Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

consrv.dll (zero access?) infection


  • This topic is locked This topic is locked
56 replies to this topic

#1 chedi

chedi

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 18 February 2012 - 08:55 PM

Good day Sirs :wink: ,
Last week, my antivirus started acting up because of this file C:\Windows\System32\consrv.dll
I know its probably because of the game I installed, I shouldn't have gone through with it xD. anyway, I tried scanning, then deleting it using kaspersky internet security (thats what we use) and blocking when that didn't work. Sometimes the virus notifications would stop, but would pop up again a few minutes later.. I've done some research on how to remove it, saw some really technical-looking stuff that I couldn't understand.. But I saw some cases where we have the same symptoms from the infection. What happens is, my desktop starts okay, but after some time, if I try deleting it with my antivirus it eventually screws up my pc (can't load My Computer, and can't run any programs either including the antivirus). At that point I just restart my PC, and start all over again :wacko: . I tried removing it in Safe Mode, I thought it would work so I tried. It didn't, of course. Seriously though, my PC works fine (though a bit slower than usual) right after start up :busy: and I can play games and view documents and stuff, only if I ignore the virus notifications though. This thing started last week end, but during weekdays I'm far away from my PC because of school so I couldn't do anything. I'm afraid if I keep ignoring it, it might get worse. Oh and it looks like we have pretty much (i don't really know) the same problem, but I didn't want to try anything yet.. This guyhere


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Ed at 17:22:39 on 2012-02-18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3581.1572 [GMT 8:00]
.
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Kaspersky Internet Security *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
SP: Kaspersky Internet Security *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version6\tv_x64.exe
C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\SteamTool\SteamTool.exe
C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ed\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
mURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Ed\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 172.16.0.1
TCP: Interfaces\{6444E0AD-3950-4C67-A498-B75C3A360B02} : DhcpNameServer = 172.16.0.1
Notify: opretuq - C:\Windows\system32\config\systemprofile\AppData\Local\opretuq.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
BHO-X64: Browser Defender BHO - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mRun-x64: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\i0mdcbu7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - component: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\platform\WINNT_x86-msvc\components\libheuristic.dll
FF - component: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\i0mdcbu7.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\i0mdcbu7.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\i0mdcbu7.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPSqueak.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - C:\Program Files (x86)\PC Tools Security\BDT\Firefox
.
============= SERVICES / DRIVERS ===============
.
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 DKRtWrt;DKRtWrt;C:\Windows\system32\DRIVERS\DKRtWrt.sys --> C:\Windows\system32\DRIVERS\DKRtWrt.sys [?]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
S3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-7-24 20336]
S3 HtcVCom32;%OEMSerialPortName00%;C:\Windows\system32\DRIVERS\HtcVComV64.sys --> C:\Windows\system32\DRIVERS\HtcVComV64.sys [?]
.
=============== File Associations ===============
.
inifile=C:\WINDOWS\SYSWOW64\NOTEPAD.EXE %1
txtfile=C:\WINDOWS\SYSWOW64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-02-18 08:57:44 -------- d-----w- C:\Program Files (x86)\SteamTool
2012-02-18 08:40:11 -------- d-----w- C:\Users\Ed\AppData\Roaming\PCToolsFirewallPlus
2012-02-18 08:40:10 -------- d-----w- C:\Users\Ed\AppData\Roaming\Spam Monitor
2012-02-18 06:55:11 179976 ----a-w- C:\Windows\System32\drivers\pctplfw64.sys
2012-02-18 06:52:18 77784 ----a-w- C:\Windows\System32\drivers\pctNdis64.sys
2012-02-18 06:52:16 119688 ----a-w- C:\Windows\System32\drivers\pctNdis-PacketFilter64.sys
2012-02-18 06:52:13 42968 ----a-w- C:\Windows\System32\drivers\pctNdis-DNS64.sys
2012-02-18 05:15:23 74824 --s---w- C:\Windows\System32\drivers\TfSysMon.sys
2012-02-18 05:15:23 65072 --s---w- C:\Windows\System32\drivers\TfFsMon.sys
2012-02-18 05:15:23 41888 --s---w- C:\Windows\System32\drivers\TfNetMon.sys
2012-02-18 05:10:18 767952 ----a-w- C:\Windows\BDTSupport.dll
2012-02-18 05:10:18 2000848 ----a-w- C:\Windows\PCTBDCore.dll
2012-02-18 05:10:18 1533904 ----a-w- C:\Windows\PCTBDRes.dll
2012-02-18 05:10:18 149456 ----a-w- C:\Windows\SGDetectionTool.dll
2012-02-18 04:52:31 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2012-02-18 04:52:31 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2012-02-18 04:52:30 334976 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-02-18 04:52:30 137704 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-02-18 04:52:29 257232 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2012-02-18 04:52:27 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-02-18 04:52:22 -------- d-----w- C:\Users\Ed\AppData\Roaming\PC Tools
2012-02-18 04:52:22 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2012-02-18 04:52:22 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-02-18 04:44:32 -------- d-----w- C:\ProgramData\PC Tools
2012-02-18 04:34:09 -------- d-----w- C:\Users\Ed\AppData\Roaming\SpeedyPC Software
2012-02-18 04:34:09 -------- d-----w- C:\Users\Ed\AppData\Roaming\DriverCure
2012-02-18 04:34:04 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-02-12 04:57:43 -------- d-----w- C:\Users\Ed\AppData\Roaming\DarknessII
2012-02-12 04:50:42 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-02-12 04:49:30 -------- d-----we C:\Windows\system64
2012-02-11 03:25:54 -------- d-----w- C:\Users\Ed\AppData\Roaming\cYo
2012-02-11 03:25:54 -------- d-----w- C:\Users\Ed\AppData\Local\cYo
2012-02-11 02:35:49 -------- d-----w- C:\Program Files\ComicRack
2012-01-22 11:15:47 -------- d-----w- C:\Program Files (x86)\GarenaLoLPH
2012-01-22 11:13:16 -------- d-----w- C:\ProgramData\GarenaMessenger
2012-01-22 00:22:27 -------- d-----w- C:\Program Files\iTunes
2012-01-22 00:22:27 -------- d-----w- C:\Program Files\iPod
.
==================== Find3M ====================
.
2012-02-12 03:53:10 564792 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-01-01 16:24:39 18996224 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-01-01 16:24:19 4061696 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-01-01 16:23:18 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-01-01 16:22:39 360448 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2012-01-01 16:22:13 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-01-01 16:22:04 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2012-01-01 16:21:52 516608 ----a-w- C:\Windows\System32\atieclxx.exe
2012-01-01 16:21:32 332800 ----a-w- C:\Windows\System32\ATIODE.exe
2012-01-01 16:21:20 325632 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-01-01 16:20:58 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-01-01 16:20:48 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-01-01 16:20:45 13552640 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-01-01 16:20:23 348160 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-01-01 16:20:00 6077952 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-01-01 16:19:44 11300864 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-01-01 16:11:02 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-01-01 16:07:46 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-01-01 15:40:00 494592 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-01-01 15:39:26 25218048 ----a-w- C:\Windows\System32\atio6axx.dll
2012-01-01 15:39:09 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-01-01 15:39:06 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2012-01-01 15:38:47 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-01-01 15:38:47 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-01-01 15:38:40 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-01-01 15:38:39 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-01-01 15:38:37 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-01-01 15:38:10 32256 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-01-01 15:37:49 39424 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-01-01 15:37:40 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-01-01 15:37:40 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-01-01 15:36:40 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-01-01 15:36:27 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-01-01 15:35:48 10567680 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-01-01 15:35:46 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2012-01-01 15:35:16 41984 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-01-01 15:35:01 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-01-01 15:34:59 774656 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-01-01 15:34:29 4200960 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-01-01 15:34:21 51200 ----a-w- C:\Windows\System32\ATIODCLI.exe
2012-01-01 15:33:29 927232 ----a-w- C:\Windows\System32\aticfx64.dll
2012-01-01 15:33:16 7405056 ----a-w- C:\Windows\System32\atidxx64.dll
2012-01-01 15:32:41 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-01-01 15:32:40 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-01-01 15:32:24 7439360 ----a-w- C:\Windows\System32\atiumd64.dll
2012-01-01 15:32:02 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-01-01 15:31:55 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-01-01 15:31:55 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-01-01 15:31:35 5852672 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-01-01 15:31:21 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-01-01 15:31:12 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
.
============= FINISH: 17:28:46.89 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 PM

