Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I keep having these installed EmuleMorphXT (conime. exe); Shareaza (cftmon); Ares (ctflr)


  • This topic is locked This topic is locked
11 replies to this topic

#1 metal_master

metal_master

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 03 January 2012 - 01:44 PM

same problem as http://www.bleepingcomputer.com/forums/topic430475.html

Don't know how this happened but I keep getting these programs installed in C:\Users\Public\AppData
and they run automatically.
I only noticed because when I was shutting my pc down I saw these ones where still shutting down, I deleted the folders and files, even some registry entries but next time i started me laptop up they reinstalled.
I can't figure out what was installing them.

Unfortunatly by the time I found this topic I had already run ComboFix folowing instructions on the web. It was not until I found this topic that I noticed that this particular procedure should olny have been done after a series of ohter steps, and only at the request of a trained individual. Even so I decided to ask for help here, hopping that something extra could be done.
I did not ask for help on any other forum or topic, the information on using ComboFix was atained via a webpage found in google, and was,obviously incomplete.
Hope you guys can help me anyway

Edited by metal_master, 03 January 2012 - 03:26 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:13 AM

Posted 09 January 2012 - 10:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

I need more information about your present system.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just paste the contents of the DDS.txt log in your next post.

#3 metal_master

metal_master
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 09 January 2012 - 12:11 PM

Thanks for the help.

By the way, I don't know if it's related but thw windows firewall doesen't start and it's been off sinve the 28th December 2011.


Here is the transcript of the DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Hugo Ferreira at 17:03:45 on 2012-01-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.351.2070.18.8099.5238 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\taskhost.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDockTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\mmc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.pt/
uInternet Settings,ProxyServer = arsn-viruswall.arsn.local:8080
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
StartupFolder: C:\Users\HUGOFE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RECORT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\HUGOFE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\{26882~1.LNK - C:\Windows\System32\rundll32.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&nviar para o OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 212.113.164.6 212.113.164.5
TCP: Interfaces\{035EA9A0-940B-4AA6-89AE-614D1C9B064E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B30F4D24-9B5F-4BEE-BEE4-D4676B47D14E} : DhcpNameServer = 212.113.164.6 212.113.164.5
TCP: Interfaces\{B30F4D24-9B5F-4BEE-BEE4-D4676B47D14E}\142535E4F6274756D294E445 : DhcpNameServer = 192.168.5.1
TCP: Interfaces\{B30F4D24-9B5F-4BEE-BEE4-D4676B47D14E}\36163716 : DhcpNameServer = 212.113.164.6 212.113.164.5
TCP: Interfaces\{B30F4D24-9B5F-4BEE-BEE4-D4676B47D14E}\47563747560236163716 : DhcpNameServer = 212.113.164.6 212.113.164.5
TCP: Interfaces\{B30F4D24-9B5F-4BEE-BEE4-D4676B47D14E}\94E464F4253454E4455425 : DhcpNameServer = 212.55.154.174 212.55.154.190
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE7CD045-E861-484f-8273-0445EE161910}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F3C88694-EFFA-4d78-B409-54B7B2535B14}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{8dcb7100-df86-4384-8842-8fa844297b3f}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hugo Ferreira\AppData\Roaming\Mozilla\Firefox\Profiles\u4zzlm3h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pt
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Hugo Ferreira\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-29 44768]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-11 46448]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-7 652872]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-19 2253120]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 regi;regi;\??\C:\windows\system32\drivers\regi.sys --> C:\windows\system32\drivers\regi.sys [?]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2011-12-6 5716848]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-4-7 294328]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UDSS;UDSS;C:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe [2011-3-11 30064]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-19 2656280]
R3 CeKbFilter;CeKbFilter;C:\windows\system32\DRIVERS\CeKbFilter.sys --> C:\windows\system32\DRIVERS\CeKbFilter.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\system32\DRIVERS\LEqdUsb.Sys --> C:\windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\system32\DRIVERS\LHidEqd.Sys --> C:\windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Inspecção de Rede Microsoft;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-6-19 54136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\system32\DRIVERS\btfilter.sys --> C:\windows\system32\DRIVERS\btfilter.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-4-6 828336]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 VBoxUSB;VirtualBox USB;C:\windows\system32\Drivers\VBoxUSB.sys --> C:\windows\system32\Drivers\VBoxUSB.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\windows\system32\DRIVERS\wacmoumonitor.sys --> C:\windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Serviço de Tecnologias de Activação do Windows;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
.txt=SigilTXT
.
=============== Created Last 30 ================
.
2012-01-09 14:55:50 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{16913EBD-A178-4CA0-8D38-D51CF5732B54}\offreg.dll
2012-01-09 14:53:00 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{16913EBD-A178-4CA0-8D38-D51CF5732B54}\mpengine.dll
2012-01-07 17:07:43 -------- d-----w- C:\Program Files\Eraser
2012-01-07 14:13:10 -------- d-----w- C:\Users\Hugo Ferreira\AppData\Roaming\Malwarebytes
2012-01-07 14:13:03 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-07 14:13:02 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-01-07 14:13:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-04 01:06:23 -------- d-----w- C:\Users\Hugo Ferreira\AppData\Local\MPlayer
2012-01-03 18:15:43 -------- d-----w- C:\$RECYCLE.BIN
2012-01-03 18:05:01 98816 ----a-w- C:\windows\sed.exe
2012-01-03 18:05:01 518144 ----a-w- C:\windows\SWREG.exe
2012-01-03 18:05:01 256000 ----a-w- C:\windows\PEV.exe
2012-01-03 18:05:01 208896 ----a-w- C:\windows\MBR.exe
2012-01-03 16:42:05 -------- d-----w- C:\Program Files (x86)\eMule
2011-12-26 18:30:12 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2011-12-26 18:30:11 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-26 18:30:11 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-26 18:30:11 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-23 19:40:11 -------- d-----w- C:\Users\Hugo Ferreira\VirtualBox VMs
2011-12-23 19:37:12 -------- d-----w- C:\Users\Hugo Ferreira\.VirtualBox
2011-12-23 19:36:50 224048 ----a-w- C:\windows\System32\drivers\VBoxDrv.sys
2011-12-23 19:36:43 130864 ----a-w- C:\windows\System32\drivers\VBoxUSBMon.sys
2011-12-23 19:36:36 -------- d-----w- C:\Program Files\Oracle
2011-12-19 13:45:22 146736 ----a-w- C:\windows\System32\drivers\VBoxNetAdp.sys
2011-12-19 13:45:22 117040 ----a-w- C:\windows\System32\drivers\VBoxUSB.sys
2011-12-19 13:43:54 320816 ----a-w- C:\windows\System32\VBoxNetFltNobj.dll
2011-12-19 13:43:54 165680 ----a-w- C:\windows\System32\drivers\VBoxNetFlt.sys
2011-12-14 23:34:38 -------- d-----w- C:\Users\Hugo Ferreira\AppData\Roaming\Auslogics
2011-12-14 20:31:54 43520 ----a-w- C:\windows\System32\csrsrv.dll
2011-12-14 20:31:49 3145216 ----a-w- C:\windows\System32\win32k.sys
2011-12-14 20:31:44 723456 ----a-w- C:\windows\System32\EncDec.dll
2011-12-14 20:31:44 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
2011-12-14 20:31:14 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-12-14 20:31:14 2048 ----a-w- C:\windows\System32\tzres.dll
2011-12-14 00:51:41 -------- d-----w- C:\Program Files (x86)\Opera Next
2011-12-13 19:23:00 -------- d-----w- C:\Users\Hugo Ferreira\AppData\Local\Google
.
==================== Find3M ====================
.
2011-12-08 13:16:22 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys
2011-11-30 01:06:18 15664 ----a-w- C:\windows\SysWow64\drivers\GEARAspiWDM.sys
2011-11-30 01:06:17 109360 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2011-11-28 18:01:25 41184 ----a-w- C:\windows\avastSS.scr
2011-11-28 17:54:06 591192 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2011-11-28 17:52:11 66904 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2011-11-25 01:55:40 189248 ----a-w- C:\windows\SysWow64\PnkBstrB.exe
2011-11-25 01:55:36 75136 ----a-w- C:\windows\SysWow64\PnkBstrA.exe
2011-11-23 00:08:26 1890 --sha-w- C:\ProgramData\KGyGaAvL.sys
2011-11-16 15:49:45 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-04 01:53:39 2309120 ----a-w- C:\windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
.
============= FINISH: 17:04:29,40 ===============


