Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef.FC trojan can not be deleted


  • This topic is locked This topic is locked
27 replies to this topic

#1 Dzemil

Dzemil

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 05 July 2012 - 08:42 AM

Hi fellas.

I have Windows 7, 32 bit, and ESET NOD32 antivirus. ESET keeps detecting sirefef.FC but only gives option to delete or no action, and when I try to delete it says it can't be done.

Tried to find some help on Google :) and it gave me this topic as solution: http://www.bleepingcomputer.com/forums/topic459225.html and then I thought "thanks God that's it until I didn't see this:

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system


http://i46.tinypic.com/2vbuadu.png

I would appreciate any kind of help. Thank you in advance.

- Dzemil

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:32 PM

Posted 05 July 2012 - 08:59 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Dzemil

Dzemil
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 05 July 2012 - 10:54 AM

Thank you mate.

1. checkup.txt:

Results of screen317's Security Check version 0.99.42
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
ESET Smart Security 5.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.262
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


2.DDS Notepad

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by pc at 17:23:45 on 2012-07-05
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.387.1033.18.1917.1154 [GMT 2:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iVMS-4000(v2.0)\NetAppSoft.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\pc\Downloads\SecurityCheck.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxp://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2
uSearch Bar = Preserve
mStart Page = hxxp://startsear.ch/?aff=1&cf=f9388a60-3486-11e1-bc77-4487fcf8aa7e
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.4.31.2\bh\BabylonToolbar.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {f3fee66e-e034-436a-86e4-9690573bee8a} - YouTube Downloader Toolbar
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.4.31.2\BabylonToolbarTlbr.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll"
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} -
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Media Finder] "c:\program files\media finder\Media Finder.exe" /opentotray
uRun: [DIMDownloading your update...1300677038363] "c:\program files\corel\coreldraw graphics suite x5\draw\dim.exe" "c:\programdata\corel\downloads\540215253_610005\1300677038363\dim_params.xml" -launch=3 -uibase="c:\users\pc\appdata\roaming\corel\messages\540215253_610005\en\messagecache1\workflow"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Smart File Advisor] "c:\program files\smart file advisor\sfa.exe" /checkassoc
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [<NO NAME>]
StartupFolder: c:\users\pc\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobem~1.lnk - c:\program files\adobe media player\Adobe Media Player.exe
StartupFolder: c:\users\pc\appdata\roaming\micros~1\windows\startm~1\programs\startup\ivms-4~1.lnk - c:\program files\ivms-4000(v2.0)\NetAppSoft.exe
StartupFolder: c:\users\pc\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFCF48D-8E34-4490-8154-026191D73924} - hxxp://192.168.120.81/codebase/NetVideoActiveX_V23.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{062F7739-7E59-41FA-A804-0DC890724D6C} : NameServer = 212.39.98.161,212.39.98.162
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pc\appdata\roaming\mozilla\firefox\profiles\502dw7pr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\users\pc\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2011-8-4 50624]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2011-8-4 33656]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-5-25 785344]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.362.0\BBSvc.EXE [2012-2-13 193816]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-8-9 163424]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-8-9 974944]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-2-23 2886528]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-5-11 185856]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.362.0\SeaPort.EXE [2012-2-13 240408]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Usluga Google ažuriranje (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-16 116648]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-4-5 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-26 257224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-16 116648]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-5 40776]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-11 113120]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-07-05 08:58:19 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-29 08:50:27 -------- d-----w- c:\users\pc\appdata\roaming\Malwarebytes
2012-06-29 08:50:22 -------- d-----w- c:\programdata\Malwarebytes
2012-06-28 15:26:08 -------- d-----w- c:\program files\common files\Corel
2012-06-28 15:25:24 -------- d-----w- c:\program files\common files\Protexis
2012-06-28 15:18:55 -------- d-----w- c:\program files\Corel
2012-06-28 15:16:56 -------- d-----w- c:\programdata\CorelDRAW Graphics Suite X5
2012-06-28 02:25:02 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-27 02:12:19 2260992 ----a-w- c:\program files\WWIISniper.exe
2012-06-27 02:12:18 1814528 ----a-w- c:\program files\Lithtech.exe
2012-06-27 02:11:14 405504 ----a-w- c:\program files\Server.dll
2012-06-27 02:11:14 164864 ----a-w- c:\program files\UNWISE.EXE
2012-06-27 02:11:14 -------- d-----w- c:\program files\Profiles
2012-06-26 00:10:48 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-26 00:10:48 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 09:08:55 -------- d-----w- c:\program files\JDownloader
2012-06-22 09:50:00 -------- d-----w- c:\users\pc\appdata\roaming\WinAVI
2012-06-22 09:50:00 -------- d-----w- c:\users\pc\appdata\local\WinAVI
2012-06-22 09:34:47 -------- d-----w- c:\users\pc\appdata\roaming\AVS4YOU
2012-06-22 09:34:47 -------- d-----w- c:\programdata\AVS4YOU
2012-06-22 09:33:41 -------- d-----w- c:\program files\common files\AVSMedia
2012-06-22 09:33:07 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-06-22 09:33:07 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2012-06-22 09:33:06 -------- d-----w- c:\program files\AVS4YOU
2012-06-22 09:29:58 -------- d-----w- c:\program files\uTorrent
2012-06-22 09:28:56 -------- d-----w- c:\users\pc\appdata\roaming\uTorrent
2012-06-17 23:40:51 -------- d-----w- c:\programdata\Big Fish Games
2012-06-17 18:52:22 -------- d-----w- c:\users\pc\appdata\local\Macromedia
2012-06-17 18:30:42 -------- d-----w- c:\users\pc\appdata\roaming\DMCache
2012-06-15 23:16:14 -------- d-----w- c:\programdata\Protexis
2012-06-15 23:09:13 -------- d-----w- c:\programdata\Corel
2012-06-07 08:47:10 -------- d-----w- c:\program files\Application Updater
2012-06-07 08:47:09 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2012-06-07 08:47:09 -------- d-----w- c:\program files\common files\Spigot
2012-06-06 06:12:46 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-06 06:12:46 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
.
==================== Find3M ====================
.
.
============= FINISH: 17:24:11,06 ===============


3. Attach ZIP


If I have missed something I am really sorry, please tell me where the mistakes are and I'll do my best to do exactly what you are looking for.

Thank you a lot.

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:32 PM

Posted 05 July 2012 - 07:21 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Dzemil

Dzemil
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 06 July 2012 - 02:35 PM

Hello. I am really sorry for the late response, I was not able to do it earlier :(