Posted 19 February 2012 - 02:58 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 chedi

chedi
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 19 February 2012 - 07:55 AM

Hello, thank you for helping me with this :D

I used Combofix already, but it told me about an update so I said yes. Then it said something about not being able to download and said it would run in "reduced functionality mode" so i said yes.. then it just quit and nothing happened.. did I do something wrong? Should I run it again?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 PM

Posted 19 February 2012 - 02:34 PM

Hello

delete the one you have and download a new one from the link I have given you




gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 chedi

chedi
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 19 February 2012 - 05:10 PM

okay, I have the log, should I copy and paste it here or attach the file?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 PM

Posted 19 February 2012 - 05:32 PM

copy and paste please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 chedi

chedi
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 19 February 2012 - 05:43 PM

Here it is
--------------------------------------

ComboFix 12-02-13.01 - Ed 02/20/2012 5:55.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3581.2453 [GMT 8:00]
Running from: c:\users\Ed\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Kaspersky Internet Security *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
FW: Kaspersky Internet Security *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Kaspersky Internet Security *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
ADS - Windows: deleted 48 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-01-19 to 2012-02-19 )))))))))))))))))))))))))))))))
.
.
2012-02-19 21:57 . 2012-02-19 21:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-18 09:38 . 2012-02-18 09:38 -------- d-----w- c:\users\Ed\AppData\Local\Stefan_Jones
2012-02-18 08:57 . 2012-02-18 08:57 -------- d-----w- c:\program files (x86)\SteamTool
2012-02-18 08:40 . 2012-02-18 08:40 -------- d-----w- c:\users\Ed\AppData\Roaming\PCToolsFirewallPlus
2012-02-18 08:40 . 2012-02-18 08:40 -------- d-----w- c:\users\Ed\AppData\Roaming\Spam Monitor
2012-02-18 04:44 . 2012-02-19 04:23 -------- d-----w- c:\programdata\PC Tools
2012-02-18 04:34 . 2012-02-18 04:34 -------- d-----w- c:\users\Ed\AppData\Roaming\SpeedyPC Software
2012-02-18 04:34 . 2012-02-18 04:34 -------- d-----w- c:\users\Ed\AppData\Roaming\DriverCure
2012-02-18 04:34 . 2012-02-18 05:49 -------- d-----w- c:\programdata\SpeedyPC Software
2012-02-12 04:57 . 2012-02-13 06:54 -------- d-----w- c:\users\Ed\AppData\Roaming\DarknessII
2012-02-12 04:50 . 2012-02-13 00:02 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-12 04:49 . 2012-02-12 04:49 -------- d-----we c:\windows\system64
2012-02-11 02:35 . 2012-02-19 04:29 -------- d-----w- c:\program files\ComicRack
2012-01-22 11:15 . 2012-02-18 04:45 -------- d-----w- c:\program files (x86)\GarenaLoLPH
2012-01-22 11:13 . 2012-01-22 11:21 -------- d-----w- c:\programdata\GarenaMessenger
2012-01-22 00:22 . 2012-01-22 00:22 -------- d-----w- c:\program files\iTunes
2012-01-22 00:22 . 2012-01-22 00:22 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-12 03:53 . 2010-08-16 05:45 564792 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-01-01 16:24 . 2012-01-01 16:20 18996224 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-01-01 16:24 . 2009-07-13 21:59 4061696 ----a-w- c:\windows\system32\atiumd6a.dll
2012-01-01 16:23 . 2012-01-01 16:23 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-01-01 16:22 . 2012-01-01 16:22 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2012-01-01 16:22 . 2012-01-01 16:22 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-01-01 16:22 . 2012-01-01 16:21 423424 ----a-w- c:\windows\system32\atipdl64.dll
2012-01-01 16:21 . 2012-01-01 16:21 516608 ----a-w- c:\windows\system32\atieclxx.exe
2012-01-01 16:21 . 2012-01-01 16:21 332800 ----a-w- c:\windows\system32\ATIODE.exe
2012-01-01 16:21 . 2012-01-01 16:21 325632 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-01-01 16:20 . 2012-01-01 16:20 58880 ----a-w- c:\windows\system32\coinst.dll
2012-01-01 16:20 . 2012-01-01 16:20 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-01-01 16:20 . 2012-01-01 16:07 13552640 ----a-w- c:\windows\system32\aticaldd64.dll
2012-01-01 16:20 . 2012-01-01 16:19 348160 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-01-01 16:20 . 2012-01-01 16:14 6077952 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-01-01 16:19 . 2012-01-01 15:40 11300864 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-01-01 16:11 . 2012-01-01 16:08 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-01-01 16:07 . 2012-01-01 16:06 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-01-01 15:40 . 2012-01-01 15:39 494592 ----a-w- c:\windows\system32\atiadlxx.dll
2012-01-01 15:39 . 2012-01-01 15:35 25218048 ----a-w- c:\windows\system32\atio6axx.dll
2012-01-01 15:39 . 2012-01-01 15:38 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-01-01 15:39 . 2012-01-01 15:38 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2012-01-01 15:38 . 2012-01-01 15:38 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-01-01 15:38 . 2012-01-01 15:38 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-01-01 15:38 . 2012-01-01 15:38 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2012-01-01 15:38 . 2012-01-01 15:38 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-01-01 15:38 . 2012-01-01 15:38 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-01-01 15:38 . 2012-01-01 15:37 32256 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-01-01 15:37 . 2012-01-01 15:37 39424 ----a-w- c:\windows\system32\atiu9p64.dll
2012-01-01 15:37 . 2012-01-01 15:37 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-01-01 15:37 . 2012-01-01 15:37 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-01-01 15:36 . 2012-01-01 15:35 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-01-01 15:36 . 2012-01-01 15:36 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-01-01 15:35 . 2012-01-01 15:34 10567680 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-01-01 15:35 . 2012-01-01 15:35 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-01-01 15:35 . 2012-01-01 15:35 41984 ----a-w- c:\windows\system32\atiuxp64.dll
2012-01-01 15:35 . 2012-01-01 15:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-01-01 15:34 . 2012-01-01 15:34 774656 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-01-01 15:34 . 2012-01-01 15:33 4200960 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-01-01 15:34 . 2012-01-01 15:34 51200 ----a-w- c:\windows\system32\ATIODCLI.exe
2012-01-01 15:33 . 2012-01-01 15:33 927232 ----a-w- c:\windows\system32\aticfx64.dll
2012-01-01 15:33 . 2009-07-13 21:59 7405056 ----a-w- c:\windows\system32\atidxx64.dll
2012-01-01 15:32 . 2012-01-01 15:32 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-01-01 15:32 . 2012-01-01 15:32 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-01-01 15:32 . 2009-06-10 20:36 7439360 ----a-w- c:\windows\system32\atiumd64.dll
2012-01-01 15:32 . 2012-01-01 15:31 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-01-01 15:31 . 2012-01-01 15:31 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-01-01 15:31 . 2012-01-01 15:31 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-01-01 15:31 . 2012-01-01 15:31 5852672 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-01-01 15:31 . 2012-01-01 15:31 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-01-01 15:31 . 2012-01-01 15:31 159744 ----a-w- c:\windows\system32\atiapfxx.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-08-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system64\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2011-08-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2011-08-27 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2011-02-01 340520]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opretuq]
2012-02-12 05:00 10752 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\opretuq.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 pspuqclm;Wacom Serial Pen HID Controller;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;d:\fullmoon\Games\GG\safedrv.sys [x]
R3 HtcVCom32;%OEMSerialPortName00%;c:\windows\system32\DRIVERS\HtcVComV64.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-03-15 71168]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-17 2358656]
S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2009-10-07 489832]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pspuqclm
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b221dd6-e0be-11e0-8de8-00241d84ef82}]
\shell\AutoRun\command - G:\autorun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f97e68a-e262-11df-97af-0011091f581c}]
\shell\AutoRun\command - H:\Autorun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{689f87ee-552d-11e1-b32b-00241d84ef82}]
\shell\AutoRun\command - G:\Setup.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80d568b5-a2fc-11df-ba79-0011091f581c}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-18 c:\windows\Tasks\At2.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2227769910-73038272-156683630-1000Core1cce1a0b8a235eb.job
- c:\users\Ed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 03:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
videoacceleratorengine
NCPro
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.0.1
FF - ProfilePath - c:\users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\i0mdcbu7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
.
.
------- File Associations -------
.
inifile=c:\windows\SYSWOW64\NOTEPAD.EXE %1
txtfile=c:\windows\SYSWOW64\NOTEPAD.EXE %1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-02-20 06:05:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-19 22:05
.
Pre-Run: 5,226,254,336 bytes free
Post-Run: 11,151,949,824 bytes free
.
- - End Of File - - 8DC4DA396B47867F304D32796E1061E4