Hope that helps in solving my problems, and thanks

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:13 AM

Posted 10 January 2012 - 09:32 AM

In your first log this was showing in your Startup folder.
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\{3573D~1.LNK - C:\Windows\System32\rundll32.exe

In your last DDS log it has changed to:
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\{26882~1.LNK - C:\Windows\System32\rundll32.exe

Do you know what this might be?
Please post the complete name ie. 26882........
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this dowload unless you do not have any Antivirus protection on the computer.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
===

Delete you version of ComboFix.exe and download this latest version.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Post the logs and let me know what problem persists.

#5 metal_master

metal_master
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 10 January 2012 - 05:58 PM

Hi, first let me just say this. I didn't post any previous dds log just the one in the 9th of january.

As for the file you refered to, I do belive it is the reason I'm getting a runDLL message whe i start my computer, and it referes to the {26882282-3E1D-471d-A87D-5493A1BF09D7].dll file wich is acoumpanied by the {26882282-3E1D-471d-A87D-5493A1BF09D7].pif, and the {26882282-3E1D-471d-A87D-5493A1BF09D7].sys and the {26882282-3E1D-471d-A87D-5493A1BF09D7].lnk wich I don't know were it is at this point.

This files used to be placed in C:\Users\Public folder but where removed by the first run of combofix. I have a copy of them zipped at the exception of the .lnk file.

now for the aswMBR log:



aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-10 18:21:20
-----------------------------
18:21:20.221 OS Version: Windows x64 6.1.7601 Service Pack 1
18:21:20.221 Number of processors: 8 586 0x2A07
18:21:20.221 ComputerName: HUGOFERREIRA UserName:
18:21:43.511 Initialize success
18:21:44.666 AVAST engine defs: 12011000
18:22:04.868 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:22:04.868 Disk 0 Vendor: Seagate_ TD27 Size: 476940MB BusType: 3
18:22:04.946 Disk 0 MBR read successfully
18:22:04.946 Disk 0 MBR scan
18:22:04.946 Disk 0 Windows VISTA default MBR code
18:22:04.977 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
18:22:04.993 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459838 MB offset 3074048
18:22:05.039 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 15601 MB offset 944822272
18:22:05.039 Service scanning
18:22:07.255 Service MpNWMon C:\windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
18:22:08.113 Modules scanning
18:22:08.113 Disk 0 trace - called modules:
18:22:08.113 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
18:22:08.113 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007efd060]
18:22:08.128 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8007e28710]
18:22:08.128 5 thpdrv.sys[fffff88001be2cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007982050]
18:22:09.345 AVAST engine scan C:\windows
18:22:12.309 AVAST engine scan C:\windows\system32
18:24:40.118 AVAST engine scan C:\windows\system32\drivers
18:24:57.512 AVAST engine scan C:\Users\Hugo Ferreira
18:36:24.678 AVAST engine scan C:\ProgramData
18:39:28.259 Scan finished successfully
18:51:42.146 Disk 0 MBR has been saved successfully to "C:\Users\Hugo Ferreira\Desktop\MBR.dat"
18:51:42.146 The log file has been saved successfully to "C:\Users\Hugo Ferreira\Desktop\aswMBR.txt"


folowed by the mbr


also the TDSSKiller.2.7.0.0_10.01.2012_18.56.56_log transcript:

18:56:56.0015 7332 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
18:56:56.0156 7332 ============================================================
18:56:56.0156 7332 Current date / time: 2012/01/10 18:56:56.0156
18:56:56.0156 7332 SystemInfo:
18:56:56.0156 7332
18:56:56.0156 7332 OS Version: 6.1.7601 ServicePack: 1.0
18:56:56.0156 7332 Product type: Workstation
18:56:56.0156 7332 ComputerName: HUGOFERREIRA
18:56:56.0156 7332 UserName: Hugo Ferreira
18:56:56.0156 7332 Windows directory: C:\windows
18:56:56.0156 7332 System windows directory: C:\windows
18:56:56.0156 7332 Running under WOW64
18:56:56.0156 7332 Processor architecture: Intel x64
18:56:56.0156 7332 Number of processors: 8
18:56:56.0156 7332 Page size: 0x1000
18:56:56.0156 7332 Boot type: Normal boot
18:56:56.0156 7332 ============================================================
18:57:00.0212 7332 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000, SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
18:57:00.0368 7332 Drive \Device\Harddisk1\DR3 - Size: 0x746EC00000, SectorSize: 0x200, Cylinders: 0xED7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:57:00.0414 7332 Initialize success
18:57:11.0818 7816 ============================================================
18:57:11.0818 7816 Scan started
18:57:11.0818 7816 Mode: Manual; SigCheck; TDLFS;
18:57:11.0818 7816 ============================================================
18:57:20.0570 7816 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
18:57:20.0819 7816 1394ohci - ok
18:57:20.0882 7816 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
18:57:20.0897 7816 ACPI - ok
18:57:20.0944 7816 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
18:57:21.0552 7816 AcpiPmi - ok
18:57:21.0818 7816 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
18:57:21.0880 7816 adp94xx - ok
18:57:21.0927 7816 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
18:57:21.0942 7816 adpahci - ok
18:57:21.0958 7816 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
18:57:21.0974 7816 adpu320 - ok
18:57:22.0005 7816 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
18:57:22.0036 7816 AFD - ok
18:57:22.0052 7816 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
18:57:22.0067 7816 agp440 - ok
18:57:22.0083 7816 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
18:57:22.0098 7816 aliide - ok
18:57:22.0114 7816 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
18:57:22.0130 7816 amdide - ok
18:57:22.0145 7816 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
18:57:22.0176 7816 AmdK8 - ok
18:57:22.0176 7816 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
18:57:22.0223 7816 AmdPPM - ok
18:57:22.0239 7816 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
18:57:22.0254 7816 amdsata - ok
18:57:22.0270 7816 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
18:57:22.0286 7816 amdsbs - ok
18:57:22.0301 7816 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
18:57:22.0317 7816 amdxata - ok
18:57:22.0332 7816 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
18:57:22.0473 7816 AppID - ok
18:57:22.0504 7816 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
18:57:22.0520 7816 arc - ok
18:57:22.0520 7816 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
18:57:22.0566 7816 arcsas - ok
18:57:22.0613 7816 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\windows\system32\drivers\aswFsBlk.sys
18:57:22.0676 7816 aswFsBlk - ok
18:57:22.0691 7816 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\windows\system32\drivers\aswMonFlt.sys
18:57:22.0707 7816 aswMonFlt - ok
18:57:22.0738 7816 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\windows\system32\drivers\aswRdr.sys
18:57:22.0754 7816 aswRdr - ok
18:57:22.0785 7816 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\windows\system32\drivers\aswSnx.sys
18:57:22.0847 7816 aswSnx - ok
18:57:22.0878 7816 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\windows\system32\drivers\aswSP.sys
18:57:22.0925 7816 aswSP - ok
18:57:22.0941 7816 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\windows\system32\drivers\aswTdi.sys
18:57:22.0956 7816 aswTdi - ok
18:57:22.0972 7816 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
18:57:23.0081 7816 AsyncMac - ok
18:57:23.0159 7816 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
18:57:23.0175 7816 atapi - ok
18:57:23.0409 7816 athr (b2931c83cfb12a3223a47b180473ae1a) C:\windows\system32\DRIVERS\athrx.sys
18:57:23.0549 7816 athr - ok
18:57:23.0643 7816 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
18:57:23.0674 7816 b06bdrv - ok
18:57:23.0736 7816 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
18:57:23.0814 7816 b57nd60a - ok
18:57:23.0877 7816 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
18:57:23.0939 7816 Beep - ok
18:57:24.0111 7816 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\drivers\blbdrive.sys
18:57:24.0236 7816 blbdrive - ok
18:57:24.0298 7816 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
18:57:24.0438 7816 bowser - ok
18:57:24.0454 7816 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
18:57:24.0470 7816 BrFiltLo - ok
18:57:24.0501 7816 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
18:57:24.0532 7816 BrFiltUp - ok
18:57:24.0594 7816 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
18:57:24.0672 7816 Brserid - ok
18:57:24.0688 7816 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
18:57:24.0719 7816 BrSerWdm - ok
18:57:24.0735 7816 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
18:57:24.0750 7816 BrUsbMdm - ok
18:57:24.0766 7816 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
18:57:24.0782 7816 BrUsbSer - ok
18:57:24.0813 7816 BtFilter (2347abbd13bada65826fdab4caafe357) C:\windows\system32\DRIVERS\btfilter.sys
18:57:24.0828 7816 BtFilter - ok
18:57:24.0844 7816 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
18:57:24.0875 7816 BTHMODEM - ok
18:57:24.0906 7816 catchme - ok
18:57:24.0938 7816 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
18:57:24.0984 7816 cdfs - ok
18:57:25.0016 7816 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
18:57:25.0047 7816 cdrom - ok
18:57:25.0062 7816 CeKbFilter (a965b206921c55f2d1481789d609b711) C:\windows\system32\DRIVERS\CeKbFilter.sys
18:57:25.0078 7816 CeKbFilter - ok
18:57:25.0109 7816 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
18:57:25.0140 7816 circlass - ok
18:57:25.0172 7816 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
18:57:25.0203 7816 CLFS - ok
18:57:25.0234 7816 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\drivers\CmBatt.sys
18:57:25.0265 7816 CmBatt - ok
18:57:25.0281 7816 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
18:57:25.0281 7816 cmdide - ok
18:57:25.0312 7816 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
18:57:25.0343 7816 CNG - ok
18:57:25.0359 7816 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
18:57:25.0374 7816 Compbatt - ok
18:57:25.0390 7816 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
18:57:25.0421 7816 CompositeBus - ok
18:57:25.0452 7816 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
18:57:25.0468 7816 crcdisk - ok
18:57:25.0499 7816 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
18:57:25.0530 7816 DfsC - ok
18:57:25.0546 7816 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
18:57:25.0593 7816 discache - ok
18:57:25.0608 7816 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
18:57:25.0624 7816 Disk - ok
18:57:25.0640 7816 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
18:57:25.0671 7816 drmkaud - ok
18:57:25.0702 7816 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
18:57:25.0733 7816 DXGKrnl - ok
18:57:25.0811 7816 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
18:57:25.0967 7816 ebdrv - ok
18:57:26.0076 7816 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
18:57:26.0123 7816 elxstor - ok
18:57:26.0139 7816 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
18:57:26.0154 7816 ErrDev - ok
18:57:26.0186 7816 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
18:57:26.0279 7816 exfat - ok
18:57:26.0342 7816 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
18:57:26.0435 7816 fastfat - ok
18:57:26.0466 7816 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
18:57:26.0529 7816 fdc - ok