1. Here's the log from the Combofix:

ComboFix 12-07-06.02 - pc 6.07.2012. 20:33:22.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.387.1033.18.1917.1233 [GMT 2:00]
Running from: c:\users\pc\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\INSTALL.LOG
c:\program files\Web Assistant\ExTEnsion32.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\.lnk
C:\VDM6600.tmp
C:\VDM6601.tmp
c:\windows\Installer\{553fbb45-4741-ff5b-8786-639f24c476d4}\@
c:\windows\Installer\{553fbb45-4741-ff5b-8786-639f24c476d4}\U\00000001.@
c:\windows\Installer\{553fbb45-4741-ff5b-8786-639f24c476d4}\U\80000000.@
c:\windows\Installer\{553fbb45-4741-ff5b-8786-639f24c476d4}\U\800000cb.@
.
c:\windows\system32\services.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot
.
.
((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 18:39 . 2012-07-06 18:41 -------- d-----w- c:\users\pc\AppData\Local\temp
2012-07-06 18:39 . 2012-07-06 18:39 -------- d-----w- c:\users\dzovko\AppData\Local\temp
2012-07-06 18:39 . 2012-07-06 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 18:39 . 2012-07-06 18:39 -------- d-----w- c:\users\ctn\AppData\Local\temp
2012-07-06 18:39 . 2012-07-06 18:39 -------- d-----w- c:\users\bigbrother\AppData\Local\temp
2012-07-05 08:58 . 2012-07-05 08:58 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-29 08:50 . 2012-06-29 08:50 -------- d-----w- c:\users\pc\AppData\Roaming\Malwarebytes
2012-06-29 08:50 . 2012-06-29 08:50 -------- d-----w- c:\programdata\Malwarebytes
2012-06-28 15:26 . 2012-06-28 15:26 -------- d-----w- c:\program files\Common Files\Corel
2012-06-28 15:25 . 2012-06-28 15:25 -------- d-----w- c:\program files\Common Files\Protexis
2012-06-28 15:18 . 2012-06-28 15:18 -------- d-----w- c:\program files\Corel
2012-06-28 02:25 . 2012-06-28 02:25 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-27 02:12 . 2004-06-17 10:01 2260992 ----a-w- c:\program files\WWIISniper.exe
2012-06-27 02:12 . 2004-08-12 11:58 1814528 ----a-w- c:\program files\Lithtech.exe
2012-06-27 02:11 . 2012-06-27 02:11 -------- d-----w- c:\program files\Profiles
2012-06-27 02:11 . 2003-08-08 13:31 405504 ----a-w- c:\program files\Server.dll
2012-06-27 02:11 . 2001-09-28 15:00 164864 ----a-w- c:\program files\UNWISE.EXE
2012-06-26 00:10 . 2012-06-28 02:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-26 00:10 . 2012-06-28 02:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-25 09:08 . 2012-06-25 09:08 -------- d-----w- c:\program files\Smart Projects
2012-06-23 09:08 . 2012-06-28 05:55 -------- d-----w- c:\program files\JDownloader
2012-06-22 09:50 . 2012-06-22 09:50 -------- d-----w- c:\users\pc\AppData\Roaming\WinAVI
2012-06-22 09:50 . 2012-06-22 09:50 -------- d-----w- c:\users\pc\AppData\Local\WinAVI
2012-06-22 09:34 . 2012-06-22 09:34 -------- d-----w- c:\users\pc\AppData\Roaming\AVS4YOU
2012-06-22 09:34 . 2012-06-22 09:34 -------- d-----w- c:\programdata\AVS4YOU
2012-06-22 09:33 . 2012-06-22 10:05 -------- d-----w- c:\program files\Common Files\AVSMedia
2012-06-22 09:33 . 2011-06-23 18:24 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2012-06-22 09:33 . 2011-06-23 18:24 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-06-22 09:33 . 2012-06-22 10:05 -------- d-----w- c:\program files\AVS4YOU
2012-06-22 09:29 . 2012-06-22 09:29 -------- d-----w- c:\program files\uTorrent
2012-06-22 09:28 . 2012-07-05 07:55 -------- d-----w- c:\users\pc\AppData\Roaming\uTorrent
2012-06-17 23:40 . 2012-06-27 03:17 -------- d-----w- c:\programdata\Big Fish Games
2012-06-17 18:52 . 2012-06-17 18:52 -------- d-----w- c:\users\pc\AppData\Local\Macromedia
2012-06-17 18:30 . 2012-06-17 18:35 -------- d-----w- c:\users\pc\AppData\Roaming\DMCache
2012-06-15 23:16 . 2012-06-15 23:20 -------- d-----w- c:\programdata\Protexis
2012-06-15 23:16 . 2012-06-15 23:16 -------- d-----w- c:\users\pc\AppData\Roaming\Corel
2012-06-15 23:10 . 2012-06-15 23:10 -------- d-----w- c:\program files\Microsoft SDKs
2012-06-15 23:10 . 2012-06-15 23:11 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-06-15 23:09 . 2012-06-28 15:25 -------- d-----w- c:\programdata\Corel
2012-06-07 08:47 . 2012-06-07 08:47 -------- d-----w- c:\program files\Application Updater
2012-06-07 08:47 . 2012-06-07 08:47 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2012-06-07 08:47 . 2012-06-07 08:47 -------- d-----w- c:\program files\Common Files\Spigot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 21:03 . 2012-05-11 14:15 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-08-09 3076144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe" [2011-04-04 280824]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
c:\users\ctn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-3-1 576000]
.
c:\users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [N/A]
iVMS-4000(v2.0).lnk - c:\program files\iVMS-4000(v2.0)\NetAppSoft.exe [2011-4-5 8327168]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 gupdate;Usluga Google ažuriranje (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.362.0\SeaPort.exe [x]
R3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.362.0\BBSvc.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 02:21]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-16 12:49]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-16 12:49]
.
.
------- Supplementary Scan -------
.
uStart Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxp://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2
mStart Page = hxxp://startsear.ch/?aff=1&cf=f9388a60-3486-11e1-bc77-4487fcf8aa7e
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
TCP: Interfaces\{062F7739-7E59-41FA-A804-0DC890724D6C}: NameServer = 212.39.98.161,212.39.98.162
DPF: {CAFCF48D-8E34-4490-8154-026191D73924} - hxxp://192.168.120.81/codebase/NetVideoActiveX_V23.cab
FF - ProfilePath - c:\users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\502dw7pr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-Media Finder - c:\program files\Media Finder\Media Finder.exe
AddRemove-FoxTab Video Converter - c:\program files\FoxTabVideoConverter\Uninstall\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-07-06 20:46:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-06 18:46
.
Pre-Run: 355.555.160.064 bytes free
Post-Run: 360.280.850.432 bytes free
.
- - End Of File - - 803586A4F22A57FCAE906E52DA56C636


And this appeared first on my desktop after starting Combofix:

File "C:\32788R22FWJFW\MT_services.exe.tmp" added successfully

Notepad file called "catchme"



2. After downloading Combofix and turning off antivirus and all programs I started Combofix and nothing happened. I restarted my machine and it all started properly, I hope so.

3. I have done this one hour ago maybe and alert from first post of this thread didn't happen yet. My Avast quarantine is still empty, and Sirefef was there moments after I turn on the machine before doing all this. That's what I can see. Anything special should happen?

Thank you for your efforts mate! I appreciate it a lot.

- Dzemil

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:32 PM

Posted 07 July 2012 - 12:05 AM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Dzemil

Dzemil
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 07 July 2012 - 12:53 PM

Hello. I have some problems in here. I downloaded Farbar Scan Tool and save it on a flash drive. And all the process is fine until I type f:\frst.exe in a command window. This message appears: F is not recognized as an internal or external command, operable program or batch file.

Here's the photo of my flash drive letter, is that fine?

http://tinypic.com/r/2rpr714/6

Question: Should I double click "FRST" icon on my flash before restarting computer? I suppose I shouldn't because you didn't wrote it, but .. :(

Thank you.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:32 PM

Posted 07 July 2012 - 02:50 PM

Greetings


reread the instructions - you need to find the drive letter while you are in the recovery environment - it may change that is why it needs to be done that way


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Dzemil

Dzemil
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 07 July 2012 - 06:16 PM

I am doing exactly what is written. Only disk C and disk D are renamed (C is D and D is C in recovery environment). Flash drive letter is F in both cases. I really don't have any idea.

:(

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:32 PM

Posted 07 July 2012 - 08:24 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
services.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Dzemil

Dzemil
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 07 July 2012 - 08:51 PM


Here's the notepad content:


SystemLook 30.07.11 by jpshortstuff
Log created at 03:49 on 08/07/2012 by pc
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe "
C:\Windows\erdnt\cache\services.exe --a---- 259072 bytes [18:45 06/07/2012] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
C:\Windows\System32\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

-= EOF =-

Thank you.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:32 PM

Posted 07 July 2012 - 08:58 PM

Greetings

that looks good - combofix did its job anyway

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Dzemil

Dzemil
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 07 July 2012 - 09:20 PM

Here's the TDSSKiller report:


04:04:14.0830 1396 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
04:04:15.0027 1396 ============================================================
04:04:15.0027 1396 Current date / time: 2012/07/08 04:04:15.0027
04:04:15.0027 1396 SystemInfo:
04:04:15.0027 1396
04:04:15.0027 1396 OS Version: 6.1.7600 ServicePack: 0.0
04:04:15.0027 1396 Product type: Workstation
04:04:15.0027 1396 ComputerName: VIDEOPC
04:04:15.0028 1396 UserName: pc
04:04:15.0028 1396 Windows directory: C:\Windows
04:04:15.0028 1396 System windows directory: C:\Windows
04:04:15.0028 1396 Processor architecture: Intel x86
04:04:15.0028 1396 Number of processors: 2
04:04:15.0028 1396 Page size: 0x1000
04:04:15.0028 1396 Boot type: Normal boot
04:04:15.0028 1396 ============================================================
04:04:15.0898 1396 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
04:04:15.0901 1396 Drive \Device\Harddisk1\DR1 - Size: 0xF1800000 (3.77 Gb), SectorSize: 0x200, Cylinders: 0x1EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
04:04:15.0902 1396 ============================================================
04:04:15.0902 1396 \Device\Harddisk0\DR0:
04:04:15.0902 1396 MBR partitions:
04:04:15.0902 1396 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
04:04:15.0902 1396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
04:04:15.0902 1396 \Device\Harddisk1\DR1:
04:04:15.0903 1396 MBR partitions:
04:04:15.0903 1396 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x78BFE0
04:04:15.0903 1396 ============================================================
04:04:15.0919 1396 C: <-> \Device\Harddisk0\DR0\Partition1
04:04:15.0919 1396 ============================================================
04:04:15.0919 1396 Initialize success
04:04:15.0919 1396 ============================================================
04:04:17.0440 3172 ============================================================
04:04:17.0440 3172 Scan started
04:04:17.0440 3172 Mode: Manual;
04:04:17.0440 3172 ============================================================
04:04:18.0652 3172 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
04:04:18.0657 3172 1394ohci - ok
04:04:18.0683 3172 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
04:04:18.0686 3172 ACPI - ok
04:04:18.0707 3172 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
04:04:18.0708 3172 AcpiPmi - ok
04:04:18.0762 3172 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
04:04:18.0765 3172 AdobeFlashPlayerUpdateSvc - ok
04:04:18.0804 3172 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
04:04:18.0808 3172 adp94xx - ok
04:04:18.0824 3172 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
04:04:18.0828 3172 adpahci - ok
04:04:18.0840 3172 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
04:04:18.0842 3172 adpu320 - ok
04:04:18.0878 3172 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
04:04:18.0879 3172 AeLookupSvc - ok
04:04:18.0922 3172 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
04:04:18.0926 3172 AFD - ok
04:04:18.0941 3172 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
04:04:18.0943 3172 agp440 - ok
04:04:18.0962 3172 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
04:04:18.0964 3172 aic78xx - ok
04:04:18.0971 3172 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
04:04:18.0973 3172 ALG - ok
04:04:18.0984 3172 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
04:04:18.0985 3172 aliide - ok
04:04:18.0999 3172 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
04:04:19.0000 3172 amdagp - ok
04:04:19.0014 3172 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
04:04:19.0015 3172 amdide - ok
04:04:19.0037 3172 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
04:04:19.0039 3172 AmdK8 - ok
04:04:19.0051 3172 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
04:04:19.0053 3172 AmdPPM - ok
04:04:19.0072 3172 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
04:04:19.0074 3172 amdsata - ok
04:04:19.0092 3172 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
04:04:19.0094 3172 amdsbs - ok
04:04:19.0104 3172 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
04:04:19.0105 3172 amdxata - ok
04:04:19.0118 3172 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
04:04:19.0120 3172 AppID - ok
04:04:19.0143 3172 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
04:04:19.0144 3172 AppIDSvc - ok
04:04:19.0160 3172 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
04:04:19.0161 3172 Appinfo - ok
04:04:19.0277 3172 Application Updater (ba916091087e6be21d3c30eec71ed338) C:\Program Files\Application Updater\ApplicationUpdater.exe
04:04:19.0282 3172 Application Updater - ok
04:04:19.0308 3172 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
04:04:19.0311 3172 AppMgmt - ok
04:04:19.0344 3172 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
04:04:19.0346 3172 arc - ok
04:04:19.0360 3172 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
04:04:19.0362 3172 arcsas - ok
04:04:19.0446 3172 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
04:04:19.0447 3172 aspnet_state - ok
04:04:19.0467 3172 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
04:04:19.0481 3172 AsyncMac - ok
04:04:19.0488 3172 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
04:04:19.0489 3172 atapi - ok
04:04:19.0526 3172 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
04:04:19.0532 3172 AudioEndpointBuilder - ok
04:04:19.0538 3172 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
04:04:19.0542 3172 Audiosrv - ok
04:04:19.0653 3172 Autodesk Content Service (1992c2a1867d95aa3a0802539358d162) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
04:04:19.0655 3172 Autodesk Content Service - ok
04:04:19.0684 3172 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
04:04:19.0687 3172 AxInstSV - ok
04:04:19.0732 3172 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
04:04:19.0739 3172 b06bdrv - ok
04:04:19.0773 3172 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
04:04:19.0813 3172 b57nd60x - ok
04:04:19.0878 3172 BBSvc (47480f4260dae9aa589bcaf924b3767a) C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.exe
04:04:19.0881 3172 BBSvc - ok
04:04:19.0911 3172 BBUpdate (6bf743cbf3bcd09dab79245e60e1ae62) C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe
04:04:19.0913 3172 BBUpdate - ok
04:04:19.0938 3172 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
04:04:19.0941 3172 BDESVC - ok
04:04:19.0957 3172 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
04:04:19.0959 3172 Beep - ok
04:04:19.0994 3172 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
04:04:20.0001 3172 BFE - ok
04:04:20.0026 3172 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
04:04:20.0051 3172 blbdrive - ok
04:04:20.0061 3172 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
04:04:20.0063 3172 bowser - ok
04:04:20.0075 3172 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
04:04:20.0077 3172 BrFiltLo - ok
04:04:20.0081 3172 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
04:04:20.0082 3172 BrFiltUp - ok
04:04:20.0099 3172 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
04:04:20.0125 3172 BridgeMP - ok
04:04:20.0146 3172 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
04:04:20.0148 3172 Browser - ok
04:04:20.0161 3172 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
04:04:20.0164 3172 Brserid - ok
04:04:20.0176 3172 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
04:04:20.0177 3172 BrSerWdm - ok
04:04:20.0191 3172 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
04:04:20.0192 3172 BrUsbMdm - ok
04:04:20.0203 3172 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
04:04:20.0205 3172 BrUsbSer - ok
04:04:20.0215 3172 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
04:04:20.0216 3172 BTHMODEM - ok
04:04:20.0240 3172 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
04:04:20.0242 3172 bthserv - ok
04:04:20.0340 3172 catchme - ok
04:04:20.0377 3172 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
04:04:20.0379 3172 cdfs - ok
04:04:20.0407 3172 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
04:04:20.0434 3172 cdrom - ok
04:04:20.0453 3172 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
04:04:20.0455 3172 CertPropSvc - ok
04:04:20.0462 3172 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
04:04:20.0464 3172 circlass - ok
04:04:20.0485 3172 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
04:04:20.0488 3172 CLFS - ok
04:04:20.0563 3172 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:04:20.0566 3172 clr_optimization_v2.0.50727_32 - ok
04:04:20.0605 3172 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:04:20.0608 3172 clr_optimization_v4.0.30319_32 - ok
04:04:20.0627 3172 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
04:04:20.0628 3172 CmBatt - ok
04:04:20.0636 3172 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
04:04:20.0637 3172 cmdide - ok
04:04:20.0654 3172 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
04:04:20.0658 3172 CNG - ok
04:04:20.0668 3172 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
04:04:20.0669 3172 Compbatt - ok
04:04:20.0681 3172 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
04:04:20.0684 3172 CompositeBus - ok
04:04:20.0696 3172 COMSysApp - ok
04:04:20.0710 3172 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
04:04:20.0712 3172 crcdisk - ok
04:04:20.0735 3172 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
04:04:20.0737 3172 CryptSvc - ok
04:04:20.0770 3172 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
04:04:20.0800 3172 CSC - ok
04:04:20.0827 3172 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
04:04:20.0833 3172 CscService - ok
04:04:20.0858 3172 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
04:04:20.0863 3172 DcomLaunch - ok
04:04:20.0880 3172 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
04:04:20.0884 3172 defragsvc - ok
04:04:20.0926 3172 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
04:04:20.0927 3172 DfsC - ok
04:04:20.0950 3172 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
04:04:20.0953 3172 Dhcp - ok
04:04:20.0969 3172 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
04:04:20.0970 3172 discache - ok
04:04:20.0993 3172 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
04:04:20.0995 3172 Disk - ok
04:04:21.0018 3172 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
04:04:21.0020 3172 Dnscache - ok
04:04:21.0035 3172 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
04:04:21.0038 3172 dot3svc - ok
04:04:21.0071 3172 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
04:04:21.0086 3172 Dot4 - ok
04:04:21.0122 3172 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
04:04:21.0136 3172 Dot4Print - ok
04:04:21.0152 3172 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
04:04:21.0178 3172 dot4usb - ok
04:04:21.0196 3172 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
04:04:21.0198 3172 DPS - ok
04:04:21.0221 3172 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
04:04:21.0235 3172 drmkaud - ok
04:04:21.0276 3172 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
04:04:21.0289 3172 DXGKrnl - ok
04:04:21.0328 3172 eamonm (04238864710460c5682e260207d06192) C:\Windows\system32\DRIVERS\eamonm.sys
04:04:21.0330 3172 eamonm - ok
04:04:21.0345 3172 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
04:04:21.0347 3172 EapHost - ok
04:04:21.0435 3172 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
04:04:21.0482 3172 ebdrv - ok
04:04:21.0563 3172 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
04:04:21.0566 3172 EFS - ok
04:04:21.0590 3172 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\Windows\system32\DRIVERS\ehdrv.sys
04:04:21.0608 3172 ehdrv - ok
04:04:21.0657 3172 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
04:04:21.0663 3172 ehRecvr - ok
