Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

consrv.dll / trojan horse generic26.atmh


  • This topic is locked This topic is locked
19 replies to this topic

#1 philitetes

philitetes

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 09 March 2012 - 12:51 AM

Hi. First off, I have to say absolutely awesome site......loads of information here.

windows version - 64 bit vista home premium sp2.

I've been away from this computer for a few months ( in the hospital ) and so that means who knows what's been installed or whatnot.

This computer is mainly a media server to the TV's in the house. A little while ago the kids mentioned that this service no longer worked. I've been unable to resolve the issue. The services needed will simply not start. Computer Browser, Media Center Network Service are set to automatic but do not start. When these services are manually attempted to start an error window pops up saying 'error 1060' or 'some services start and then stop when not needed'. Realizing that this is not normal after googling for a bit I decided to run a scan using AVG and MBAM. AVG found consrv.dll, said it was removed, and MBAM found nothing.

I'm kind of hoping that the above AVG positive find and the services issue are related.


I am unable to successfully run the DDS.scr tool. The text window that opens has only gibberish. Some of said text file is below.






MZ   ÿÿ ¸ @ Ø º ´ Í!¸LÍ!This program cannot be run in DOS mode.

$ 1¸„:uÙêiuÙêiuÙêi¶ÖµiwÙêiuÙëiîÙêi¶Ö·idÙêi!úÚiÙêi²ßìitÙêiRichuÙêi PE L ÆãK à   P    0ó °  @      




Fingers crossed and here's to hoping that this can be resolved, thanks.

Edited by philitetes, 09 March 2012 - 12:52 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 AM

Posted 09 March 2012 - 03:39 AM

Hello and Welcome to the forums!

Use link 2 or 3 for DDS

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 philitetes

philitetes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 09 March 2012 - 06:53 AM

New problems

- computer has become unstable....had to hard restart computer 3 times when trying to interact with dds.com.
- unable to run taskeng.exe.....well it may be running but no window has popped up to interact with.
- unable to consistently interact with the taskbar....clicking on icons within quick launch bar also freezes computer.


Defogger has been run successfully
DDS.com has been run successfully.