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 PM

Posted 19 February 2012 - 05:46 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 chedi

chedi
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 19 February 2012 - 06:22 PM

TDSSKiller log


07:10:05.0410 4924 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
07:10:07.0075 4924 ============================================================
07:10:07.0075 4924 Current date / time: 2012/02/20 07:10:07.0075
07:10:07.0075 4924 SystemInfo:
07:10:07.0075 4924
07:10:07.0075 4924 OS Version: 6.1.7600 ServicePack: 0.0
07:10:07.0075 4924 Product type: Workstation
07:10:07.0076 4924 ComputerName: DESKTOP
07:10:07.0076 4924 UserName: Ed
07:10:07.0076 4924 Windows directory: C:\Windows
07:10:07.0076 4924 System windows directory: C:\Windows
07:10:07.0076 4924 Running under WOW64
07:10:07.0076 4924 Processor architecture: Intel x64
07:10:07.0076 4924 Number of processors: 4
07:10:07.0076 4924 Page size: 0x1000
07:10:07.0076 4924 Boot type: Normal boot
07:10:07.0076 4924 ============================================================
07:10:07.0968 4924 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:10:08.0403 4924 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:10:08.0419 4924 \Device\Harddisk0\DR0:
07:10:08.0428 4924 MBR used
07:10:08.0428 4924 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
07:10:08.0428 4924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x7EC2000
07:10:08.0429 4924 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7EF4800, BlocksNum 0x6C811800
07:10:08.0429 4924 \Device\Harddisk1\DR1:
07:10:08.0429 4924 MBR used
07:10:08.0429 4924 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
07:10:08.0569 4924 Initialize success
07:10:08.0569 4924 ============================================================
07:10:16.0312 4828 ============================================================
07:10:16.0312 4828 Scan started
07:10:16.0312 4828 Mode: Manual;
07:10:16.0312 4828 ============================================================
07:10:17.0174 4828 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
07:10:17.0178 4828 1394ohci - ok
07:10:17.0221 4828 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
07:10:17.0224 4828 61883 - ok
07:10:17.0243 4828 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
07:10:17.0248 4828 ACPI - ok
07:10:17.0270 4828 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
07:10:17.0272 4828 AcpiPmi - ok
07:10:17.0295 4828 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:10:17.0303 4828 adp94xx - ok
07:10:17.0327 4828 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:10:17.0334 4828 adpahci - ok
07:10:17.0361 4828 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:10:17.0365 4828 adpu320 - ok
07:10:17.0425 4828 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
07:10:17.0434 4828 AFD - ok
07:10:17.0456 4828 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
07:10:17.0458 4828 agp440 - ok
07:10:17.0483 4828 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
07:10:17.0485 4828 aliide - ok
07:10:17.0515 4828 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
07:10:17.0517 4828 amdide - ok
07:10:17.0551 4828 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
07:10:17.0553 4828 amdiox64 - ok
07:10:17.0568 4828 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:10:17.0571 4828 AmdK8 - ok
07:10:17.0796 4828 amdkmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
07:10:17.0970 4828 amdkmdag - ok
07:10:18.0019 4828 amdkmdap (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys
07:10:18.0023 4828 amdkmdap - ok
07:10:18.0049 4828 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:10:18.0050 4828 AmdPPM - ok
07:10:18.0072 4828 amdsata (12a5062c06e03ff70db47800f91c7a13) C:\Windows\system32\DRIVERS\amdsata.sys
07:10:18.0074 4828 amdsata - ok
07:10:18.0101 4828 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:10:18.0105 4828 amdsbs - ok
07:10:18.0130 4828 amdxata (8a7f289b45ceacac761e14d5fac59eb9) C:\Windows\system32\DRIVERS\amdxata.sys
07:10:18.0131 4828 amdxata - ok
07:10:18.0163 4828 AODDriver4.01 - ok
07:10:18.0195 4828 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
07:10:18.0197 4828 AppID - ok
07:10:18.0243 4828 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:10:18.0245 4828 arc - ok
07:10:18.0266 4828 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:10:18.0269 4828 arcsas - ok
07:10:18.0302 4828 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:10:18.0304 4828 AsyncMac - ok
07:10:18.0333 4828 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
07:10:18.0334 4828 atapi - ok
07:10:18.0546 4828 atikmdag (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
07:10:18.0609 4828 atikmdag - ok
07:10:18.0646 4828 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
07:10:18.0647 4828 AtiPcie - ok
07:10:18.0687 4828 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
07:10:18.0691 4828 atksgt - ok
07:10:18.0741 4828 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
07:10:18.0744 4828 Avc - ok
07:10:18.0786 4828 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:10:18.0794 4828 b06bdrv - ok
07:10:18.0851 4828 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:10:18.0857 4828 b57nd60a - ok
07:10:18.0917 4828 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:10:18.0919 4828 Beep - ok
07:10:18.0942 4828 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:10:18.0943 4828 blbdrive - ok
07:10:18.0989 4828 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
07:10:18.0992 4828 bowser - ok
07:10:19.0009 4828 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:10:19.0011 4828 BrFiltLo - ok
07:10:19.0032 4828 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:10:19.0033 4828 BrFiltUp - ok
07:10:19.0057 4828 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
07:10:19.0060 4828 BridgeMP - ok
07:10:19.0106 4828 BrPar (91eb9c1fc4a4221ca3ccbd864f815c30) C:\Windows\System32\drivers\BrPar64a.sys
07:10:19.0107 4828 BrPar - ok
07:10:19.0130 4828 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:10:19.0136 4828 Brserid - ok
07:10:19.0151 4828 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:10:19.0154 4828 BrSerWdm - ok
07:10:19.0174 4828 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:10:19.0175 4828 BrUsbMdm - ok
07:10:19.0192 4828 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:10:19.0194 4828 BrUsbSer - ok
07:10:19.0219 4828 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
07:10:19.0221 4828 BthEnum - ok
07:10:19.0232 4828 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:10:19.0235 4828 BTHMODEM - ok
07:10:19.0254 4828 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
07:10:19.0257 4828 BthPan - ok
07:10:19.0295 4828 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
07:10:19.0305 4828 BTHPORT - ok
07:10:19.0337 4828 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
07:10:19.0339 4828 BTHUSB - ok
07:10:19.0364 4828 catchme - ok
07:10:19.0384 4828 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:10:19.0388 4828 cdfs - ok
07:10:19.0419 4828 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
07:10:19.0422 4828 cdrom - ok
07:10:19.0466 4828 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:10:19.0468 4828 circlass - ok
07:10:19.0491 4828 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:10:19.0498 4828 CLFS - ok
07:10:19.0564 4828 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:10:19.0566 4828 CmBatt - ok
07:10:19.0584 4828 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
07:10:19.0586 4828 cmdide - ok
07:10:19.0608 4828 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
07:10:19.0616 4828 CNG - ok
07:10:19.0636 4828 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:10:19.0637 4828 Compbatt - ok
07:10:19.0655 4828 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