04:04:21.0690 3172 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
04:04:21.0692 3172 ehSched - ok
04:04:21.0749 3172 ekrn (f0eebac2f362aa866188a1c0ef819cb9) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
04:04:21.0755 3172 ekrn - ok
04:04:21.0818 3172 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
04:04:21.0823 3172 elxstor - ok
04:04:21.0884 3172 epfw (5ba193ca0ae31209aaa39939ce6736b2) C:\Windows\system32\DRIVERS\epfw.sys
04:04:21.0901 3172 epfw - ok
04:04:21.0926 3172 EpfwLWF (9cefd59c8e5ebfb48165aef54617f539) C:\Windows\system32\DRIVERS\EpfwLWF.sys
04:04:21.0953 3172 EpfwLWF - ok
04:04:21.0972 3172 epfwwfp (7144a06ac105a2a7302944602e415ec1) C:\Windows\system32\DRIVERS\epfwwfp.sys
04:04:21.0974 3172 epfwwfp - ok
04:04:21.0980 3172 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
04:04:21.0981 3172 ErrDev - ok
04:04:22.0019 3172 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
04:04:22.0023 3172 EventSystem - ok
04:04:22.0047 3172 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
04:04:22.0049 3172 exfat - ok
04:04:22.0061 3172 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
04:04:22.0064 3172 fastfat - ok
04:04:22.0097 3172 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
04:04:22.0103 3172 Fax - ok
04:04:22.0112 3172 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
04:04:22.0114 3172 fdc - ok
04:04:22.0125 3172 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
04:04:22.0128 3172 fdPHost - ok
04:04:22.0140 3172 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
04:04:22.0142 3172 FDResPub - ok
04:04:22.0152 3172 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
04:04:22.0154 3172 FileInfo - ok
04:04:22.0166 3172 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
04:04:22.0180 3172 Filetrace - ok
04:04:22.0235 3172 FLEXnet Licensing Service (73081cf28f0ae20a52ca4f67cee6e6b0) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
04:04:22.0246 3172 FLEXnet Licensing Service - ok
04:04:22.0258 3172 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
04:04:22.0259 3172 flpydisk - ok
04:04:22.0279 3172 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
04:04:22.0283 3172 FltMgr - ok
04:04:22.0319 3172 FontCache (151258fc2ec8c48bdf8a53350ae0a676) C:\Windows\system32\FntCache.dll
04:04:22.0327 3172 FontCache - ok
04:04:22.0375 3172 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
04:04:22.0387 3172 FontCache3.0.0.0 - ok
04:04:22.0414 3172 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
04:04:22.0429 3172 FsDepends - ok
04:04:22.0442 3172 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
04:04:22.0443 3172 Fs_Rec - ok
04:04:22.0483 3172 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
04:04:22.0484 3172 fvevol - ok
04:04:22.0499 3172 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
04:04:22.0501 3172 gagp30kx - ok
04:04:22.0533 3172 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
04:04:22.0539 3172 gpsvc - ok
04:04:22.0651 3172 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
04:04:22.0652 3172 gupdate - ok
04:04:22.0656 3172 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
04:04:22.0659 3172 gupdatem - ok
04:04:22.0680 3172 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
04:04:22.0681 3172 hcw85cir - ok
04:04:22.0713 3172 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
04:04:22.0767 3172 HdAudAddService - ok
04:04:22.0796 3172 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:04:22.0797 3172 HDAudBus - ok
04:04:22.0812 3172 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
04:04:22.0813 3172 HidBatt - ok
04:04:22.0827 3172 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
04:04:22.0829 3172 HidBth - ok
04:04:22.0847 3172 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
04:04:22.0849 3172 HidIr - ok
04:04:22.0866 3172 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
04:04:22.0867 3172 hidserv - ok
04:04:22.0884 3172 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
04:04:22.0898 3172 HidUsb - ok
04:04:22.0911 3172 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
04:04:22.0913 3172 hkmsvc - ok
04:04:22.0929 3172 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
04:04:22.0932 3172 HomeGroupListener - ok
04:04:22.0949 3172 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
04:04:22.0952 3172 HomeGroupProvider - ok
04:04:22.0977 3172 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
04:04:22.0979 3172 HpSAMD - ok
04:04:23.0008 3172 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
04:04:23.0014 3172 HTTP - ok
04:04:23.0024 3172 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
04:04:23.0025 3172 hwpolicy - ok
04:04:23.0037 3172 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
04:04:23.0039 3172 i8042prt - ok
04:04:23.0061 3172 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
04:04:23.0065 3172 iaStorV - ok
04:04:23.0149 3172 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
04:04:23.0159 3172 idsvc - ok
04:04:23.0301 3172 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
04:04:23.0383 3172 igfx - ok
04:04:23.0476 3172 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
04:04:23.0478 3172 iirsp - ok
04:04:23.0522 3172 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
04:04:23.0553 3172 IKEEXT - ok
04:04:23.0564 3172 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
04:04:23.0566 3172 intelide - ok
04:04:23.0590 3172 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
04:04:23.0592 3172 intelppm - ok
04:04:23.0602 3172 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
04:04:23.0606 3172 IPBusEnum - ok
04:04:23.0618 3172 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:04:23.0640 3172 IpFilterDriver - ok
04:04:23.0674 3172 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
04:04:23.0680 3172 iphlpsvc - ok
04:04:23.0691 3172 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
04:04:23.0693 3172 IPMIDRV - ok
04:04:23.0708 3172 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
04:04:23.0736 3172 IPNAT - ok
04:04:23.0751 3172 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
04:04:23.0765 3172 IRENUM - ok
04:04:23.0777 3172 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
04:04:23.0779 3172 isapnp - ok
04:04:23.0797 3172 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
04:04:23.0800 3172 iScsiPrt - ok
04:04:23.0825 3172 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
04:04:23.0840 3172 kbdclass - ok
04:04:23.0860 3172 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
04:04:23.0885 3172 kbdhid - ok
04:04:23.0911 3172 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
04:04:23.0913 3172 KeyIso - ok
04:04:23.0927 3172 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
04:04:23.0928 3172 KSecDD - ok
04:04:23.0961 3172 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
04:04:23.0964 3172 KSecPkg - ok
04:04:23.0982 3172 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
04:04:23.0987 3172 KtmRm - ok
04:04:24.0018 3172 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
04:04:24.0023 3172 LanmanServer - ok
04:04:24.0045 3172 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
04:04:24.0050 3172 LanmanWorkstation - ok
04:04:24.0074 3172 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
04:04:24.0091 3172 lltdio - ok
04:04:24.0117 3172 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
04:04:24.0121 3172 lltdsvc - ok
04:04:24.0129 3172 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
04:04:24.0131 3172 lmhosts - ok
04:04:24.0155 3172 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
04:04:24.0157 3172 LSI_FC - ok
04:04:24.0163 3172 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
04:04:24.0165 3172 LSI_SAS - ok
04:04:24.0176 3172 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
04:04:24.0178 3172 LSI_SAS2 - ok
04:04:24.0190 3172 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
04:04:24.0192 3172 LSI_SCSI - ok
04:04:24.0205 3172 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
04:04:24.0207 3172 luafv - ok
04:04:24.0246 3172 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
04:04:24.0248 3172 MBAMSwissArmy - ok
04:04:24.0276 3172 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
04:04:24.0303 3172 mcdbus - ok
04:04:24.0323 3172 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
04:04:24.0327 3172 Mcx2Svc - ok
04:04:24.0349 3172 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
04:04:24.0350 3172 megasas - ok
04:04:24.0378 3172 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
04:04:24.0381 3172 MegaSR - ok
04:04:24.0434 3172 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
04:04:24.0436 3172 Microsoft Office Groove Audit Service - ok
04:04:24.0456 3172 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
04:04:24.0458 3172 MMCSS - ok
04:04:24.0465 3172 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
04:04:24.0479 3172 Modem - ok
04:04:24.0497 3172 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
04:04:24.0498 3172 monitor - ok
04:04:24.0507 3172 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
04:04:24.0522 3172 mouclass - ok
04:04:24.0546 3172 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
04:04:24.0560 3172 mouhid - ok
04:04:24.0571 3172 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
04:04:24.0572 3172 mountmgr - ok
04:04:24.0639 3172 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
04:04:24.0643 3172 MozillaMaintenance - ok
04:04:24.0660 3172 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
04:04:24.0664 3172 mpio - ok
04:04:24.0676 3172 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
04:04:24.0709 3172 mpsdrv - ok
04:04:24.0747 3172 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
04:04:24.0754 3172 MpsSvc - ok
04:04:24.0768 3172 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
04:04:24.0770 3172 MRxDAV - ok
04:04:24.0807 3172 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:04:24.0809 3172 mrxsmb - ok
04:04:24.0826 3172 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:04:24.0829 3172 mrxsmb10 - ok
04:04:24.0843 3172 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:04:24.0845 3172 mrxsmb20 - ok
04:04:24.0855 3172 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
04:04:24.0857 3172 msahci - ok
04:04:24.0870 3172 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
04:04:24.0872 3172 msdsm - ok
04:04:24.0888 3172 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
04:04:24.0892 3172 MSDTC - ok
04:04:24.0922 3172 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
04:04:24.0924 3172 Msfs - ok
04:04:24.0930 3172 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
04:04:24.0932 3172 mshidkmdf - ok
04:04:24.0942 3172 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
04:04:24.0943 3172 msisadrv - ok
04:04:24.0975 3172 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
04:04:24.0978 3172 MSiSCSI - ok
04:04:24.0981 3172 msiserver - ok
04:04:25.0002 3172 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
04:04:25.0004 3172 MSKSSRV - ok
04:04:25.0012 3172 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
04:04:25.0026 3172 MSPCLOCK - ok
04:04:25.0035 3172 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
04:04:25.0037 3172 MSPQM - ok
04:04:25.0048 3172 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
04:04:25.0051 3172 MsRPC - ok
04:04:25.0069 3172 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
04:04:25.0070 3172 mssmbios - ok
04:04:25.0074 3172 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
04:04:25.0087 3172 MSTEE - ok
04:04:25.0091 3172 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
04:04:25.0092 3172 MTConfig - ok
04:04:25.0106 3172 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
04:04:25.0108 3172 Mup - ok
04:04:25.0135 3172 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
