05-06 )))))))))))))))))))))))))))))))
.
.
2012-05-06 06:14 . 2012-05-06 06:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-05 14:05 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-05 14:05 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-05 14:05 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-05 14:05 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-05 14:05 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-05 14:05 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-05 14:05 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-05 13:49 . 2012-05-05 13:49 -------- d-----w- c:\windows\CheckSur
2012-05-05 13:01 . 2012-05-05 13:01 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-05-05 13:01 . 2012-05-05 13:01 -------- d-----w- c:\program files (x86)\Tweaking.com
2012-05-05 12:56 . 2012-05-05 12:56 -------- d-----w- c:\users\Hurr\AppData\Roaming\Malwarebytes
2012-05-05 12:56 . 2012-05-05 12:56 -------- d-----w- c:\programdata\Malwarebytes
2012-05-05 12:56 . 2012-05-05 12:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-05 12:56 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-04 19:09 . 2012-05-04 19:09 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-04 19:09 . 2012-05-04 19:09 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-04 19:09 . 2012-05-04 19:09 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-02 16:41 . 2012-05-02 16:43 -------- d-----w- c:\users\Hurr\AppData\Local\SniperV2
2012-05-01 01:31 . 2012-05-02 12:51 -------- d-----w- C:\$$current$$
2012-04-30 07:01 . 2012-04-30 07:01 -------- d-----w- c:\programdata\Fallout2
2012-04-28 10:11 . 2012-04-30 12:38 -------- d-----w- c:\program files (x86)\GOG.com
2012-04-26 01:14 . 2012-04-26 01:14 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-22 08:27 . 2012-04-22 08:27 -------- d-----w- c:\programdata\ATI
2012-04-22 08:22 . 2012-04-22 08:22 -------- d-----w- c:\program files (x86)\AMD AVT
2012-04-22 08:22 . 2012-04-22 08:22 -------- d-----w- c:\program files\AMD
2012-04-22 08:22 . 2012-04-22 08:22 -------- d-----w- c:\program files (x86)\AMD
2012-04-22 08:22 . 2012-04-22 08:22 -------- d-----w- c:\program files (x86)\AMD APP
2012-04-22 07:31 . 2012-04-22 07:31 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-22 07:31 . 2012-04-22 07:31 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-22 07:31 . 2012-04-22 07:31 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-22 07:31 . 2012-04-22 07:31 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-22 07:30 . 2012-04-22 07:31 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-22 07:30 . 2012-04-22 07:30 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-22 07:30 . 2012-04-22 07:30 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-22 07:30 . 2012-04-22 07:30 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-22 07:30 . 2012-04-22 07:30 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-22 07:30 . 2012-04-22 07:30 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-22 07:29 . 2012-04-22 07:30 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-22 07:29 . 2012-04-22 07:31 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-22 07:29 . 2012-04-22 07:29 95248 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2012-04-22 07:29 . 2012-04-22 07:29 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-22 07:29 . 2012-04-22 07:29 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-22 07:29 . 2012-04-22 07:29 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-22 07:29 . 2012-04-22 07:29 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-22 07:29 . 2012-04-22 07:29 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-22 07:28 . 2012-04-22 07:29 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-22 07:28 . 2012-04-22 07:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-22 07:28 . 2012-04-22 07:28 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-22 07:28 . 2012-04-22 07:28 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-21 07:00 . 2012-04-21 07:00 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-04-20 20:51 . 2012-04-20 20:51 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-04-20 20:41 . 2012-04-20 20:42 -------- d-----w- c:\programdata\Battle.net
2012-04-19 22:46 . 2012-04-19 22:47 -------- d-----w- c:\users\Hurr\AppData\Local\SniperV2 Demo
2012-04-13 05:55 . 2012-04-17 07:35 -------- d-----w- c:\program files (x86)\Wakfu
2012-04-09 18:03 . 2012-04-09 18:03 -------- d-----w- c:\users\Hurr\AppData\Roaming\Media Player Classic
2012-04-08 12:54 . 2012-04-08 12:54 -------- d-----w- c:\users\Hurr\AppData\Roaming\Creative
2012-04-08 12:45 . 2003-06-13 04:25 7062 ----a-w- c:\windows\SysWow64\audiopid.vxd
2012-04-08 12:44 . 2012-04-08 12:44 -------- d-----w- c:\program files (x86)\Common Files\Creative
2012-04-08 12:44 . 2012-04-08 12:44 -------- d--h--w- c:\program files (x86)\Creative Installation Information
2012-04-08 12:44 . 2008-02-04 15:27 102400 ----a-w- c:\windows\SysWow64\cttele32.dll
2012-04-08 12:43 . 2012-04-08 12:44 -------- d-----w- c:\windows\SysWow64\Data
2012-04-08 12:42 . 2012-04-08 12:42 -------- d-----w- c:\program files (x86)\Common Files\Creative Labs Shared
2012-04-08 12:42 . 2012-04-08 12:47 -------- d-----w- c:\program files\Creative
2012-04-08 12:40 . 2012-04-08 12:48 -------- d-----w- c:\program files (x86)\Creative
2012-04-08 12:10 . 2012-04-08 12:10 -------- d-----w- c:\program files (x86)\Phyxion.net
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 01:14 . 2011-08-20 02:44 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-22 07:32 . 2011-12-26 09:22 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-22 07:32 . 2011-12-26 09:21 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-22 07:31 . 2011-07-28 21:39 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-22 07:31 . 2011-07-28 21:01 58880 ----a-w- c:\windows\system32\coinst.dll