07:10:19.0656 4828 CompositeBus - ok
07:10:19.0681 4828 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:10:19.0683 4828 crcdisk - ok
07:10:19.0722 4828 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
07:10:19.0731 4828 CSC - ok
07:10:19.0780 4828 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
07:10:19.0784 4828 DfsC - ok
07:10:19.0806 4828 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:10:19.0808 4828 discache - ok
07:10:19.0837 4828 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:10:19.0839 4828 Disk - ok
07:10:19.0888 4828 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:10:19.0889 4828 drmkaud - ok
07:10:19.0930 4828 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
07:10:19.0942 4828 DXGKrnl - ok
07:10:20.0031 4828 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:10:20.0091 4828 ebdrv - ok
07:10:20.0153 4828 ElbyCDIO (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys
07:10:20.0154 4828 ElbyCDIO - ok
07:10:20.0240 4828 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:10:20.0249 4828 elxstor - ok
07:10:20.0266 4828 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
07:10:20.0268 4828 ErrDev - ok
07:10:20.0298 4828 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:10:20.0302 4828 exfat - ok
07:10:20.0322 4828 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:10:20.0326 4828 fastfat - ok
07:10:20.0350 4828 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:10:20.0353 4828 fdc - ok
07:10:20.0387 4828 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:10:20.0390 4828 FileInfo - ok
07:10:20.0404 4828 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:10:20.0406 4828 Filetrace - ok
07:10:20.0420 4828 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:10:20.0422 4828 flpydisk - ok
07:10:20.0444 4828 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
07:10:20.0450 4828 FltMgr - ok
07:10:20.0484 4828 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:10:20.0486 4828 FsDepends - ok
07:10:20.0502 4828 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
07:10:20.0503 4828 Fs_Rec - ok
07:10:20.0525 4828 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:10:20.0530 4828 fvevol - ok
07:10:20.0559 4828 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:10:20.0562 4828 gagp30kx - ok
07:10:20.0588 4828 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:10:20.0589 4828 GEARAspiWDM - ok
07:10:20.0677 4828 GGSAFERDriver - ok
07:10:20.0719 4828 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:10:20.0722 4828 hcw85cir - ok
07:10:20.0763 4828 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
07:10:20.0770 4828 HdAudAddService - ok
07:10:20.0787 4828 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:10:20.0790 4828 HDAudBus - ok
07:10:20.0807 4828 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:10:20.0809 4828 HidBatt - ok
07:10:20.0832 4828 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:10:20.0836 4828 HidBth - ok
07:10:20.0858 4828 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:10:20.0860 4828 HidIr - ok
07:10:20.0897 4828 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
07:10:20.0899 4828 HidUsb - ok
07:10:20.0937 4828 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
07:10:20.0940 4828 HpSAMD - ok
07:10:20.0996 4828 HtcVCom32 (be364aee7f85a36d536eba47a17536eb) C:\Windows\system32\DRIVERS\HtcVComV64.sys
07:10:20.0999 4828 HtcVCom32 - ok
07:10:21.0042 4828 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
07:10:21.0055 4828 HTTP - ok
07:10:21.0067 4828 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
07:10:21.0068 4828 hwpolicy - ok
07:10:21.0089 4828 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
07:10:21.0092 4828 i8042prt - ok
07:10:21.0121 4828 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
07:10:21.0129 4828 iaStorV - ok
07:10:21.0181 4828 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:10:21.0184 4828 iirsp - ok
07:10:21.0269 4828 IntcAzAudAddService (e76fdfff07f8a2fa81ff250dda0f6bba) C:\Windows\system32\drivers\RTKVHD64.sys
07:10:21.0291 4828 IntcAzAudAddService - ok
07:10:21.0312 4828 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
07:10:21.0313 4828 intelide - ok
07:10:21.0334 4828 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:10:21.0336 4828 intelppm - ok
07:10:21.0361 4828 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:10:21.0363 4828 IpFilterDriver - ok
07:10:21.0403 4828 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
07:10:21.0406 4828 IPMIDRV - ok
07:10:21.0424 4828 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:10:21.0427 4828 IPNAT - ok
07:10:21.0457 4828 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:10:21.0459 4828 IRENUM - ok
07:10:21.0480 4828 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
07:10:21.0482 4828 isapnp - ok
07:10:21.0505 4828 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
07:10:21.0510 4828 iScsiPrt - ok
07:10:21.0532 4828 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
07:10:21.0533 4828 kbdclass - ok
07:10:21.0549 4828 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
07:10:21.0551 4828 kbdhid - ok
07:10:21.0587 4828 kl1 (db449f50e5141458eb58e64ffac4863f) C:\Windows\system32\DRIVERS\kl1.sys
07:10:21.0589 4828 kl1 - ok
07:10:21.0603 4828 KLBG (87200a8afe40532baa4d2b24a7ba0eea) C:\Windows\system32\DRIVERS\klbg.sys
07:10:21.0604 4828 KLBG - ok
07:10:21.0646 4828 KLIF (09bad645d3843669c281431c7df2db2e) C:\Windows\system32\DRIVERS\klif.sys
07:10:21.0648 4828 KLIF - ok
07:10:21.0678 4828 KLIM6 (a1d045c763adec1c7bcb2150f36c60dc) C:\Windows\system32\DRIVERS\klim6.sys
07:10:21.0679 4828 KLIM6 - ok
07:10:21.0702 4828 klmouflt (786791291939abb11f6d0f040da23912) C:\Windows\system32\DRIVERS\klmouflt.sys
07:10:21.0703 4828 klmouflt - ok
07:10:21.0720 4828 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
07:10:21.0723 4828 KSecDD - ok
07:10:21.0749 4828 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
07:10:21.0752 4828 KSecPkg - ok
07:10:21.0761 4828 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:10:21.0763 4828 ksthunk - ok
07:10:21.0811 4828 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
07:10:21.0812 4828 lirsgt - ok
07:10:21.0851 4828 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:10:21.0853 4828 lltdio - ok
07:10:21.0878 4828 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:10:21.0881 4828 LSI_FC - ok
07:10:21.0898 4828 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:10:21.0901 4828 LSI_SAS - ok
07:10:21.0920 4828 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:10:21.0922 4828 LSI_SAS2 - ok
07:10:21.0953 4828 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:10:21.0957 4828 LSI_SCSI - ok
07:10:21.0979 4828 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:10:21.0982 4828 luafv - ok
07:10:22.0001 4828 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:10:22.0003 4828 megasas - ok
07:10:22.0027 4828 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:10:22.0032 4828 MegaSR - ok
07:10:22.0060 4828 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:10:22.0062 4828 Modem - ok
07:10:22.0079 4828 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:10:22.0080 4828 monitor - ok
07:10:22.0097 4828 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
07:10:22.0098 4828 mouclass - ok
07:10:22.0111 4828 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:10:22.0112 4828 mouhid - ok
07:10:22.0130 4828 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
07:10:22.0133 4828 mountmgr - ok
07:10:22.0155 4828 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
07:10:22.0159 4828 mpio - ok
07:10:22.0180 4828 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:10:22.0182 4828 mpsdrv - ok
07:10:22.0237 4828 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
07:10:22.0241 4828 MRxDAV - ok