04:04:25.0140 3172 napagent - ok
04:04:25.0170 3172 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
04:04:25.0173 3172 NativeWifiP - ok
04:04:25.0204 3172 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
04:04:25.0211 3172 NDIS - ok
04:04:25.0233 3172 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
04:04:25.0247 3172 NdisCap - ok
04:04:25.0258 3172 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
04:04:25.0261 3172 NdisTapi - ok
04:04:25.0287 3172 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
04:04:25.0288 3172 Ndisuio - ok
04:04:25.0305 3172 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
04:04:25.0320 3172 NdisWan - ok
04:04:25.0332 3172 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
04:04:25.0333 3172 NDProxy - ok
04:04:25.0343 3172 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
04:04:25.0344 3172 NetBIOS - ok
04:04:25.0360 3172 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
04:04:25.0362 3172 NetBT - ok
04:04:25.0373 3172 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
04:04:25.0375 3172 Netlogon - ok
04:04:25.0407 3172 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
04:04:25.0412 3172 Netman - ok
04:04:25.0478 3172 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
04:04:25.0481 3172 NetMsmqActivator - ok
04:04:25.0488 3172 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
04:04:25.0490 3172 NetPipeActivator - ok
04:04:25.0508 3172 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
04:04:25.0514 3172 netprofm - ok
04:04:25.0521 3172 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
04:04:25.0523 3172 NetTcpActivator - ok
04:04:25.0527 3172 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
04:04:25.0529 3172 NetTcpPortSharing - ok
04:04:25.0557 3172 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
04:04:25.0559 3172 nfrd960 - ok
04:04:25.0576 3172 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
04:04:25.0580 3172 NlaSvc - ok
04:04:25.0589 3172 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
04:04:25.0590 3172 Npfs - ok
04:04:25.0599 3172 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
04:04:25.0601 3172 nsi - ok
04:04:25.0611 3172 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
04:04:25.0612 3172 nsiproxy - ok
04:04:25.0654 3172 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
04:04:25.0672 3172 Ntfs - ok
04:04:25.0687 3172 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
04:04:25.0688 3172 Null - ok
04:04:25.0699 3172 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
04:04:25.0701 3172 nvraid - ok
04:04:25.0715 3172 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
04:04:25.0719 3172 nvstor - ok
04:04:25.0727 3172 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
04:04:25.0729 3172 nv_agp - ok
04:04:25.0822 3172 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
04:04:25.0828 3172 odserv - ok
04:04:25.0847 3172 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
04:04:25.0849 3172 ohci1394 - ok
04:04:25.0872 3172 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:04:25.0875 3172 ose - ok
04:04:25.0912 3172 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
04:04:25.0919 3172 p2pimsvc - ok
04:04:25.0953 3172 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
04:04:25.0961 3172 p2psvc - ok
04:04:25.0981 3172 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
04:04:25.0983 3172 Parport - ok
04:04:25.0991 3172 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
04:04:25.0993 3172 partmgr - ok
04:04:26.0007 3172 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
04:04:26.0008 3172 Parvdm - ok
04:04:26.0018 3172 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
04:04:26.0022 3172 PcaSvc - ok
04:04:26.0034 3172 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
04:04:26.0037 3172 pci - ok
04:04:26.0049 3172 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
04:04:26.0050 3172 pciide - ok
04:04:26.0070 3172 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
04:04:26.0072 3172 pcmcia - ok
04:04:26.0086 3172 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
04:04:26.0087 3172 pcw - ok
04:04:26.0154 3172 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
04:04:26.0173 3172 PEAUTH - ok
04:04:26.0241 3172 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
04:04:26.0253 3172 PeerDistSvc - ok
04:04:26.0328 3172 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
04:04:26.0359 3172 pla - ok
04:04:26.0467 3172 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
04:04:26.0476 3172 PlugPlay - ok
04:04:26.0520 3172 Pml Driver HPZ12 (13fbe33e8ab8284c6a3c6ce86fa59ea0) C:\Windows\system32\HPZipm12.dll
04:04:26.0523 3172 Pml Driver HPZ12 - ok
04:04:26.0544 3172 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
04:04:26.0547 3172 PNRPAutoReg - ok
04:04:26.0570 3172 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
04:04:26.0574 3172 PNRPsvc - ok
04:04:26.0602 3172 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
04:04:26.0608 3172 PolicyAgent - ok
04:04:26.0634 3172 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
04:04:26.0639 3172 Power - ok
04:04:26.0681 3172 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
04:04:26.0701 3172 PptpMiniport - ok
04:04:26.0718 3172 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
04:04:26.0720 3172 Processor - ok
04:04:26.0745 3172 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
04:04:26.0749 3172 ProfSvc - ok
04:04:26.0776 3172 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
04:04:26.0777 3172 ProtectedStorage - ok
04:04:26.0793 3172 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
04:04:26.0794 3172 Psched - ok
04:04:26.0855 3172 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
04:04:26.0859 3172 PSI_SVC_2 - ok
04:04:26.0915 3172 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
04:04:26.0947 3172 ql2300 - ok
04:04:27.0044 3172 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
04:04:27.0047 3172 ql40xx - ok
04:04:27.0073 3172 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
04:04:27.0079 3172 QWAVE - ok
04:04:27.0091 3172 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
04:04:27.0093 3172 QWAVEdrv - ok
04:04:27.0107 3172 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
04:04:27.0132 3172 RasAcd - ok
04:04:27.0153 3172 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
04:04:27.0168 3172 RasAgileVpn - ok
04:04:27.0183 3172 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
04:04:27.0186 3172 RasAuto - ok
04:04:27.0200 3172 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:04:27.0215 3172 Rasl2tp - ok
04:04:27.0239 3172 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
04:04:27.0244 3172 RasMan - ok
04:04:27.0257 3172 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
04:04:27.0272 3172 RasPppoe - ok
04:04:27.0288 3172 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
04:04:27.0304 3172 RasSstp - ok
04:04:27.0318 3172 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
04:04:27.0322 3172 rdbss - ok
04:04:27.0335 3172 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
04:04:27.0349 3172 rdpbus - ok
04:04:27.0360 3172 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:04:27.0361 3172 RDPCDD - ok
04:04:27.0387 3172 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
04:04:27.0391 3172 RDPDR - ok
04:04:27.0442 3172 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
04:04:27.0443 3172 RDPENCDD - ok
04:04:27.0462 3172 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
04:04:27.0463 3172 RDPREFMP - ok
04:04:27.0477 3172 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
04:04:27.0480 3172 RDPWD - ok
04:04:27.0507 3172 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
04:04:27.0510 3172 rdyboost - ok
04:04:27.0535 3172 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
04:04:27.0538 3172 RemoteAccess - ok
04:04:27.0563 3172 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
04:04:27.0567 3172 RemoteRegistry - ok
04:04:27.0587 3172 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
04:04:27.0590 3172 RpcEptMapper - ok
04:04:27.0599 3172 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
04:04:27.0601 3172 RpcLocator - ok
04:04:27.0620 3172 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
04:04:27.0624 3172 RpcSs - ok
04:04:27.0652 3172 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
04:04:27.0679 3172 rspndr - ok
04:04:27.0707 3172 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
04:04:27.0723 3172 RTL8167 - ok
04:04:27.0743 3172 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
04:04:27.0745 3172 s3cap - ok
04:04:27.0767 3172 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
04:04:27.0768 3172 SamSs - ok
04:04:27.0790 3172 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
04:04:27.0792 3172 sbp2port - ok
04:04:27.0818 3172 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
04:04:27.0822 3172 SCardSvr - ok
04:04:27.0837 3172 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
04:04:27.0839 3172 scfilter - ok
04:04:27.0894 3172 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
04:04:27.0907 3172 Schedule - ok
04:04:27.0930 3172 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
04:04:27.0931 3172 SCPolicySvc - ok
04:04:27.0944 3172 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
04:04:27.0950 3172 SDRSVC - ok
04:04:27.0969 3172 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
04:04:27.0971 3172 secdrv - ok
04:04:27.0979 3172 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
04:04:27.0984 3172 seclogon - ok
04:04:28.0001 3172 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
04:04:28.0005 3172 SENS - ok
04:04:28.0025 3172 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
04:04:28.0030 3172 SensrSvc - ok
04:04:28.0042 3172 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
04:04:28.0056 3172 Serenum - ok
04:04:28.0068 3172 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
04:04:28.0082 3172 Serial - ok
04:04:28.0090 3172 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
04:04:28.0092 3172 sermouse - ok
04:04:28.0115 3172 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
04:04:28.0118 3172 SessionEnv - ok
04:04:28.0176 3172 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
04:04:28.0178 3172 sffdisk - ok
04:04:28.0187 3172 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
04:04:28.0191 3172 sffp_mmc - ok
04:04:28.0201 3172 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
04:04:28.0203 3172 sffp_sd - ok
04:04:28.0226 3172 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
04:04:28.0227 3172 sfloppy - ok
04:04:28.0277 3172 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
04:04:28.0283 3172 SharedAccess - ok
04:04:28.0311 3172 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
04:04:28.0319 3172 ShellHWDetection - ok
04:04:28.0334 3172 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
04:04:28.0336 3172 sisagp - ok
04:04:28.0351 3172 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
04:04:28.0352 3172 SiSRaid2 - ok
04:04:28.0367 3172 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
04:04:28.0370 3172 SiSRaid4 - ok
04:04:28.0433 3172 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files\Skype\Updater\Updater.exe
04:04:28.0436 3172 SkypeUpdate - ok
04:04:28.0461 3172 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
04:04:28.0492 3172 Smb - ok
04:04:28.0525 3172 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
04:04:28.0527 3172 SNMPTRAP - ok
04:04:28.0550 3172 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
04:04:28.0551 3172 spldr - ok
04:04:28.0603 3172 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
04:04:28.0608 3172 Spooler - ok
04:04:28.0697 3172 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
04:04:28.0764 3172 sppsvc - ok