18:57:26.0591 7816 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
18:57:26.0607 7816 FileInfo - ok
18:57:26.0638 7816 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
18:57:26.0685 7816 Filetrace - ok
18:57:26.0716 7816 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
18:57:26.0732 7816 flpydisk - ok
18:57:26.0825 7816 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
18:57:26.0841 7816 FltMgr - ok
18:57:26.0903 7816 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
18:57:26.0919 7816 FsDepends - ok
18:57:26.0981 7816 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
18:57:26.0997 7816 Fs_Rec - ok
18:57:27.0059 7816 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
18:57:27.0106 7816 fvevol - ok
18:57:27.0137 7816 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
18:57:27.0153 7816 gagp30kx - ok
18:57:27.0278 7816 GEARAspiWDM - ok
18:57:27.0324 7816 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
18:57:27.0371 7816 hcw85cir - ok
18:57:27.0465 7816 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
18:57:27.0512 7816 HdAudAddService - ok
18:57:27.0558 7816 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
18:57:27.0621 7816 HDAudBus - ok
18:57:27.0668 7816 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
18:57:27.0746 7816 HidBatt - ok
18:57:27.0808 7816 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
18:57:27.0824 7816 HidBth - ok
18:57:27.0886 7816 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
18:57:27.0933 7816 HidIr - ok
18:57:27.0964 7816 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
18:57:27.0995 7816 HidUsb - ok
18:57:28.0026 7816 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
18:57:28.0042 7816 HpSAMD - ok
18:57:28.0089 7816 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
18:57:28.0151 7816 HTTP - ok
18:57:28.0167 7816 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
18:57:28.0182 7816 hwpolicy - ok
18:57:28.0214 7816 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
18:57:28.0229 7816 i8042prt - ok
18:57:28.0292 7816 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
18:57:28.0307 7816 iaStor - ok
18:57:28.0338 7816 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
18:57:28.0354 7816 iaStorV - ok
18:57:28.0557 7816 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
18:57:28.0853 7816 igfx - ok
18:57:28.0869 7816 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
18:57:28.0884 7816 iirsp - ok
18:57:28.0947 7816 IntcAzAudAddService (a1fa448078c94e4d011ebd241821ff9e) C:\windows\system32\drivers\RTKVHD64.sys
18:57:29.0040 7816 IntcAzAudAddService - ok
18:57:29.0072 7816 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
18:57:29.0087 7816 IntcDAud - ok
18:57:29.0103 7816 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
18:57:29.0118 7816 intelide - ok
18:57:29.0150 7816 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
18:57:29.0181 7816 intelppm - ok
18:57:29.0196 7816 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
18:57:29.0243 7816 IpFilterDriver - ok
18:57:29.0259 7816 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
18:57:29.0274 7816 IPMIDRV - ok
18:57:29.0290 7816 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
18:57:29.0337 7816 IPNAT - ok
18:57:29.0368 7816 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
18:57:29.0415 7816 IRENUM - ok
18:57:29.0430 7816 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
18:57:29.0446 7816 isapnp - ok
18:57:29.0493 7816 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
18:57:29.0508 7816 iScsiPrt - ok
18:57:29.0586 7816 JMCR (25d602ae635a0443458fbed1a8b6e4e9) C:\windows\system32\DRIVERS\jmcr.sys
18:57:29.0633 7816 JMCR - ok
18:57:29.0664 7816 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
18:57:29.0711 7816 kbdclass - ok
18:57:29.0758 7816 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
18:57:29.0820 7816 kbdhid - ok
18:57:29.0852 7816 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
18:57:29.0883 7816 KSecDD - ok
18:57:29.0945 7816 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
18:57:29.0992 7816 KSecPkg - ok
18:57:30.0023 7816 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
18:57:30.0086 7816 ksthunk - ok
18:57:30.0507 7816 LEqdUsb (ed7ec050cd6c20e1a93a4dafb7efd14d) C:\windows\system32\DRIVERS\LEqdUsb.Sys
18:57:30.0522 7816 LEqdUsb - ok
18:57:30.0585 7816 LHidEqd (3267bc698e29474a8381e68904eb0390) C:\windows\system32\DRIVERS\LHidEqd.Sys
18:57:30.0600 7816 LHidEqd - ok
18:57:30.0647 7816 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\windows\system32\DRIVERS\LHidFilt.Sys
18:57:30.0663 7816 LHidFilt - ok
18:57:30.0710 7816 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
18:57:30.0788 7816 lltdio - ok
18:57:30.0881 7816 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\windows\system32\DRIVERS\LMouFilt.Sys
18:57:30.0897 7816 LMouFilt - ok
18:57:30.0928 7816 LPCFilter (2825a71e7501cb33b3b9f856610c729d) C:\windows\system32\DRIVERS\LPCFilter.sys
18:57:30.0944 7816 LPCFilter - ok
18:57:30.0990 7816 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
18:57:31.0006 7816 LSI_FC - ok
18:57:31.0084 7816 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
18:57:31.0100 7816 LSI_SAS - ok
18:57:31.0131 7816 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
18:57:31.0146 7816 LSI_SAS2 - ok
18:57:31.0162 7816 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
18:57:31.0193 7816 LSI_SCSI - ok
18:57:31.0224 7816 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
18:57:31.0287 7816 luafv - ok
18:57:31.0365 7816 LUsbFilt (11ddb1d900078fbe3691df7b878aec28) C:\windows\system32\Drivers\LUsbFilt.Sys
18:57:31.0380 7816 LUsbFilt - ok
18:57:31.0521 7816 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
18:57:31.0536 7816 MBAMProtector - ok
18:57:31.0630 7816 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
18:57:31.0646 7816 megasas - ok
18:57:31.0661 7816 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
18:57:31.0677 7816 MegaSR - ok
18:57:31.0724 7816 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
18:57:31.0739 7816 MEIx64 - ok
18:57:31.0755 7816 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
18:57:31.0802 7816 Modem - ok
18:57:31.0833 7816 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
18:57:31.0880 7816 monitor - ok
18:57:31.0911 7816 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
18:57:31.0926 7816 mouclass - ok
18:57:31.0958 7816 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
18:57:31.0973 7816 mouhid - ok
18:57:31.0989 7816 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
18:57:32.0004 7816 mountmgr - ok
18:57:32.0051 7816 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys
18:57:32.0067 7816 MpFilter - ok
18:57:32.0098 7816 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
18:57:32.0114 7816 mpio - ok
18:57:32.0145 7816 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys
18:57:32.0160 7816 MpNWMon - ok
18:57:32.0192 7816 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
18:57:32.0223 7816 mpsdrv - ok
18:57:32.0238 7816 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
18:57:32.0270 7816 MRxDAV - ok
18:57:32.0316 7816 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
18:57:32.0348 7816 mrxsmb - ok
18:57:32.0379 7816 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
18:57:32.0394 7816 mrxsmb10 - ok
18:57:32.0426 7816 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
18:57:32.0457 7816 mrxsmb20 - ok
18:57:32.0488 7816 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
18:57:32.0504 7816 msahci - ok
18:57:32.0535 7816 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
18:57:32.0550 7816 msdsm - ok
18:57:32.0566 7816 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
18:57:32.0613 7816 Msfs - ok
18:57:32.0613 7816 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
18:57:32.0660 7816 mshidkmdf - ok
18:57:32.0675 7816 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
18:57:32.0706 7816 msisadrv - ok
18:57:32.0738 7816 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
18:57:32.0769 7816 MSKSSRV - ok
18:57:32.0784 7816 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
18:57:32.0831 7816 MSPCLOCK - ok
18:57:32.0847 7816 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
18:57:32.0878 7816 MSPQM - ok