2012-04-22 07:30 . 2011-12-26 09:24 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-22 07:30 . 2011-12-26 09:23 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-22 07:30 . 2011-07-28 21:20 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-22 07:29 . 2011-10-26 01:21 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-22 07:29 . 2011-07-28 20:53 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-22 07:29 . 2011-12-26 09:24 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-22 07:29 . 2011-07-28 20:53 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-12 00:52 . 2011-09-09 02:53 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-12 00:52 . 2011-09-04 22:51 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-08 23:18 . 2011-10-27 03:13 794408 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-04-08 23:18 . 2011-09-04 22:51 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-08 12:44 . 2011-08-20 00:04 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-04-08 12:44 . 2011-08-20 00:04 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-04-08 12:44 . 2011-08-20 00:04 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2012-04-08 12:44 . 2011-08-20 00:04 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-03-27 08:14 . 2011-09-04 22:51 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-02-28 06:49 . 2011-09-16 09:44 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-18 19:23 . 2011-08-26 16:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-16 02:37 . 2011-11-23 02:38 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-15 06:27 . 2012-03-14 07:35 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 07:35 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 07:35 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 07:35 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 03:05 . 2012-02-15 03:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-15 03:05 . 2012-02-15 03:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-15 03:05 . 2012-02-15 03:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-15 03:05 . 2012-02-15 03:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-15 03:05 . 2012-02-15 03:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-15 03:04 . 2012-02-15 03:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-15 03:03 . 2012-02-15 03:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-15 03:03 . 2012-02-15 03:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-10 06:18 . 2012-03-14 07:41 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 06:17 . 2012-03-14 07:41 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 06:17 . 2012-03-14 07:41 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-10 06:17 . 2012-03-14 07:41 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 06:17 . 2012-03-14 07:41 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 07:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 05:41 . 2012-03-14 07:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-14 07:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 07:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-10 05:41 . 2012-03-14 07:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-05_21.10.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-11 06:15 . 2012-05-06 06:06 31560 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-06 06:06 38060 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-08-19 23:29 . 2012-05-05 16:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-19 23:29 . 2012-05-06 06:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-19 23:29 . 2012-05-05 16:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-19 23:29 . 2012-05-06 06:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-19 23:29 . 2012-05-06 06:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-19 23:29 . 2012-05-05 16:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-19 23:29 . 2012-05-06 06:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-19 23:29 . 2012-05-05 20:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-19 23:29 . 2012-05-05 20:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-19 23:29 . 2012-05-06 06:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-19 23:30 . 2012-05-06 06:06 7820 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2149505465-312763643-1046854565-1001_UserData.bin
- 2012-05-05 21:09 . 2012-05-05 21:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-06 06:15 . 2012-05-06 06:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-06 06:15 . 2012-05-06 06:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-05 21:09 . 2012-05-05 21:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-05-05 16:27 669432 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-06 06:11 669432 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-06 06:11 125514 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-05 16:27 125514 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-05-05 21:08 285052 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-06 06:14 285052 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-05-05 20:44 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-05-05 21:23 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-08-20 00:05 . 2012-05-06 06:14 57182252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2149505465-312763643-1046854565-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Steam"="e:\program files\Steam\steam.exe" [2012-02-23 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-01-12 37888]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"VolPanel"="c:\program files (x86)\Creative\Volume Panel\VolPanlu.exe" [2010-02-18 241789]
"CTxfiHlp"="CTXFIHLP.EXE" [2011-08-22 25600]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 253088]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-04-08 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-04-08 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-02-09 735080]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-15 361984]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 01:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Hurr\AppData\Roaming\Mozilla\Firefox\Profiles\7xlwiilx.default\
FF - prefs.js: browser.startup.homepage - www.bing.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2149505465-312763643-1046854565-1001\Software\SecuROM\License information*]
"datasecu"=hex:70,3e,ed,f9,18,2c,97,b8,03,3b,f4,d3,7e,4a,b6,71,72,e4,02,d4,3d,
a5,98,1c,fe,b5,a9,d2,55,15,b0,d0,37,f5,ea,ef,83,e3,a9,6f,bb,4e,89,be,f8,9c,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\Ctxfihlp.exe
c:\windows\SysWOW64\CTXFISPI.EXE
.
**************************************************************************
.
Completion time: 2012-05-06 01:20:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-06 06:20
.
Pre-Run: 250,106,548,224 bytes free
Post-Run: 250,101,313,536 bytes free
.
- - End Of File - - FB32781AE75AD9E4C05F1D0C2E9511B9