07:10:22.0272 4828 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:10:22.0274 4828 mrxsmb - ok
07:10:22.0313 4828 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:10:22.0319 4828 mrxsmb10 - ok
07:10:22.0347 4828 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:10:22.0350 4828 mrxsmb20 - ok
07:10:22.0364 4828 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
07:10:22.0365 4828 msahci - ok
07:10:22.0387 4828 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
07:10:22.0390 4828 msdsm - ok
07:10:22.0445 4828 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
07:10:22.0448 4828 MSDV - ok
07:10:22.0473 4828 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:10:22.0475 4828 Msfs - ok
07:10:22.0490 4828 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:10:22.0491 4828 mshidkmdf - ok
07:10:22.0509 4828 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
07:10:22.0511 4828 msisadrv - ok
07:10:22.0549 4828 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:10:22.0551 4828 MSKSSRV - ok
07:10:22.0565 4828 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:10:22.0568 4828 MSPCLOCK - ok
07:10:22.0583 4828 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:10:22.0585 4828 MSPQM - ok
07:10:22.0612 4828 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
07:10:22.0619 4828 MsRPC - ok
07:10:22.0638 4828 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
07:10:22.0640 4828 mssmbios - ok
07:10:22.0666 4828 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:10:22.0668 4828 MSTEE - ok
07:10:22.0687 4828 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:10:22.0689 4828 MTConfig - ok
07:10:22.0718 4828 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:10:22.0720 4828 Mup - ok
07:10:22.0749 4828 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:10:22.0755 4828 NativeWifiP - ok
07:10:22.0794 4828 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
07:10:22.0806 4828 NDIS - ok
07:10:22.0828 4828 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:10:22.0829 4828 NdisCap - ok
07:10:22.0855 4828 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:10:22.0857 4828 NdisTapi - ok
07:10:22.0882 4828 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
07:10:22.0885 4828 Ndisuio - ok
07:10:22.0910 4828 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
07:10:22.0914 4828 NdisWan - ok
07:10:22.0944 4828 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
07:10:22.0947 4828 NDProxy - ok
07:10:22.0965 4828 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:10:22.0967 4828 NetBIOS - ok
07:10:22.0988 4828 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
07:10:22.0994 4828 NetBT - ok
07:10:23.0069 4828 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:10:23.0072 4828 nfrd960 - ok
07:10:23.0120 4828 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:10:23.0122 4828 Npfs - ok
07:10:23.0149 4828 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:10:23.0150 4828 nsiproxy - ok
07:10:23.0202 4828 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
07:10:23.0215 4828 Ntfs - ok
07:10:23.0228 4828 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:10:23.0229 4828 Null - ok
07:10:23.0252 4828 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
07:10:23.0254 4828 nvraid - ok
07:10:23.0274 4828 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
07:10:23.0277 4828 nvstor - ok
07:10:23.0292 4828 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
07:10:23.0294 4828 nv_agp - ok
07:10:23.0312 4828 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
07:10:23.0314 4828 ohci1394 - ok
07:10:23.0352 4828 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:10:23.0354 4828 Parport - ok
07:10:23.0372 4828 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
07:10:23.0374 4828 partmgr - ok
07:10:23.0392 4828 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
07:10:23.0394 4828 pci - ok
07:10:23.0406 4828 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
07:10:23.0407 4828 pciide - ok
07:10:23.0425 4828 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:10:23.0428 4828 pcmcia - ok
07:10:23.0444 4828 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:10:23.0445 4828 pcw - ok
07:10:23.0467 4828 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:10:23.0475 4828 PEAUTH - ok
07:10:23.0550 4828 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
07:10:23.0553 4828 PptpMiniport - ok
07:10:23.0575 4828 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:10:23.0578 4828 Processor - ok
07:10:23.0609 4828 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
07:10:23.0612 4828 Psched - ok
07:10:23.0665 4828 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:10:23.0700 4828 ql2300 - ok
07:10:23.0715 4828 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:10:23.0718 4828 ql40xx - ok
07:10:23.0743 4828 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:10:23.0744 4828 QWAVEdrv - ok
07:10:23.0762 4828 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:10:23.0763 4828 RasAcd - ok
07:10:23.0785 4828 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:10:23.0787 4828 RasAgileVpn - ok
07:10:23.0809 4828 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:10:23.0813 4828 Rasl2tp - ok
07:10:23.0841 4828 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:10:23.0846 4828 RasPppoe - ok
07:10:23.0933 4828 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:10:23.0946 4828 RasSstp - ok
07:10:24.0039 4828 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
07:10:24.0045 4828 rdbss - ok
07:10:24.0063 4828 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:10:24.0065 4828 rdpbus - ok
07:10:24.0079 4828 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:10:24.0081 4828 RDPCDD - ok
07:10:24.0111 4828 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
07:10:24.0115 4828 RDPDR - ok
07:10:24.0130 4828 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:10:24.0132 4828 RDPENCDD - ok
07:10:24.0149 4828 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:10:24.0151 4828 RDPREFMP - ok
07:10:24.0178 4828 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
07:10:24.0182 4828 RDPWD - ok
07:10:24.0200 4828 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
07:10:24.0204 4828 rdyboost - ok
07:10:24.0252 4828 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
07:10:24.0255 4828 RFCOMM - ok
07:10:24.0283 4828 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:10:24.0286 4828 rspndr - ok
07:10:24.0325 4828 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
07:10:24.0328 4828 RTHDMIAzAudService - ok
07:10:24.0355 4828 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
07:10:24.0359 4828 RTL8167 - ok
07:10:24.0377 4828 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
07:10:24.0379 4828 s3cap - ok
07:10:24.0403 4828 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
07:10:24.0407 4828 sbp2port - ok
07:10:24.0507 4828 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
07:10:24.0509 4828 SCDEmu - ok
07:10:24.0562 4828 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
07:10:24.0564 4828 scfilter - ok
07:10:24.0606 4828 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:10:24.0608 4828 secdrv - ok
07:10:24.0639 4828 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:10:24.0641 4828 Serenum - ok
07:10:24.0661 4828 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:10:24.0664 4828 Serial - ok
07:10:24.0686 4828 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:10:24.0688 4828 sermouse - ok
07:10:24.0733 4828 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
07:10:24.0735 4828 sffdisk - ok
07:10:24.0759 4828 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
07:10:24.0761 4828 sffp_mmc - ok
07:10:24.0779 4828 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
07:10:24.0781 4828 sffp_sd - ok