04:04:28.0843 3172 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
04:04:28.0849 3172 sppuinotify - ok
04:04:28.0897 3172 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
04:04:28.0901 3172 srv - ok
04:04:28.0931 3172 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
04:04:28.0936 3172 srv2 - ok
04:04:28.0953 3172 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
04:04:28.0956 3172 srvnet - ok
04:04:28.0970 3172 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
04:04:28.0976 3172 SSDPSRV - ok
04:04:28.0988 3172 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
04:04:28.0993 3172 SstpSvc - ok
04:04:29.0009 3172 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
04:04:29.0011 3172 stexstor - ok
04:04:29.0043 3172 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
04:04:29.0050 3172 StiSvc - ok
04:04:29.0070 3172 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
04:04:29.0072 3172 storflt - ok
04:04:29.0086 3172 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
04:04:29.0088 3172 storvsc - ok
04:04:29.0101 3172 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
04:04:29.0103 3172 swenum - ok
04:04:29.0124 3172 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
04:04:29.0129 3172 swprv - ok
04:04:29.0175 3172 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
04:04:29.0202 3172 SysMain - ok
04:04:29.0214 3172 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
04:04:29.0218 3172 TabletInputService - ok
04:04:29.0235 3172 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
04:04:29.0240 3172 TapiSrv - ok
04:04:29.0247 3172 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
04:04:29.0250 3172 TBS - ok
04:04:29.0333 3172 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
04:04:29.0359 3172 Tcpip - ok
04:04:29.0381 3172 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
04:04:29.0387 3172 TCPIP6 - ok
04:04:29.0413 3172 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
04:04:29.0427 3172 tcpipreg - ok
04:04:29.0440 3172 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
04:04:29.0455 3172 TDPIPE - ok
04:04:29.0460 3172 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
04:04:29.0474 3172 TDTCP - ok
04:04:29.0512 3172 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
04:04:29.0555 3172 tdx - ok
04:04:29.0745 3172 TeamViewer7 (74fc70ae64a7b7dabec9697ce0a1f4fa) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
04:04:29.0762 3172 TeamViewer7 - ok
04:04:29.0856 3172 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
04:04:29.0864 3172 TermDD - ok
04:04:29.0901 3172 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
04:04:29.0910 3172 TermService - ok
04:04:29.0953 3172 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
04:04:29.0956 3172 Themes - ok
04:04:30.0234 3172 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
04:04:30.0236 3172 THREADORDER - ok
04:04:30.0259 3172 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
04:04:30.0263 3172 TrkWks - ok
04:04:30.0300 3172 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
04:04:30.0302 3172 TrustedInstaller - ok
04:04:30.0311 3172 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:04:30.0349 3172 tssecsrv - ok
04:04:30.0391 3172 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
04:04:30.0446 3172 tunnel - ok
04:04:30.0460 3172 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
04:04:30.0462 3172 uagp35 - ok
04:04:30.0481 3172 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
04:04:30.0485 3172 udfs - ok
04:04:30.0513 3172 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
04:04:30.0517 3172 UI0Detect - ok
04:04:30.0538 3172 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
04:04:30.0540 3172 uliagpkx - ok
04:04:30.0550 3172 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
04:04:30.0565 3172 umbus - ok
04:04:30.0585 3172 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
04:04:30.0587 3172 UmPass - ok
04:04:30.0619 3172 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
04:04:30.0623 3172 UmRdpService - ok
04:04:30.0639 3172 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
04:04:30.0643 3172 upnphost - ok
04:04:30.0655 3172 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
04:04:30.0681 3172 usbccgp - ok
04:04:30.0698 3172 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
04:04:30.0700 3172 usbcir - ok
04:04:30.0708 3172 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
04:04:30.0723 3172 usbehci - ok
04:04:30.0762 3172 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
04:04:30.0779 3172 usbhub - ok
04:04:30.0792 3172 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
04:04:30.0794 3172 usbohci - ok
04:04:30.0800 3172 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
04:04:30.0802 3172 usbprint - ok
04:04:30.0831 3172 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
04:04:30.0845 3172 usbscan - ok
04:04:30.0855 3172 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:04:30.0857 3172 USBSTOR - ok
04:04:30.0868 3172 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
04:04:30.0882 3172 usbuhci - ok
04:04:30.0896 3172 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
04:04:30.0900 3172 UxSms - ok
04:04:30.0913 3172 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
04:04:30.0915 3172 VaultSvc - ok
04:04:30.0932 3172 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
04:04:30.0934 3172 vdrvroot - ok
04:04:30.0955 3172 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
04:04:30.0962 3172 vds - ok
04:04:30.0977 3172 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
04:04:30.0991 3172 vga - ok
04:04:31.0005 3172 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
04:04:31.0007 3172 VgaSave - ok
04:04:31.0020 3172 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
04:04:31.0023 3172 vhdmp - ok
04:04:31.0042 3172 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
04:04:31.0044 3172 viaagp - ok
04:04:31.0057 3172 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
04:04:31.0059 3172 ViaC7 - ok
04:04:31.0066 3172 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
04:04:31.0067 3172 viaide - ok
04:04:31.0090 3172 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
04:04:31.0094 3172 vmbus - ok
04:04:31.0107 3172 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
04:04:31.0110 3172 VMBusHID - ok
04:04:31.0121 3172 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
04:04:31.0122 3172 volmgr - ok
04:04:31.0144 3172 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
04:04:31.0147 3172 volmgrx - ok
04:04:31.0161 3172 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
04:04:31.0164 3172 volsnap - ok
04:04:31.0189 3172 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
04:04:31.0192 3172 vsmraid - ok
04:04:31.0240 3172 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
04:04:31.0252 3172 VSS - ok
04:04:31.0265 3172 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
04:04:31.0267 3172 vwifibus - ok
04:04:31.0288 3172 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
04:04:31.0293 3172 W32Time - ok
04:04:31.0309 3172 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
04:04:31.0311 3172 WacomPen - ok
04:04:31.0328 3172 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
04:04:31.0342 3172 WANARP - ok
04:04:31.0346 3172 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
04:04:31.0347 3172 Wanarpv6 - ok
04:04:31.0393 3172 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
04:04:31.0421 3172 wbengine - ok
04:04:31.0435 3172 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
04:04:31.0440 3172 WbioSrvc - ok
04:04:31.0463 3172 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
04:04:31.0470 3172 wcncsvc - ok
04:04:31.0482 3172 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
04:04:31.0486 3172 WcsPlugInService - ok
04:04:31.0532 3172 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
04:04:31.0534 3172 Wd - ok
04:04:31.0561 3172 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
04:04:31.0569 3172 Wdf01000 - ok
04:04:31.0587 3172 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
04:04:31.0593 3172 WdiServiceHost - ok
04:04:31.0598 3172 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
04:04:31.0606 3172 WdiSystemHost - ok
04:04:31.0663 3172 Web Assistant Updater (ce2c4578a8d8265a6c3fd131959ba2fa) C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
04:04:31.0666 3172 Web Assistant Updater - ok
04:04:31.0699 3172 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
04:04:31.0706 3172 WebClient - ok
04:04:31.0730 3172 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
04:04:31.0736 3172 Wecsvc - ok
04:04:31.0746 3172 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
04:04:31.0751 3172 wercplsupport - ok
04:04:31.0774 3172 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
04:04:31.0779 3172 WerSvc - ok
04:04:31.0802 3172 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
04:04:31.0826 3172 WfpLwf - ok
04:04:31.0841 3172 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
04:04:31.0859 3172 WIMMount - ok
04:04:31.0914 3172 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
04:04:31.0923 3172 WinDefend - ok
04:04:31.0935 3172 WinHttpAutoProxySvc - ok
04:04:31.0980 3172 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
04:04:31.0983 3172 Winmgmt - ok
04:04:32.0036 3172 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
04:04:32.0064 3172 WinRM - ok
04:04:32.0111 3172 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
04:04:32.0124 3172 Wlansvc - ok
04:04:32.0158 3172 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
04:04:32.0160 3172 WmiAcpi - ok
04:04:32.0208 3172 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
04:04:32.0212 3172 wmiApSrv - ok
04:04:32.0294 3172 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
04:04:32.0323 3172 WMPNetworkSvc - ok
04:04:32.0347 3172 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
04:04:32.0353 3172 WPCSvc - ok
04:04:32.0369 3172 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
04:04:32.0376 3172 WPDBusEnum - ok
04:04:32.0422 3172 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
04:04:32.0424 3172 ws2ifsl - ok
04:04:32.0462 3172 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
04:04:32.0470 3172 wscsvc - ok
04:04:32.0475 3172 WSearch - ok
04:04:32.0571 3172 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
04:04:32.0604 3172 wuauserv - ok
04:04:32.0696 3172 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
04:04:32.0726 3172 WudfPf - ok
04:04:32.0751 3172 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:04:32.0754 3172 WUDFRd - ok
04:04:32.0776 3172 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
04:04:32.0780 3172 wudfsvc - ok
04:04:32.0794 3172 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
04:04:32.0799 3172 WwanSvc - ok
04:04:32.0824 3172 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
04:04:33.0104 3172 \Device\Harddisk0\DR0 - ok
04:04:33.0112 3172 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
04:04:35.0071 3172 \Device\Harddisk1\DR1 - ok
04:04:35.0078 3172 Boot (0x1200) (c48225ae0d47b9421d64dc68d7b0f6a7) \Device\Harddisk0\DR0\Partition0
04:04:35.0080 3172 \Device\Harddisk0\DR0\Partition0 - ok
04:04:35.0091 3172 Boot (0x1200) (07c0764e8d734a5aca206488bcc0d5c1) \Device\Harddisk0\DR0\Partition1
04:04:35.0092 3172 \Device\Harddisk0\DR0\Partition1 - ok
04:04:35.0097 3172 Boot (0x1200) (f2db7e6bf1c47b58386ff232c85bdf26) \Device\Harddisk1\DR1\Partition0
04:04:35.0098 3172 \Device\Harddisk1\DR1\Partition0 - ok
04:04:35.0099 3172 ============================================================
04:04:35.0099 3172 Scan finished
04:04:35.0099 3172 ============================================================
04:04:35.0113 3452 Detected object count: 0
04:04:35.0114 3452 Actual detected object count: 0