18:57:32.0909 7816 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
18:57:32.0940 7816 MsRPC - ok
18:57:32.0972 7816 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
18:57:32.0987 7816 mssmbios - ok
18:57:33.0003 7816 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
18:57:33.0050 7816 MSTEE - ok
18:57:33.0065 7816 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
18:57:33.0128 7816 MTConfig - ok
18:57:33.0174 7816 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
18:57:33.0190 7816 Mup - ok
18:57:33.0221 7816 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
18:57:33.0237 7816 NativeWifiP - ok
18:57:33.0299 7816 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
18:57:33.0346 7816 NDIS - ok
18:57:33.0377 7816 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
18:57:33.0408 7816 NdisCap - ok
18:57:33.0455 7816 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
18:57:33.0518 7816 NdisTapi - ok
18:57:33.0533 7816 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
18:57:33.0564 7816 Ndisuio - ok
18:57:33.0596 7816 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
18:57:33.0627 7816 NdisWan - ok
18:57:33.0658 7816 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
18:57:33.0705 7816 NDProxy - ok
18:57:33.0736 7816 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
18:57:33.0783 7816 NetBIOS - ok
18:57:33.0814 7816 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
18:57:33.0845 7816 NetBT - ok
18:57:33.0908 7816 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
18:57:33.0923 7816 nfrd960 - ok
18:57:33.0939 7816 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys
18:57:33.0954 7816 NisDrv - ok
18:57:34.0110 7816 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
18:57:34.0173 7816 Npfs - ok
18:57:34.0204 7816 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
18:57:34.0251 7816 nsiproxy - ok
18:57:34.0391 7816 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
18:57:34.0469 7816 Ntfs - ok
18:57:34.0485 7816 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
18:57:34.0563 7816 Null - ok
18:57:34.0610 7816 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\windows\system32\DRIVERS\nusb3hub.sys
18:57:34.0750 7816 nusb3hub - ok
18:57:34.0812 7816 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\windows\system32\DRIVERS\nusb3xhc.sys
18:57:34.0922 7816 nusb3xhc - ok
18:57:35.0795 7816 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\windows\system32\DRIVERS\nvlddmkm.sys
18:57:36.0747 7816 nvlddmkm - ok
18:57:36.0809 7816 nvpciflt (682ea9ed3399d6066f0daecf7938727e) C:\windows\system32\DRIVERS\nvpciflt.sys
18:57:36.0825 7816 nvpciflt - ok
18:57:36.0840 7816 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
18:57:36.0856 7816 nvraid - ok
18:57:36.0887 7816 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
18:57:36.0934 7816 nvstor - ok
18:57:36.0996 7816 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
18:57:37.0012 7816 nv_agp - ok
18:57:37.0028 7816 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
18:57:37.0059 7816 ohci1394 - ok
18:57:37.0106 7816 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
18:57:37.0121 7816 Parport - ok
18:57:37.0152 7816 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
18:57:37.0168 7816 partmgr - ok
18:57:37.0215 7816 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
18:57:37.0230 7816 pci - ok
18:57:37.0246 7816 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
18:57:37.0262 7816 pciide - ok
18:57:37.0277 7816 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
18:57:37.0293 7816 pcmcia - ok
18:57:37.0324 7816 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
18:57:37.0340 7816 pcw - ok
18:57:37.0402 7816 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
18:57:37.0464 7816 PEAUTH - ok
18:57:37.0511 7816 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
18:57:37.0527 7816 PGEffect - ok
18:57:37.0589 7816 pnarp (fb83b6c62dff5abe36304351d2bed581) C:\windows\system32\DRIVERS\pnarp.sys
18:57:37.0605 7816 pnarp - ok
18:57:37.0652 7816 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
18:57:37.0698 7816 PptpMiniport - ok
18:57:37.0730 7816 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
18:57:37.0745 7816 Processor - ok
18:57:37.0776 7816 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
18:57:37.0808 7816 Psched - ok
18:57:37.0886 7816 purendis (1b3434642ce3c26e6f24d3a76d749c2a) C:\windows\system32\DRIVERS\purendis.sys
18:57:37.0901 7816 purendis - ok
18:57:37.0948 7816 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
18:57:38.0010 7816 ql2300 - ok
18:57:38.0026 7816 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
18:57:38.0042 7816 ql40xx - ok
18:57:38.0057 7816 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
18:57:38.0088 7816 QWAVEdrv - ok
18:57:38.0104 7816 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
18:57:38.0135 7816 RasAcd - ok
18:57:38.0166 7816 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
18:57:38.0198 7816 RasAgileVpn - ok
18:57:38.0229 7816 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
18:57:38.0276 7816 Rasl2tp - ok
18:57:38.0307 7816 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
18:57:38.0338 7816 RasPppoe - ok
18:57:38.0369 7816 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
18:57:38.0416 7816 RasSstp - ok
18:57:38.0463 7816 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
18:57:38.0525 7816 rdbss - ok
18:57:38.0603 7816 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
18:57:38.0681 7816 rdpbus - ok
18:57:38.0744 7816 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
18:57:38.0775 7816 RDPCDD - ok
18:57:38.0806 7816 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
18:57:38.0868 7816 RDPENCDD - ok
18:57:38.0900 7816 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
18:57:38.0931 7816 RDPREFMP - ok
18:57:38.0962 7816 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
18:57:39.0040 7816 RDPWD - ok
18:57:39.0071 7816 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
18:57:39.0102 7816 rdyboost - ok
18:57:39.0149 7816 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\windows\system32\drivers\regi.sys
18:57:39.0258 7816 regi - ok
18:57:39.0399 7816 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
18:57:39.0446 7816 rspndr - ok
18:57:39.0508 7816 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
18:57:39.0570 7816 RTL8167 - ok
18:57:39.0633 7816 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
18:57:39.0680 7816 sbp2port - ok
18:57:39.0742 7816 SCDEmu (d3022dba20029f1899b555298a5e95a3) C:\windows\system32\drivers\SCDEmu.sys
18:57:39.0758 7816 SCDEmu - ok
18:57:39.0804 7816 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
18:57:39.0867 7816 scfilter - ok
18:57:39.0914 7816 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\DRIVERS\sdbus.sys
18:57:39.0992 7816 sdbus - ok
18:57:40.0054 7816 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
18:57:40.0132 7816 secdrv - ok
18:57:40.0179 7816 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
18:57:40.0226 7816 Serenum - ok
18:57:40.0257 7816 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
18:57:40.0304 7816 Serial - ok
18:57:40.0335 7816 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
18:57:40.0350 7816 sermouse - ok
18:57:40.0413 7816 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
18:57:40.0475 7816 sffdisk - ok
18:57:40.0522 7816 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
18:57:40.0569 7816 sffp_mmc - ok
18:57:40.0600 7816 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
18:57:40.0678 7816 sffp_sd - ok
18:57:40.0709 7816 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
18:57:40.0725 7816 sfloppy - ok
18:57:40.0850 7816 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
18:57:40.0865 7816 SiSRaid2 - ok
18:57:40.0896 7816 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
18:57:40.0912 7816 SiSRaid4 - ok
18:57:40.0959 7816 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
18:57:41.0021 7816 Smb - ok
18:57:41.0068 7816 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
18:57:41.0084 7816 spldr - ok
18:57:41.0193 7816 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
18:57:41.0349 7816 srv - ok
18:57:41.0396 7816 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
18:57:41.0427 7816 srv2 - ok