07:10:24.0799 4828 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:10:24.0801 4828 sfloppy - ok
07:10:24.0827 4828 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:10:24.0829 4828 SiSRaid2 - ok
07:10:24.0850 4828 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:10:24.0853 4828 SiSRaid4 - ok
07:10:24.0883 4828 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:10:24.0886 4828 Smb - ok
07:10:24.0911 4828 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:10:24.0913 4828 spldr - ok
07:10:24.0974 4828 sptd (dfc4e2081324e505ca479e473a78d893) C:\Windows\System32\Drivers\sptd.sys
07:10:24.0984 4828 sptd - ok
07:10:25.0017 4828 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
07:10:25.0026 4828 srv - ok
07:10:25.0070 4828 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
07:10:25.0077 4828 srv2 - ok
07:10:25.0095 4828 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
07:10:25.0099 4828 srvnet - ok
07:10:25.0142 4828 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:10:25.0145 4828 stexstor - ok
07:10:25.0164 4828 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
07:10:25.0166 4828 storflt - ok
07:10:25.0177 4828 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
07:10:25.0179 4828 storvsc - ok
07:10:25.0196 4828 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
07:10:25.0197 4828 swenum - ok
07:10:25.0285 4828 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
07:10:25.0308 4828 Tcpip - ok
07:10:25.0369 4828 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
07:10:25.0391 4828 TCPIP6 - ok
07:10:25.0416 4828 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
07:10:25.0417 4828 tcpipreg - ok
07:10:25.0440 4828 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:10:25.0441 4828 TDPIPE - ok
07:10:25.0454 4828 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
07:10:25.0455 4828 TDTCP - ok
07:10:25.0474 4828 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
07:10:25.0475 4828 tdx - ok
07:10:25.0492 4828 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
07:10:25.0493 4828 TermDD - ok
07:10:25.0513 4828 TfFsMon - ok
07:10:25.0526 4828 TfNetMon - ok
07:10:25.0555 4828 TFSysMon - ok
07:10:25.0599 4828 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:10:25.0601 4828 tssecsrv - ok
07:10:25.0628 4828 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
07:10:25.0632 4828 tunnel - ok
07:10:25.0654 4828 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:10:25.0657 4828 uagp35 - ok
07:10:25.0686 4828 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
07:10:25.0692 4828 udfs - ok
07:10:25.0725 4828 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
07:10:25.0728 4828 uliagpkx - ok
07:10:25.0755 4828 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
07:10:25.0757 4828 umbus - ok
07:10:25.0772 4828 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:10:25.0774 4828 UmPass - ok
07:10:25.0807 4828 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
07:10:25.0809 4828 USBAAPL64 - ok
07:10:25.0843 4828 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
07:10:25.0846 4828 usbaudio - ok
07:10:25.0864 4828 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
07:10:25.0867 4828 usbccgp - ok
07:10:25.0896 4828 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
07:10:25.0899 4828 usbcir - ok
07:10:25.0919 4828 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
07:10:25.0921 4828 usbehci - ok
07:10:25.0953 4828 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
07:10:25.0954 4828 usbfilter - ok
07:10:25.0979 4828 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
07:10:25.0986 4828 usbhub - ok
07:10:26.0004 4828 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
07:10:26.0006 4828 usbohci - ok
07:10:26.0021 4828 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:10:26.0023 4828 usbprint - ok
07:10:26.0042 4828 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:10:26.0045 4828 USBSTOR - ok
07:10:26.0067 4828 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
07:10:26.0069 4828 usbuhci - ok
07:10:26.0102 4828 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
07:10:26.0106 4828 usbvideo - ok
07:10:26.0143 4828 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
07:10:26.0144 4828 vdrvroot - ok
07:10:26.0165 4828 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:10:26.0168 4828 vga - ok
07:10:26.0184 4828 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:10:26.0186 4828 VgaSave - ok
07:10:26.0205 4828 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
07:10:26.0210 4828 vhdmp - ok
07:10:26.0229 4828 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
07:10:26.0231 4828 viaide - ok
07:10:26.0262 4828 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
07:10:26.0266 4828 vmbus - ok
07:10:26.0283 4828 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
07:10:26.0285 4828 VMBusHID - ok
07:10:26.0307 4828 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
07:10:26.0309 4828 volmgr - ok
07:10:26.0331 4828 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
07:10:26.0337 4828 volmgrx - ok
07:10:26.0369 4828 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
07:10:26.0374 4828 volsnap - ok
07:10:26.0398 4828 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:10:26.0402 4828 vsmraid - ok
07:10:26.0425 4828 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
07:10:26.0427 4828 vwifibus - ok
07:10:26.0462 4828 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:10:26.0463 4828 WacomPen - ok
07:10:26.0491 4828 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
07:10:26.0494 4828 WANARP - ok
07:10:26.0503 4828 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
07:10:26.0505 4828 Wanarpv6 - ok
07:10:26.0554 4828 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:10:26.0556 4828 Wd - ok
07:10:26.0585 4828 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:10:26.0596 4828 Wdf01000 - ok
07:10:26.0636 4828 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:10:26.0638 4828 WfpLwf - ok
07:10:26.0675 4828 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:10:26.0677 4828 WIMMount - ok
07:10:26.0733 4828 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
07:10:26.0736 4828 WinUsb - ok
07:10:26.0763 4828 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
07:10:26.0764 4828 WmiAcpi - ok
07:10:26.0791 4828 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:10:26.0793 4828 ws2ifsl - ok
07:10:26.0824 4828 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
07:10:26.0826 4828 WSDPrintDevice - ok
07:10:26.0858 4828 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
07:10:26.0861 4828 WudfPf - ok
07:10:26.0890 4828 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:10:26.0894 4828 WUDFRd - ok
07:10:26.0919 4828 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
07:10:26.0961 4828 \Device\Harddisk0\DR0 - ok
07:10:26.0966 4828 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
07:10:26.0970 4828 \Device\Harddisk1\DR1 - ok
07:10:26.0976 4828 Boot (0x1200) (8ee1f85258b6983e4cd85fbbf1b82b9d) \Device\Harddisk0\DR0\Partition0
07:10:26.0977 4828 \Device\Harddisk0\DR0\Partition0 - ok
07:10:27.0002 4828 Boot (0x1200) (06fd2e63cea1925bef602b3adb290b05) \Device\Harddisk0\DR0\Partition1
07:10:27.0003 4828 \Device\Harddisk0\DR0\Partition1 - ok
07:10:27.0019 4828 Boot (0x1200) (b16e66ac303ec2bf7118650f298c2d0c) \Device\Harddisk0\DR0\Partition2
07:10:27.0021 4828 \Device\Harddisk0\DR0\Partition2 - ok
07:10:27.0026 4828 Boot (0x1200) (7958235ee53567207fad512293892b28) \Device\Harddisk1\DR1\Partition0
07:10:27.0028 4828 \Device\Harddisk1\DR1\Partition0 - ok
07:10:27.0031 4828 ============================================================
07:10:27.0031 4828 Scan finished
07:10:27.0031 4828 ============================================================
07:10:27.0053 1776 Detected object count: 0
07:10:27.0053 1776 Actual detected object count: 0