Here's the aswMBR notepad content:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-08 04:08:26
-----------------------------
04:08:26.727 OS Version: Windows 6.1.7600
04:08:26.728 Number of processors: 2 586 0x170A
04:08:26.729 ComputerName: VIDEOPC UserName: pc
04:08:28.909 Initialize success
04:09:53.165 AVAST engine defs: 12070701
04:10:01.972 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
04:10:01.975 Disk 0 Vendor: ST3500418AS CC67 Size: 476940MB BusType: 3
04:10:01.979 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006c
04:10:01.985 Disk 1 Vendor: Size: 476940MB BusType: 0
04:10:02.009 Disk 0 MBR read successfully
04:10:02.012 Disk 0 MBR scan
04:10:02.018 Disk 0 Windows 7 default MBR code
04:10:02.024 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
04:10:02.036 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
04:10:02.043 Disk 0 scanning sectors +976771072
04:10:02.104 Disk 0 scanning C:\Windows\system32\drivers
04:10:14.801 Service scanning
04:10:33.972 Modules scanning
04:10:39.115 Disk 0 trace - called modules:
04:10:39.129
04:10:51.654 AVAST engine scan C:\Windows
04:10:55.799 AVAST engine scan C:\Windows\system32
04:13:29.090 AVAST engine scan C:\Windows\system32\drivers
04:13:38.805 AVAST engine scan C:\Users\pc
04:16:06.269 AVAST engine scan C:\ProgramData
04:18:35.769 Scan finished successfully
04:19:01.350 Disk 0 MBR has been saved successfully to "C:\Users\pc\Desktop\MBR.dat"
04:19:01.358 The log file has been saved successfully to "C:\Users\pc\Desktop\aswMBR.txt"