18:57:41.0458 7816 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
18:57:41.0474 7816 srvnet - ok
18:57:41.0520 7816 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
18:57:41.0536 7816 stexstor - ok
18:57:41.0552 7816 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
18:57:41.0567 7816 swenum - ok
18:57:41.0661 7816 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
18:57:41.0708 7816 SynTP - ok
18:57:41.0801 7816 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
18:57:41.0864 7816 Tcpip - ok
18:57:41.0926 7816 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
18:57:41.0957 7816 TCPIP6 - ok
18:57:42.0004 7816 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
18:57:42.0051 7816 tcpipreg - ok
18:57:42.0082 7816 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
18:57:42.0098 7816 tdcmdpst - ok
18:57:42.0129 7816 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
18:57:42.0160 7816 TDPIPE - ok
18:57:42.0176 7816 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
18:57:42.0222 7816 TDTCP - ok
18:57:42.0254 7816 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
18:57:42.0316 7816 tdx - ok
18:57:42.0347 7816 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
18:57:42.0363 7816 TermDD - ok
18:57:42.0394 7816 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
18:57:42.0410 7816 Thpdrv - ok
18:57:42.0441 7816 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
18:57:42.0456 7816 Thpevm - ok
18:57:42.0534 7816 Tosrfcom - ok
18:57:42.0550 7816 tosrfec (f5e3ac4cbcd154ee80849b21887fd0b0) C:\windows\system32\DRIVERS\tosrfec.sys
18:57:42.0566 7816 tosrfec - ok
18:57:42.0597 7816 Tosrfusb (7a0048693f98460ff537be31c741b927) C:\windows\system32\DRIVERS\tosrfusb.sys
18:57:42.0612 7816 Tosrfusb - ok
18:57:42.0644 7816 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
18:57:42.0659 7816 tos_sps64 - ok
18:57:42.0706 7816 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
18:57:42.0737 7816 tssecsrv - ok
18:57:42.0753 7816 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
18:57:42.0768 7816 TsUsbFlt - ok
18:57:42.0784 7816 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
18:57:42.0800 7816 TsUsbGD - ok
18:57:42.0831 7816 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
18:57:42.0862 7816 tunnel - ok
18:57:42.0878 7816 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
18:57:42.0893 7816 TVALZ - ok
18:57:42.0924 7816 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
18:57:42.0940 7816 TVALZFL - ok
18:57:42.0956 7816 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
18:57:43.0002 7816 uagp35 - ok
18:57:43.0034 7816 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
18:57:43.0096 7816 udfs - ok
18:57:43.0143 7816 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
18:57:43.0158 7816 uliagpkx - ok
18:57:43.0190 7816 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
18:57:43.0205 7816 umbus - ok
18:57:43.0236 7816 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
18:57:43.0252 7816 UmPass - ok
18:57:43.0283 7816 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
18:57:43.0299 7816 usbccgp - ok
18:57:43.0314 7816 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
18:57:43.0346 7816 usbcir - ok
18:57:43.0377 7816 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
18:57:43.0392 7816 usbehci - ok
18:57:43.0439 7816 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
18:57:43.0470 7816 usbhub - ok
18:57:43.0502 7816 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
18:57:43.0517 7816 usbohci - ok
18:57:43.0564 7816 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
18:57:43.0580 7816 usbprint - ok
18:57:43.0595 7816 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
18:57:43.0642 7816 USBSTOR - ok
18:57:43.0673 7816 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
18:57:43.0689 7816 usbuhci - ok
18:57:43.0720 7816 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
18:57:43.0751 7816 usbvideo - ok
18:57:43.0876 7816 VBoxDrv (c30f3d43ceb6f79ade9b805387e5f63c) C:\windows\system32\DRIVERS\VBoxDrv.sys
18:57:43.0907 7816 VBoxDrv - ok
18:57:44.0063 7816 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\windows\system32\DRIVERS\VBoxNetAdp.sys
18:57:44.0126 7816 VBoxNetAdp - ok
18:57:44.0219 7816 VBoxNetFlt (7b657669c53a0e6583f07ebaa303d9ea) C:\windows\system32\DRIVERS\VBoxNetFlt.sys
18:57:44.0297 7816 VBoxNetFlt - ok
18:57:44.0406 7816 VBoxUSB (bcfe50247fbe5c8cb2e22fa5938ea6f7) C:\windows\system32\Drivers\VBoxUSB.sys
18:57:44.0422 7816 VBoxUSB - ok
18:57:44.0765 7816 VBoxUSBMon (cf3ee68cd9723e9f21e3198a0f690400) C:\windows\system32\DRIVERS\VBoxUSBMon.sys
18:57:44.0796 7816 VBoxUSBMon - ok
18:57:44.0859 7816 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
18:57:44.0874 7816 vdrvroot - ok
18:57:44.0937 7816 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
18:57:44.0952 7816 vga - ok
18:57:44.0999 7816 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
18:57:45.0046 7816 VgaSave - ok
18:57:45.0124 7816 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
18:57:45.0171 7816 vhdmp - ok
18:57:45.0202 7816 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
18:57:45.0218 7816 viaide - ok
18:57:45.0264 7816 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
18:57:45.0327 7816 volmgr - ok
18:57:45.0358 7816 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
18:57:45.0389 7816 volmgrx - ok
18:57:45.0420 7816 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
18:57:45.0452 7816 volsnap - ok
18:57:45.0498 7816 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
18:57:45.0514 7816 vsmraid - ok
18:57:45.0545 7816 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
18:57:45.0561 7816 vwifibus - ok
18:57:45.0608 7816 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
18:57:45.0639 7816 vwififlt - ok
18:57:45.0670 7816 wacmoumonitor (fe75777289278a4941fe6139e82b3bd9) C:\windows\system32\DRIVERS\wacmoumonitor.sys
18:57:45.0686 7816 wacmoumonitor - ok
18:57:45.0717 7816 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\windows\system32\DRIVERS\wacommousefilter.sys
18:57:45.0732 7816 wacommousefilter - ok
18:57:45.0748 7816 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
18:57:45.0779 7816 WacomPen - ok
18:57:45.0826 7816 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\windows\system32\DRIVERS\wacomvhid.sys
18:57:45.0842 7816 wacomvhid - ok
18:57:45.0857 7816 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
18:57:45.0920 7816 WANARP - ok
18:57:45.0920 7816 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
18:57:45.0966 7816 Wanarpv6 - ok
18:57:46.0013 7816 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
18:57:46.0029 7816 Wd - ok
18:57:46.0060 7816 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
18:57:46.0091 7816 Wdf01000 - ok
18:57:46.0138 7816 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
18:57:46.0185 7816 WfpLwf - ok
18:57:46.0200 7816 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
18:57:46.0216 7816 WIMMount - ok
18:57:46.0294 7816 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
18:57:46.0325 7816 WmiAcpi - ok
18:57:46.0372 7816 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
18:57:46.0419 7816 ws2ifsl - ok
18:57:46.0466 7816 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
18:57:46.0512 7816 WudfPf - ok
18:57:46.0544 7816 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
18:57:46.0606 7816 WUDFRd - ok
18:57:46.0653 7816 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
18:57:47.0043 7816 \Device\Harddisk0\DR0 - ok
18:57:47.0386 7816 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
18:57:47.0495 7816 \Device\Harddisk1\DR3 - ok
18:57:47.0495 7816 Boot (0x1200) (868df22be362a60c4591abd279015c49) \Device\Harddisk0\DR0\Partition0
18:57:47.0511 7816 \Device\Harddisk0\DR0\Partition0 - ok
18:57:47.0511 7816 Boot (0x1200) (a7deb1c04ca082d91a2b87a0c4959728) \Device\Harddisk1\DR3\Partition0
18:57:47.0511 7816 \Device\Harddisk1\DR3\Partition0 - ok
18:57:47.0511 7816 ============================================================
18:57:47.0511 7816 Scan finished
18:57:47.0511 7816 ============================================================
18:57:47.0526 6252 Detected object count: 0
18:57:47.0526 6252 Actual detected object count: 0
18:59:20.0333 6532 Deinitialize success