#8 gringo_pr

Bleepin Gringo

Malware Response Team
120,587 posts

Gender:Male
Location:Puerto rico

Posted 06 May 2012 - 02:06 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
please copy and past the following into the box

C:\Qoobox\Add-Remove Programs.txt

click ok

copy and paste the report into this topic for me to review

Gringo

#9 hollow9mm

New Member

Members
8 posts

Posted 06 May 2012 - 03:16 AM

Adobe AIR
Adobe Community Help
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
Alpha Protocol
AMD VISION Engine Control Center
ANNO 1404
ANNO 1404 - Venice
Apple Application Support
Apple Software Update
ARMA 2
ARMA 2: British Armed Forces
ARMA 2: British Armed Forces - Data cache removal
ARMA 2: Operation Arrowhead
ArmA II Launcher
Audiosurf
Avira Free Antivirus
Bandisoft MPEG-1 Decoder
Battlefield 2™
Battlefield 3™
Battleground Europe
BitTorrent
BOSS
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Multiplayer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help English
Cheat Engine 6.1
Cities XL 2012
Cole2k Media - Codec Pack (Advanced) 7.9.0
Combat Mission Afrika Korps
Combined Community Codec Pack 2009-09-09
Commandos 2: Men of Courage
Commandos: Behind Enemy Lines
Commandos: Beyond the Call of Duty
Counter-Strike: Source
Creative ALchemy
Creative Audio Control Panel
Creative AutoMode Switcher
Creative Console Launcher
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Crusader Kings II
Crusader Kings II version 1.04
Crysis Wars
DAEMON Tools Lite
Darkest Hour: Europe '44-'45
Darth Mod M2TW 1.4D
DarthMod Empire 6,95
Day of Defeat: Source
Deus Ex - Human Revolution version 1.0
Diablo III Beta
Divine Wind version 5.1
Driver Sweeper version 3.2.0
Empire Earth Gold Edition
Empire: Total War
ESN Sonar
Europa Universalis III
Fallen Earth
Fallout
Fallout 2
Fallout Mod Manager 0.13.21
Fallout New Vegas
FrostWire 5.1.4
Garry's Mod
German Soldiers Mod Fields of Honor 6.3
Google SketchUp 8
Grand Theft Auto IV
GTA San Andreas
Half-Life 2
Hitman Blood Money
Java Auto Updater
Java™ 6 Update 31
Killing Floor
Kingdoms of Amalur Reckoning
League of Legends
Livestream Procaster
LogMeIn Hamachi
Lure of the Temptress
Magicka
Malwarebytes Anti-Malware version 1.61.0.1400
Mass Effect
Mass Effect 2
Mass Effect 3
Medieval II: Total War
Medieval II: Total War Kingdoms
MegaTrainer eXperience V1.0.8.3
Men of War: Assault Squad
Microsoft .NET Framework 1.1
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Might & Magic Heroes VI
Mount & Blade: Warband
Mount & Blade: With Fire and Sword
Mozilla Firefox 12.0 (x86 en-GB)
Mozilla Maintenance Service
MSI Afterburner 2.1.0
MTX
Napoleon: Total War
NVIDIA PhysX
Oblivion mod manager 1.1.12
OpenAL
Origin
ORION: Dino Beatdown
Pando Media Booster
PDF Settings CS5
PR Mumble 1.0.0
Project Reality: ARMA2
Project Reality: BF2
Project Reality: BF2 v0.973 Map Pack
Project Reality: BF2 v0.973 Vietnam Beta
PT Boats: Knights of the Sea
PT Boats: South Gambit
PunkBuster Services
QuickTime
Real Lives 2007
Real Lives 2010
Realtek 8136 8168 8169 Ethernet Driver
Rome: Total War Gold Edition
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sid Meier's Civilization V
Six Updater
Sniper Elite V2
Source SDK Base 2007
Steam
swMSM
System Requirements Lab CYRI
TeamSpeak 3 Client
Terraria
The Elder Scrolls IV: Oblivion
The Witcher 2
Theatre of War
Theatre of War 2: Africa 1943
Theatre of War 2: Kursk 1943
Theatre of War 3 Korea Review (Remove Only)
THX Setup Console
Tunngle beta
Tweaking.com - Windows Repair (All in One)
Ubisoft Game Launcher
Universe Sandbox
Unofficial Oblivion Patch v3.2.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
VLC media player 1.0.3
Volume Panel
Wakfu
Wargame: European Escalation
Warhammer® 40,000®: Dawn of War® II – Retribution™
Winamp
Winamp Detector Plug-in
World of Tanks v.0.7.2_CT
Xfire (remove only)
Xvid 1.1.3 final uninstall