There were no any problems during these processes.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:32 PM

Posted 07 July 2012 - 09:28 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\YouTube Downloader Toolbar
c:\program files\Common Files\Spigot

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Dzemil

Dzemil
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 07 July 2012 - 09:55 PM

Report from ComboFix

ComboFix 12-07-07.04 - pc 8.07.2012. 4:41.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.387.1033.18.1917.1016 [GMT 2:00]
Running from: c:\users\pc\Desktop\ComboFix.exe
Command switches used :: c:\users\pc\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\GC\coupons_1.0.crx
c:\program files\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files\Common Files\Spigot\Search Settings\wth.dll
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ie.xml
c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\components\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\install.rdf
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9
c:\program files\Common Files\Spigot\wtxpcom\install.rdf
c:\program files\YouTube Downloader Toolbar
c:\program files\YouTube Downloader Toolbar\FF\chrome.manifest
c:\program files\YouTube Downloader Toolbar\FF\chrome\chrome.jar
c:\program files\YouTube Downloader Toolbar\FF\install.rdf
c:\program files\YouTube Downloader Toolbar\IE\5.8\config.ini
c:\program files\YouTube Downloader Toolbar\Res\amazon.gif
c:\program files\YouTube Downloader Toolbar\Res\dailymotion.gif
c:\program files\YouTube Downloader Toolbar\Res\dropinsavings.gif
c:\program files\YouTube Downloader Toolbar\Res\dropinsavingsabt.gif
c:\program files\YouTube Downloader Toolbar\Res\ebay.gif
c:\program files\YouTube Downloader Toolbar\Res\facebook.gif
c:\program files\YouTube Downloader Toolbar\Res\googleplus.gif
c:\program files\YouTube Downloader Toolbar\Res\hulu.gif
c:\program files\YouTube Downloader Toolbar\Res\icon_settings.gif
c:\program files\YouTube Downloader Toolbar\Res\Lang\res1031.ini
c:\program files\YouTube Downloader Toolbar\Res\Lang\res1033.ini
c:\program files\YouTube Downloader Toolbar\Res\Lang\res1034.ini
c:\program files\YouTube Downloader Toolbar\Res\Lang\res1036.ini
c:\program files\YouTube Downloader Toolbar\Res\Lang\res1040.ini
c:\program files\YouTube Downloader Toolbar\Res\metacafe.gif
c:\program files\YouTube Downloader Toolbar\Res\radio-close.gif
c:\program files\YouTube Downloader Toolbar\Res\radio-minimize.gif
c:\program files\YouTube Downloader Toolbar\Res\radiobeta.gif
c:\program files\YouTube Downloader Toolbar\Res\search-button-hover.gif
c:\program files\YouTube Downloader Toolbar\Res\search-button.gif
c:\program files\YouTube Downloader Toolbar\Res\search-chevron-hover.gif
c:\program files\YouTube Downloader Toolbar\Res\search-chevron.gif
c:\program files\YouTube Downloader Toolbar\Res\search_amazon.gif
c:\program files\YouTube Downloader Toolbar\Res\search_baidu.gif
c:\program files\YouTube Downloader Toolbar\Res\search_ebay.gif
c:\program files\YouTube Downloader Toolbar\Res\search_yahoo.gif
c:\program files\YouTube Downloader Toolbar\Res\search_yandex.gif
c:\program files\YouTube Downloader Toolbar\Res\search_youtube.gif
c:\program files\YouTube Downloader Toolbar\Res\twitter.gif
c:\program files\YouTube Downloader Toolbar\Res\veoh.gif
c:\program files\YouTube Downloader Toolbar\Res\widgets.xml
c:\program files\YouTube Downloader Toolbar\Res\youtube.gif
c:\program files\YouTube Downloader Toolbar\Res\ytd.gif
c:\program files\YouTube Downloader Toolbar\Res\ytd_logo.gif
c:\program files\YouTube Downloader Toolbar\Res\ytd_logo_hover.gif
c:\program files\YouTube Downloader Toolbar\WidgiHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))))
.
.
2012-07-08 02:46 . 2012-07-08 02:46 -------- d-----w- c:\users\dzovko\AppData\Local\temp
2012-07-08 02:46 . 2012-07-08 02:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-08 02:46 . 2012-07-08 02:46 -------- d-----w- c:\users\ctn\AppData\Local\temp
2012-07-08 02:46 . 2012-07-08 02:46 -------- d-----w- c:\users\bigbrother\AppData\Local\temp
2012-07-06 18:39 . 2012-07-08 02:46 -------- d-----w- c:\users\pc\AppData\Local\temp
2012-07-05 08:58 . 2012-07-05 08:58 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-29 08:50 . 2012-06-29 08:50 -------- d-----w- c:\users\pc\AppData\Roaming\Malwarebytes
2012-06-29 08:50 . 2012-06-29 08:50 -------- d-----w- c:\programdata\Malwarebytes
2012-06-28 15:26 . 2012-06-28 15:26 -------- d-----w- c:\program files\Common Files\Corel
2012-06-28 15:25 . 2012-06-28 15:25 -------- d-----w- c:\program files\Common Files\Protexis
2012-06-28 15:18 . 2012-06-28 15:18 -------- d-----w- c:\program files\Corel
2012-06-28 02:25 . 2012-06-28 02:25 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-27 02:12 . 2004-06-17 10:01 2260992 ----a-w- c:\program files\WWIISniper.exe
2012-06-27 02:12 . 2004-08-12 11:58 1814528 ----a-w- c:\program files\Lithtech.exe
2012-06-27 02:11 . 2012-06-27 02:11 -------- d-----w- c:\program files\Profiles
2012-06-27 02:11 . 2003-08-08 13:31 405504 ----a-w- c:\program files\Server.dll
2012-06-27 02:11 . 2001-09-28 15:00 164864 ----a-w- c:\program files\UNWISE.EXE
2012-06-26 00:10 . 2012-06-28 02:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-26 00:10 . 2012-06-28 02:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-25 09:08 . 2012-06-25 09:08 -------- d-----w- c:\program files\Smart Projects
2012-06-23 09:08 . 2012-07-06 23:57 -------- d-----w- c:\program files\JDownloader
2012-06-22 09:50 . 2012-06-22 09:50 -------- d-----w- c:\users\pc\AppData\Roaming\WinAVI
2012-06-22 09:50 . 2012-06-22 09:50 -------- d-----w- c:\users\pc\AppData\Local\WinAVI
2012-06-22 09:34 . 2012-06-22 09:34 -------- d-----w- c:\users\pc\AppData\Roaming\AVS4YOU
2012-06-22 09:34 . 2012-06-22 09:34 -------- d-----w- c:\programdata\AVS4YOU
2012-06-22 09:33 . 2012-06-22 10:05 -------- d-----w- c:\program files\Common Files\AVSMedia
2012-06-22 09:33 . 2011-06-23 18:24 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2012-06-22 09:33 . 2011-06-23 18:24 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-06-22 09:33 . 2012-06-22 10:05 -------- d-----w- c:\program files\AVS4YOU
2012-06-22 09:29 . 2012-06-22 09:29 -------- d-----w- c:\program files\uTorrent
2012-06-22 09:28 . 2012-07-05 07:55 -------- d-----w- c:\users\pc\AppData\Roaming\uTorrent
2012-06-17 23:40 . 2012-06-27 03:17 -------- d-----w- c:\programdata\Big Fish Games
2012-06-17 18:52 . 2012-06-17 18:52 -------- d-----w- c:\users\pc\AppData\Local\Macromedia
2012-06-17 18:30 . 2012-06-17 18:35 -------- d-----w- c:\users\pc\AppData\Roaming\DMCache
2012-06-15 23:16 . 2012-06-15 23:20 -------- d-----w- c:\programdata\Protexis
2012-06-15 23:16 . 2012-06-15 23:16 -------- d-----w- c:\users\pc\AppData\Roaming\Corel
2012-06-15 23:10 . 2012-06-15 23:10 -------- d-----w- c:\program files\Microsoft SDKs
2012-06-15 23:10 . 2012-06-15 23:11 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-06-15 23:09 . 2012-06-28 15:25 -------- d-----w- c:\programdata\Corel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 21:03 . 2012-05-11 14:15 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-08-09 3076144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe" [2011-04-04 280824]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
c:\users\ctn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-3-1 576000]
.
c:\users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [N/A]
iVMS-4000(v2.0).lnk - c:\program files\iVMS-4000(v2.0)\NetAppSoft.exe [2011-4-5 8327168]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 gupdate;Usluga Google ažuriranje (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.362.0\SeaPort.exe [x]
R3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.362.0\BBSvc.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 02:21]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-16 12:49]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-16 12:49]
.
.
------- Supplementary Scan -------
.
uStart Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxp://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2
mStart Page = hxxp://startsear.ch/?aff=1&cf=f9388a60-3486-11e1-bc77-4487fcf8aa7e
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
TCP: Interfaces\{062F7739-7E59-41FA-A804-0DC890724D6C}: NameServer = 212.39.98.161,212.39.98.162
DPF: {CAFCF48D-8E34-4490-8154-026191D73924} - hxxp://192.168.120.81/codebase/NetVideoActiveX_V23.cab
FF - ProfilePath - c:\users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\502dw7pr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-08 04:48:14
ComboFix-quarantined-files.txt 2012-07-08 02:48
ComboFix2.txt 2012-07-06 18:46
.
Pre-Run: 357.758.357.504 bytes free
Post-Run: 397.429.792.768 bytes free
.
- - End Of File - - E0F0B6D39BD065A9C83DA7B6EA078386

With no problems.
Alert from first post didn't appeared since my first ComboFix start, your second post. Everything seems to be fine at the moment.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users