and finally the combofix log:


ComboFix 12-01-10.02 - Hugo Ferreira 10-01-2012 21:06:09.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.351.2070.18.8099.4962 [GMT 0:00]
Executando de: c:\users\Hugo Ferreira\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-12-10 to 2012-01-10 ))))))))))))))))))))))))))))
.
.
2012-01-10 21:13 . 2012-01-10 21:13 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{710EA056-BC23-4B11-9234-4E2309620518}\offreg.dll
2012-01-10 21:11 . 2012-01-10 21:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-10 21:11 . 2012-01-10 21:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-10 18:56 . 2012-01-10 18:56 115504 ----a-w- c:\windows\system32\drivers\66645725.sys
2012-01-10 16:03 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{710EA056-BC23-4B11-9234-4E2309620518}\mpengine.dll
2012-01-07 17:07 . 2012-01-07 17:07 -------- d-----w- c:\program files\Eraser
2012-01-07 14:13 . 2012-01-07 14:13 -------- d-----w- c:\users\Hugo Ferreira\AppData\Roaming\Malwarebytes
2012-01-07 14:13 . 2012-01-07 14:13 -------- d-----w- c:\programdata\Malwarebytes
2012-01-07 14:13 . 2012-01-07 14:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-07 14:13 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-04 01:06 . 2012-01-04 01:06 -------- d-----w- c:\users\Hugo Ferreira\AppData\Local\MPlayer
2012-01-03 16:42 . 2012-01-03 16:42 -------- d-----w- c:\program files (x86)\eMule
2011-12-26 18:30 . 2011-12-26 18:30 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-26 18:30 . 2011-12-26 18:30 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-26 18:30 . 2011-12-26 18:30 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-26 18:30 . 2011-12-26 18:30 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-23 19:40 . 2011-12-24 00:17 -------- d-----w- c:\users\Hugo Ferreira\VirtualBox VMs
2011-12-23 19:37 . 2011-12-25 20:32 -------- d-----w- c:\users\Hugo Ferreira\.VirtualBox
2011-12-23 19:36 . 2011-12-19 13:45 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-12-23 19:36 . 2011-12-19 13:45 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-12-23 19:36 . 2011-12-23 19:36 -------- d-----w- c:\program files\Oracle
2011-12-19 13:45 . 2011-12-19 13:45 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-12-19 13:45 . 2011-12-19 13:45 117040 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2011-12-19 13:43 . 2011-12-19 13:43 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-12-19 13:43 . 2011-12-19 13:43 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-12-14 23:34 . 2011-12-20 02:09 -------- d-----w- c:\users\Hugo Ferreira\AppData\Roaming\Auslogics
2011-12-14 20:31 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 20:31 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 20:31 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 20:31 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 20:31 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 20:31 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-14 00:51 . 2011-12-14 00:51 -------- d-----w- c:\program files (x86)\Opera Next
2011-12-13 19:23 . 2011-12-13 19:23 -------- d-----w- c:\users\Hugo Ferreira\AppData\Local\Google
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 13:16 . 2011-12-08 13:16 53248 ----a-r- c:\users\Hugo Ferreira\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-12-08 13:16 . 2011-07-26 15:07 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-11-30 01:06 . 2011-07-28 22:09 15664 ----a-w- c:\windows\SysWow64\drivers\GEARAspiWDM.sys
2011-11-30 01:06 . 2011-07-28 22:09 109360 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-11-28 18:01 . 2011-07-20 14:46 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-07-20 14:46 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-07-20 14:46 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-07-20 14:46 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-07-20 14:46 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-07-20 14:46 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-07-20 14:46 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-07-20 14:46 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-07-20 14:46 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-25 01:55 . 2011-11-25 01:55 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-25 01:55 . 2011-11-25 01:55 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-11-23 00:08 . 2011-07-28 21:28 1890 --sha-w- c:\programdata\KGyGaAvL.sys
2011-11-21 11:40 . 2011-07-20 14:54 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-16 15:49 . 2011-07-27 00:35 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-15 08:53 . 2011-11-04 18:24 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-10-15 08:53 . 2011-11-04 18:24 7581504 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-15 08:53 . 2011-11-04 18:24 716608 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2011-10-15 08:53 . 2011-11-04 18:24 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-10-15 08:53 . 2011-11-04 18:24 68928 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-15 08:53 . 2011-11-04 18:24 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-10-15 08:53 . 2011-11-04 18:24 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-10-15 08:53 . 2011-11-04 18:24 371520 ----a-w- c:\windows\system32\nvoptimusmft.dll
2011-10-15 08:53 . 2011-11-04 18:24 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2011-10-15 08:53 . 2011-11-04 18:24 330560 ----a-w- c:\windows\SysWow64\nvoptimusmft.dll
2011-10-15 08:53 . 2011-11-04 18:24 301888 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2011-10-15 08:53 . 2011-11-04 18:24 28992 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2011-10-15 08:53 . 2011-11-04 18:24 2542912 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-15 08:53 . 2011-11-04 18:24 24796992 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-15 08:53 . 2011-11-04 18:24 24742720 ----a-w- c:\windows\system32\nvoglv64.dll
2011-10-15 08:53 . 2011-11-04 18:24 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-10-15 08:53 . 2011-11-04 18:24 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-15 08:53 . 2011-11-04 18:24 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-10-15 08:53 . 2011-11-04 18:24 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-10-15 08:53 . 2011-11-04 18:24 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-10-15 08:53 . 2011-11-04 18:24 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-10-15 08:53 . 2011-11-04 18:24 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-15 08:53 . 2011-11-04 18:24 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2011-11-04 18:24 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-10-15 08:53 . 2011-11-04 18:24 12971840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-10-15 08:53 . 2011-06-19 14:35 860992 ----a-w- c:\windows\system32\nvumdshimx.dll
2011-10-15 08:53 . 2011-06-19 14:35 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2011-06-19 14:35 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-10-15 08:53 . 2011-06-19 14:35 241984 ----a-w- c:\windows\system32\nvinitx.dll
2011-10-15 08:53 . 2011-06-19 14:35 203072 ----a-w- c:\windows\SysWow64\nvinit.dll
2011-10-15 08:53 . 2011-05-06 17:47 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll
2011-10-15 08:53 . 2011-05-06 17:47 539456 ----a-w- c:\windows\system32\nvhotkey.dll
2011-10-15 08:53 . 2011-05-06 17:47 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-10-15 08:53 . 2011-05-06 17:47 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-05-06 17:47 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-05-06 17:47 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2011-05-06 17:47 1349440 ----a-w- c:\windows\system32\nv3dappshext.dll
2011-10-15 08:53 . 2011-05-06 17:47 1985841 ----a-w- c:\windows\system32\nvcoproc.bin
2011-10-15 08:53 . 2011-05-06 17:47 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-10-15 08:53 . 2011-05-06 17:47 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-05-06 17:46 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-03_18.15.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-01-10 21:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-03 18:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-10 21:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-03 18:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-03 18:15 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-10 21:13 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-01-10 21:16 68502 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-10 21:16 38848 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-20 08:58 . 2012-01-10 18:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-20 08:58 . 2012-01-03 17:49 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-20 08:58 . 2012-01-03 17:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-07-20 08:58 . 2012-01-10 18:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-03 17:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-10 18:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-01-10 16:02 93232 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2012-01-01 19:23 93232 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-01-07 17:07 . 2012-01-07 17:07 93345 c:\windows\Installer\{3D33F6F0-4D90-484D-A1D9-09AE791CCBD9}\Eraser.exe
+ 2011-07-20 08:57 . 2012-01-10 21:16 9380 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2092168709-2261089135-3630490997-1001_UserData.bin
+ 2012-01-06 15:36 . 2012-01-06 15:36 9560 c:\windows\system32\NetworkList\Icons\{9AF2D1AA-1AF6-4801-B211-17727A34099B}_48.bin
+ 2012-01-06 15:36 . 2012-01-06 15:36 4280 c:\windows\system32\NetworkList\Icons\{9AF2D1AA-1AF6-4801-B211-17727A34099B}_32.bin
+ 2012-01-06 15:36 . 2012-01-06 15:36 2456 c:\windows\system32\NetworkList\Icons\{9AF2D1AA-1AF6-4801-B211-17727A34099B}_24.bin
+ 2012-01-10 21:13 . 2012-01-10 21:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-03 18:15 . 2012-01-03 18:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-10 21:13 . 2012-01-10 21:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-03 18:15 . 2012-01-03 18:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-11 16:52 . 2012-01-10 16:51 684580 c:\windows\system32\prfh0816.dat
+ 2011-02-11 16:52 . 2012-01-10 16:51 135830 c:\windows\system32\prfc0816.dat
+ 2009-07-14 02:36 . 2012-01-10 16:51 621246 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-10 16:51 108466 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-01-03 18:14 486384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-10 21:12 486384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:45 . 2012-01-09 14:58 7185859 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-12-31 20:18 7185859 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2011-07-20 09:05 . 2011-12-23 01:44 1398904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-07-20 09:05 . 2012-01-09 00:44 1398904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-09 14:51 . 2011-08-30 04:21 12872704 c:\windows\SysWOW64\shell32.dll
- 2009-07-14 02:34 . 2011-12-15 19:36 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-01-09 14:55 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-01-09 14:51 . 2011-08-30 05:25 14173184 c:\windows\system32\shell32.dll
+ 2011-07-20 09:05 . 2012-01-10 21:12 34344144 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2092168709-2261089135-3630490997-1001-12288.dat
+ 2012-01-07 17:06 . 2012-01-07 17:06 16904192 c:\windows\Installer\ae7729.msi
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176]
.
c:\users\Hugo Ferreira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Recortes de Ecrã e Iniciador do OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe [2011-7-28 4142448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
{26882282-3E1D-471d-A87D-5493A1BF09D7}.lnk - c:\windows\System32\rundll32.exe [2009-7-13 45568]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspecção de Rede Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-04-06 828336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Activação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 5716848]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UDSS;UDSS;c:\program files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe [2011-03-11 30064]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - WS2IFSL
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2092168709-2261089135-3630490997-1001Core.job
- c:\users\Hugo Ferreira\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 19:22]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2092168709-2261089135-3630490997-1001UA.job
- c:\users\Hugo Ferreira\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 19:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-28 11831400]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-04-18 2209896]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll" [2010-03-24 633200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.pt/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = arsn-viruswall.arsn.local:8080
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&nviar para o OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.113.164.6 212.113.164.5
FF - ProfilePath - c:\users\Hugo Ferreira\AppData\Roaming\Mozilla\Firefox\Profiles\u4zzlm3h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pt
.
.
------- Associação de arquivos/ficheiros -------
.
.txt=SigilTXT
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:15,4f,cd,d7,09,b0,5c,77,d3,83,10,7d,23,5d,ca,14,eb,11,6b,a0,66,
41,42,07,06,71,6c,17,67,c8,78,8b,e3,0f,83,cf,3c,64,bf,b6,9e,a6,02,46,21,39,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:15,4f,cd,d7,09,b0,5c,77,d3,83,10,7d,23,5d,ca,14,eb,11,6b,a0,66,
41,42,07,06,71,6c,17,67,c8,78,8b,e3,0f,83,cf,3c,64,bf,b6,9e,a6,02,46,21,39,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Tempo para conclusão: 2012-01-10 21:18:50 - Máquina reiniciou
ComboFix-quarantined-files.txt 2012-01-10 21:18
.
Pré-execução: 270.813.073.408 bytes livres
Pós execução: 270.589.710.336 bytes livres
.
- - End Of File - - DB7EB3ABA57A4A875248C81F7B0BAAB8