#10 gringo_pr

Bleepin Gringo

Malware Response Team
120,587 posts

Gender:Male
Location:Puerto rico

Posted 06 May 2012 - 03:59 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

BitTorrent
FrostWire 5.1.4
Java™ 6 Update 31
[/list]

Please download and install Revo Uninstaller Free
Double click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

Install Java:

Please go here to install Java

click on the Free Java Download Button
click on Agree and start Free download
click on Run
click on run again
click on install
when install is complete click on close

Clean Out Temp Files

This small application you may want to keep and use once a week to keep the computer clean.

Download CCleaner from here http://www.ccleaner.com/
Run the installer to install the application.
When it gives you the option to install Yahoo toolbar uncheck the box next to it.
Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
Click Run Cleaner.
Close CCleaner.

: Malwarebytes' Anti-Malware :

I would like you to rerun MBAM
Double-click mbam icon
go to the update tab at the top
click on check for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidentally close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

Go Here to download HijackThis Installer
Save HijackThis Installer to your desktop.
Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed it will launch Hijackthis.
Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

In your next post I need the following

Log From MBAM
report from Hijackthis
let me know of any problems you may have had
How is the computer doing now?

Gringo

#11 hollow9mm

New Member

Members
8 posts

Posted 06 May 2012 - 04:22 AM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.05.08

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Hurr :: DURR [administrator]

Protection: Disabled

5/6/2012 4:18:33 AM
mbam-log-2012-05-06 (04-18-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203174
Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:22:28 AM, on 5/6/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16968)
Boot mode: Normal

Running processes:
E:\Program Files\Steam\Steam.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "E:\Program Files\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut (User 'Default user')
O4 - Global Startup: AML Device Install.lnk = C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10089 bytes

#12 gringo_pr

Bleepin Gringo

Malware Response Team
120,587 posts

Gender:Male
Location:Puerto rico

Posted 06 May 2012 - 05:43 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
- O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
  O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
  O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
  O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
  O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
  O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
  O4 - HKUS\S-1-5-18\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut (User 'SYSTEM')
  O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
  O4 - HKUS\S-1-5-18\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [Welcome Center] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut (User 'Default user')
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.

NOTE**You can research each of those lines >here< and see if you want to keep them or not
just copy the name between the brackets and paste into the search space
O4 - HKLM\..\Run: [IntelliPoint]

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
- Click Start
When asked, allow the ActiveX control to install
- Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo

#13 hollow9mm

New Member

Members
8 posts

Posted 06 May 2012 - 12:53 PM

Eset didnt detect anything.

Edited by hollow9mm, 06 May 2012 - 12:54 PM.

#14 gringo_pr

Bleepin Gringo

Malware Response Team
120,587 posts

Gender:Male
Location:Puerto rico

Posted 06 May 2012 - 03:12 PM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
The application window will appear
Click the Re-enable button to re-enable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK.

Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

turn off all active protection software
push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
please copy and past the following into the box ComboFix /Uninstall and click OK.
Note the space between the X and the /Uninstall, it needs to be there.

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->

<-- Don't worry every little bit helps.

Gringo

#15 hollow9mm

New Member

Members
8 posts

Posted 06 May 2012 - 07:36 PM

Thank you very much. I appreciate you taking the time to help me. I had no problems uninstalling anything and you can close this thread now if you need to.