---------------------------
aswMBR report

aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-20 07:12:26
-----------------------------
07:12:26.021 OS Version: Windows x64 6.1.7600
07:12:26.021 Number of processors: 4 586 0x203
07:12:26.023 ComputerName: DESKTOP UserName: Ed
07:12:26.698 Initialize success
07:17:22.894 AVAST engine defs: 12021901
07:17:25.439 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
07:17:25.443 Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 11
07:17:25.447 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000069
07:17:25.451 Disk 1 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11
07:17:25.463 Disk 0 MBR read successfully
07:17:25.467 Disk 0 MBR scan
07:17:25.476 Disk 0 Windows 7 default MBR code
07:17:25.482 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
07:17:25.495 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 64900 MB offset 206848
07:17:25.513 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 888867 MB offset 133122048
07:17:25.522 Service scanning
07:17:41.883 Modules scanning
07:17:41.897 Disk 0 trace - called modules:
07:17:42.254 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800430a2c0]<<sptd.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys
07:17:42.263 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004710060]
07:17:42.271 3 CLASSPNP.SYS[fffff88001ae543f] -> nt!IofCallDriver -> [0xfffffa80039f8690]
07:17:42.280 \Driver\amdxata[0xfffffa80043bb870] -> IRP_MJ_CREATE -> 0xfffffa800430a2c0
07:17:42.288 5 amdxata.sys[fffff88000fe28b9] -> nt!IofCallDriver -> [0xfffffa8004699b70]
07:17:42.293 7 ACPI.sys[fffff8800100b781] -> nt!IofCallDriver -> \Device\00000068[0xfffffa80045179d0]
07:17:42.298 \Driver\amdsata[0xfffffa80043bb060] -> IRP_MJ_CREATE -> 0xfffffa80043082c0
07:17:43.247 AVAST engine scan C:\Windows
07:17:45.558 AVAST engine scan C:\Windows\system32
07:17:55.186 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
07:20:22.744 AVAST engine scan C:\Windows\system32\drivers
07:20:31.816 AVAST engine scan C:\Users\Ed
07:21:47.112 Disk 0 MBR has been saved successfully to "C:\Users\Ed\Desktop\MBR.dat"
07:21:47.120 The log file has been saved successfully to "C:\Users\Ed\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 PM

Posted 19 February 2012 - 06:31 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
C:\Windows\system32\consrv.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 chedi

chedi
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 19 February 2012 - 06:52 PM