And that's it, hope it helps. Thanks.

By the way my current problems are:

- I keep getting the runDLL error message at windows startup
- and i can't start my windows firewall, having no other firewall installed.

Hope you can help.

Attached Files

  • Attached File  MBR.zip   565bytes   0 downloads


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:13 AM

Posted 11 January 2012 - 09:15 AM

Hi, first let me just say this. I didn't post any previous dds log just the one in the 9th of january.

Did you forget about the log you posted on December 3 in this topic: http://www.bleepingcomputer.com/forums/topic430475.html
===

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
{26882282-3E1D-471d-A87D-5493A1BF09D7}.lnk - c:\windows\System32\rundll32.exe [2009-7-13 45568]


Open Windows Explorer and delete this entry in bold.
Do not remove the rundll32.exe file.

===

Lets check on your Firewall.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Windows Firewall
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#7 metal_master

metal_master
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 11 January 2012 - 11:27 AM

Like I said before: wasn't me. I wasn't even registered here. I only joined in january 3rd 2012.

Anyway thaks for the tip on the lnk file. What a shaky bastard that one was. But it's solved now. Thanks

As for the log here it is:


Farbar Service Scanner
Ran by Hugo Ferreira (administrator) on 11-01-2012 at 16:13:18
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************



Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
Checking ImagePath: Attention! Unable to retrieve ImagePath of MpsSvc. The value does not exist.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


File Check:
========
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\svchost.exe
[2011-05-17 23:42] - [2011-03-01 08:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759

C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



Hope it helps.

By the way there isn't a chance of you actualy repliibg sooner, is there?
It's just that I'm going to be absent for a while and I need to take my pc with me. But with this firewall thing going on...

Thanks anyway

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:13 AM

Posted 11 January 2012 - 03:27 PM

Try this to restore your Firewall.

Please download Seven.zip file from here: http://www.smartestc...y-network-keys/
Unzip the file to a temporary folder your desktop.

These files will be extracted:
afd.reg
bfe.reg
mpssvc.reg
nsiproxy.reg
sdrsvc.reg
tdx.reg
wscsvc.reg
wuauserv.reg

legacy_afd.reg
legacy_mpssvc.reg
legacy_nsiproxy.reg
legacy_tdx.reg
legacy_wuauserv.reg
legacy_sdrsvc.reg

start_services.bat


One file at a time right click on these files
bfe.reg
mpssvc.reg
legacy_mpssvc.reg


click Yes to "Merge".
Allow registry merge.

Restart computer.
===

Click Start and in "Search Box" type in:
regedit
Press Enter.

Registry editor will open.
Navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
Right click on BFE key, click "Permissions"
Click on Add button, type Everyone and click OK.
Now click once on Everyone
Below, in "Permissions" pane checkmark "Allow" in "Full control" row.
Click "Apply" then "OK".

Close regedit and go back to your Desktop find start_services.bat Right click on it, click "Run As Administrator" to run the fix. Agree any alerts, then re-boot.

Note: Ignore this error:
"Cannot import C:\...\Desktop\Legacy_xxx.reg:
Not all data was successfully written to the registry. Some keys are open by the system or other processes."

How is it now?
+++

If this fails to restore the Firewall you will need to install an other one.

I suggest Comodo
http://personalfirewall.comodo.com/free-download.html

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:13 AM

Posted 17 January 2012 - 10:50 AM

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#10 metal_master

metal_master
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 18 January 2012 - 04:08 PM

Sorry for not responding anytime sooner but I was away like I said before.

About your previous post I wasn't able to merge mpssvc.reg and legacy_mpssvc.reg, but my firewall started working after I ran bfe.reg, and I added the registry key after.

I also executed the combofix uninstall as you instructed.

Things seem to be ok now. Thanks

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:13 AM

Posted 19 January 2012 - 08:25 AM

About your previous post I wasn't able to merge mpssvc.reg and legacy_mpssvc.reg,

No problems.

Glad we could help.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:13 AM

Posted 25 January 2012 - 11:01 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users