1. Report from Combofix

ComboFix 12-02-13.01 - Ed 02/20/2012 7:40.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3581.2151 [GMT 8:00]
Running from: c:\users\Ed\Desktop\ComboFix.exe
Command switches used :: c:\users\Ed\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Kaspersky Internet Security *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
FW: Kaspersky Internet Security *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Kaspersky Internet Security *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
FILE ::
"c:\windows\system32\consrv.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-19 to 2012-02-19 )))))))))))))))))))))))))))))))
.
.
2012-02-19 23:42 . 2012-02-19 23:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-18 09:38 . 2012-02-18 09:38 -------- d-----w- c:\users\Ed\AppData\Local\Stefan_Jones
2012-02-18 08:57 . 2012-02-18 08:57 -------- d-----w- c:\program files (x86)\SteamTool
2012-02-18 08:40 . 2012-02-18 08:40 -------- d-----w- c:\users\Ed\AppData\Roaming\PCToolsFirewallPlus
2012-02-18 08:40 . 2012-02-18 08:40 -------- d-----w- c:\users\Ed\AppData\Roaming\Spam Monitor
2012-02-18 04:44 . 2012-02-19 04:23 -------- d-----w- c:\programdata\PC Tools
2012-02-18 04:34 . 2012-02-18 04:34 -------- d-----w- c:\users\Ed\AppData\Roaming\SpeedyPC Software
2012-02-18 04:34 . 2012-02-18 04:34 -------- d-----w- c:\users\Ed\AppData\Roaming\DriverCure
2012-02-18 04:34 . 2012-02-18 05:49 -------- d-----w- c:\programdata\SpeedyPC Software
2012-02-12 04:57 . 2012-02-13 06:54 -------- d-----w- c:\users\Ed\AppData\Roaming\DarknessII
2012-02-12 04:50 . 2012-02-13 00:02 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-12 04:49 . 2012-02-12 04:49 -------- d-----we c:\windows\system64
2012-02-11 02:35 . 2012-02-19 04:29 -------- d-----w- c:\program files\ComicRack
2012-01-22 11:15 . 2012-02-18 04:45 -------- d-----w- c:\program files (x86)\GarenaLoLPH
2012-01-22 11:13 . 2012-01-22 11:21 -------- d-----w- c:\programdata\GarenaMessenger
2012-01-22 00:22 . 2012-01-22 00:22 -------- d-----w- c:\program files\iTunes
2012-01-22 00:22 . 2012-01-22 00:22 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-12 03:53 . 2010-08-16 05:45 564792 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-01-01 16:24 . 2012-01-01 16:20 18996224 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-01-01 16:24 . 2009-07-13 21:59 4061696 ----a-w- c:\windows\system32\atiumd6a.dll
2012-01-01 16:23 . 2012-01-01 16:23 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-01-01 16:22 . 2012-01-01 16:22 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2012-01-01 16:22 . 2012-01-01 16:22 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-01-01 16:22 . 2012-01-01 16:21 423424 ----a-w- c:\windows\system32\atipdl64.dll
2012-01-01 16:21 . 2012-01-01 16:21 516608 ----a-w- c:\windows\system32\atieclxx.exe
2012-01-01 16:21 . 2012-01-01 16:21 332800 ----a-w- c:\windows\system32\ATIODE.exe
2012-01-01 16:21 . 2012-01-01 16:21 325632 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-01-01 16:20 . 2012-01-01 16:20 58880 ----a-w- c:\windows\system32\coinst.dll
2012-01-01 16:20 . 2012-01-01 16:20 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-01-01 16:20 . 2012-01-01 16:07 13552640 ----a-w- c:\windows\system32\aticaldd64.dll
2012-01-01 16:20 . 2012-01-01 16:19 348160 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-01-01 16:20 . 2012-01-01 16:14 6077952 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-01-01 16:19 . 2012-01-01 15:40 11300864 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-01-01 16:11 . 2012-01-01 16:08 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-01-01 16:07 . 2012-01-01 16:06 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-01-01 15:40 . 2012-01-01 15:39 494592 ----a-w- c:\windows\system32\atiadlxx.dll
2012-01-01 15:39 . 2012-01-01 15:35 25218048 ----a-w- c:\windows\system32\atio6axx.dll
2012-01-01 15:39 . 2012-01-01 15:38 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-01-01 15:39 . 2012-01-01 15:38 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2012-01-01 15:38 . 2012-01-01 15:38 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-01-01 15:38 . 2012-01-01 15:38 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-01-01 15:38 . 2012-01-01 15:38 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2012-01-01 15:38 . 2012-01-01 15:38 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-01-01 15:38 . 2012-01-01 15:38 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-01-01 15:38 . 2012-01-01 15:37 32256 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-01-01 15:37 . 2012-01-01 15:37 39424 ----a-w- c:\windows\system32\atiu9p64.dll
2012-01-01 15:37 . 2012-01-01 15:37 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-01-01 15:37 . 2012-01-01 15:37 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-01-01 15:36 . 2012-01-01 15:35 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-01-01 15:36 . 2012-01-01 15:36 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-01-01 15:35 . 2012-01-01 15:34 10567680 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-01-01 15:35 . 2012-01-01 15:35 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-01-01 15:35 . 2012-01-01 15:35 41984 ----a-w- c:\windows\system32\atiuxp64.dll
2012-01-01 15:35 . 2012-01-01 15:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-01-01 15:34 . 2012-01-01 15:34 774656 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-01-01 15:34 . 2012-01-01 15:33 4200960 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-01-01 15:34 . 2012-01-01 15:34 51200 ----a-w- c:\windows\system32\ATIODCLI.exe
2012-01-01 15:33 . 2012-01-01 15:33 927232 ----a-w- c:\windows\system32\aticfx64.dll
2012-01-01 15:33 . 2009-07-13 21:59 7405056 ----a-w- c:\windows\system32\atidxx64.dll
2012-01-01 15:32 . 2012-01-01 15:32 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-01-01 15:32 . 2012-01-01 15:32 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-01-01 15:32 . 2009-06-10 20:36 7439360 ----a-w- c:\windows\system32\atiumd64.dll
2012-01-01 15:32 . 2012-01-01 15:31 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-01-01 15:31 . 2012-01-01 15:31 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-01-01 15:31 . 2012-01-01 15:31 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-01-01 15:31 . 2012-01-01 15:31 5852672 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-01-01 15:31 . 2012-01-01 15:31 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-01-01 15:31 . 2012-01-01 15:31 159744 ----a-w- c:\windows\system32\atiapfxx.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-08-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system64\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2011-08-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2011-08-27 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-02-19_21.59.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-27 01:32 . 2012-02-19 22:02 44712 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-02-19 21:51 32600 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-19 22:02 32600 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-27 00:20 . 2012-02-19 22:02 17360 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2227769910-73038272-156683630-1000_UserData.bin
+ 2010-06-27 01:32 . 2012-02-19 22:02 44712 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-02-19 21:51 32600 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-19 22:02 32600 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-27 00:20 . 2012-02-19 22:02 17360 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2227769910-73038272-156683630-1000_UserData.bin
- 2010-06-27 00:19 . 2012-02-19 21:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-27 00:19 . 2012-02-19 22:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-27 00:19 . 2012-02-19 22:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-27 00:19 . 2012-02-19 21:50 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-27 00:19 . 2012-02-19 21:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-27 00:19 . 2012-02-19 22:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-27 01:11 . 2012-02-19 21:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-27 01:11 . 2012-02-19 22:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-27 01:11 . 2012-02-19 22:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-27 01:11 . 2012-02-19 21:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-19 21:59 . 2012-02-19 21:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-19 23:44 . 2012-02-19 23:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-02-19 21:57 473264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-19 23:42 473264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2011-02-01 340520]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opretuq]
2012-02-12 05:00 10752 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\opretuq.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 pspuqclm;Wacom Serial Pen HID Controller;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;d:\fullmoon\Games\GG\safedrv.sys [x]
R3 HtcVCom32;%OEMSerialPortName00%;c:\windows\system32\DRIVERS\HtcVComV64.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-03-15 71168]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-17 2358656]
S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2009-10-07 489832]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pspuqclm
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b221dd6-e0be-11e0-8de8-00241d84ef82}]
\shell\AutoRun\command - G:\autorun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f97e68a-e262-11df-97af-0011091f581c}]
\shell\AutoRun\command - H:\Autorun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{689f87ee-552d-11e1-b32b-00241d84ef82}]
\shell\AutoRun\command - G:\Setup.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80d568b5-a2fc-11df-ba79-0011091f581c}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-18 c:\windows\Tasks\At2.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2227769910-73038272-156683630-1000Core1cce1a0b8a235eb.job
- c:\users\Ed\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 03:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
videoacceleratorengine
NCPro
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.0.1
FF - ProfilePath - c:\users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\i0mdcbu7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://ph.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-02-20 07:48:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-19 23:48
ComboFix2.txt 2012-02-19 22:05
.
Pre-Run: 10,727,378,944 bytes free
Post-Run: 10,519,810,048 bytes free
.
- - End Of File - - DC92FF08CD35E7E5935DC1E7D644827E


2. No problems at all

3. The computer's doing fine, although Kaspersky still reported some threats earlier

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 PM

Posted 19 February 2012 - 08:46 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 chedi

chedi
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 19 February 2012 - 08:49 PM

µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.3.4
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Brother HL-3040CN
Catalyst Control Center InstallProxy
CloneDVD2
ComicZeal Sync 0.9.4.6
Dota 2
DVD Decrypter (Remove Only)
Handbrake 3548 Nightly
Java Auto Updater
Java™ 6 Update 22
Kaspersky Internet Security 2010
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.7)
MPMS3.0.3
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
nLite 1.4.9.1
NVIDIA PhysX
Picasa 3
PowerISO
Python 2.6
Python 2.6 pyserial-2.4
Python 2.6 pywin32-214
QuickTime
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Safari
Steam
SteamTool 1.1
Synthesia (remove only)
TeamViewer 6
The Darkness II
Ubisoft Game Launcher
VLC media player 1.0.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Xilisoft Video Converter Ultimate 6
Yahoo! Messenger
YouTube Downloader 3.3

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:33 PM

Posted 19 February 2012 - 08:59 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Adobe Reader 9.3.4
Java™ 6 Update 22
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 chedi

chedi
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 19 February 2012 - 09:59 PM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.20.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Ed :: DESKTOP [administrator]

Protection: Enabled

2/20/2012 10:48:38 AM
mbam-log-2012-02-20 (10-48-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189050
Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:56:25 AM, on 2/20/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
O20 - Winlogon Notify: opretuq - C:\Windows\system32\config\systemprofile\AppData\Local\opretuq.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Palm Novacom (NovacomD) - Palm - C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8005 bytes


3. The only thing out of the ordinary is that Malwarebytes didn't give me anything to delete..
4. Still the same, haven't noticed anything different.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users