Results of DDS.txt


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19190 BrowserJavaVersion: 1.6.0_05
Run by Homer at 7:32:42 on 2012-03-09
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.8189.6352 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\WINDOWS\SysWOW64\ZoneLabs\vsmon.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\MHotKey.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\RAVCpl64.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ZMatrix\matrix.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ChiFuncExt.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=&Sys=DTP&M=G33M05G1
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=&Sys=DTP&M=G33M05G1
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=&Sys=DTP&M=G33M05G1
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=&Sys=DTP&M=G33M05G1
mWinlogon: Userinit=userinit.exe,
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Homer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ZMatrix.lnk - C:\Program Files (x86)\ZMatrix\matrix.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{844C2074-0010-4A16-9D4A-6E14670A90CA} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Homer\AppData\Roaming\Mozilla\Firefox\Profiles\693z5ifz.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-8 652360]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);C:\Windows\system32\DRIVERS\xcbdax64.sys --> C:\Windows\system32\DRIVERS\xcbdax64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60a.sys --> C:\Windows\system32\DRIVERS\b57nd60a.sys [?]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-6 1431888]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\WINDOWS\System32\drivers\libusb0.sys [2011-12-19 21504]
S3 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-23 2253120]
S3 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-10-6 89920]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-18 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-18 136176]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-03-09 03:10:58 -------- d-----w- C:\Users\Homer\AppData\Roaming\Malwarebytes
2012-03-09 03:10:52 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-09 03:10:51 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-09 03:10:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-09 01:23:23 76800 ----a-w- C:\Windows\System32\packager.dll
2012-03-09 01:23:23 66560 ----a-w- C:\Windows\SysWow64\packager.dll
2012-03-08 13:57:54 -------- d-----w- C:\Program Files\Unlocker
2012-03-08 13:24:52 -------- d-----w- C:\Program Files (x86)\Common Files\SWF Studio
2012-03-07 21:30:37 -------- d-----w- C:\My Music
2012-03-07 21:30:06 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
2012-03-07 21:30:06 299520 ----a-w- C:\Windows\SysWow64\drmclien.dll
2012-03-07 21:30:06 245790 ----a-w- C:\Windows\SysWow64\strmdll.dll
2012-03-07 21:30:06 237568 ----a-w- C:\Windows\SysWow64\lame_enc.dll
2012-03-04 21:50:34 -------- d-----w- C:\Users\Homer\AppData\Roaming\.ZMatrix
2012-03-04 21:50:30 -------- d-----w- C:\Program Files (x86)\ZMatrix
2012-02-22 22:49:02 -------- d-----w- C:\Users\Homer\AppData\Local\assembly
2012-02-22 22:38:39 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-02-22 20:13:17 -------- d-----w- C:\Windows\SysWow64\QuickTime
2012-02-22 20:12:52 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared
2012-02-22 19:43:56 -------- d-----w- C:\Users\Homer\AppData\Local\TechSmith
2012-02-21 19:23:58 -------- d-----w- C:\Windows\SysWow64\directx
2012-02-18 22:22:14 438272 ----a-w- C:\shimgvw.dll
2012-02-18 21:29:07 -------- d-----w- C:\Users\Homer\AppData\Local\Stefan_Wobbe
2012-02-18 21:27:19 -------- d-----w- C:\Program Files (x86)\GIF Viewer
2012-02-13 14:51:04 -------- d-----w- C:\Users\Homer\AppData\Local\LogMeIn Rescue Applet
.
==================== Find3M ====================
.
2012-03-08 00:14:02 850152 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2012-02-13 16:46:55 174592 ----a-w- C:\Windows\System32\AC3ACM.acm
2012-01-29 09:52:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-12 20:16:28 2765824 ----a-w- C:\Windows\System32\win32k.sys
2012-01-03 14:25:21 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-20 02:46:50 43520 ----a-w- C:\Windows\System32\libusb0.dll
2011-12-20 02:46:50 37376 ----a-w- C:\Windows\SysWow64\libusb0.dll
2011-12-20 02:46:50 29184 ----a-w- C:\Windows\System32\drivers\libusb0.sys
2011-12-20 02:46:50 21504 ----a-w- C:\Windows\SysWow64\drivers\libusb0.sys
2011-12-15 06:47:13 1147392 ----a-w- C:\Windows\System32\wininet.dll
2011-12-15 06:43:19 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2011-12-15 06:43:00 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-15 06:42:43 77312 ----a-w- C:\Windows\System32\iesetup.dll
2011-12-15 06:42:43 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2011-12-15 06:22:01 916992 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-15 06:18:03 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-12-15 06:17:51 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-15 06:17:35 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-12-15 06:17:35 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-12-15 05:49:57 479232 ----a-w- C:\Windows\System32\html.iec
2011-12-15 05:21:27 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-12-15 05:07:26 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-12-15 05:06:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-15 04:45:13 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-12-15 04:43:48 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-14 16:38:07 621056 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-14 16:17:47 680448 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2006-05-03 15:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 16:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 18:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-07 03:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 7:33:19.74 ===============

#4 philitetes

philitetes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 09 March 2012 - 07:02 AM

Results of Attach.txt



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 05/10/2011 12:20:56 PM
System Uptime: 09/03/2012 7:27:11 AM (0 hours ago)
.
Motherboard: Gateway | | G33M05G1
Processor: Intel® Core™2 Quad CPU Q9300 @ 2.50GHz | Socket 775 | 2498/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 125 GiB total, 22.172 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 7.853 GiB free.
E: is FIXED (NTFS) - 20 GiB total, 0.357 GiB free.
F: is FIXED (NTFS) - 50 GiB total, 13.33 GiB free.
G: is FIXED (NTFS) - 720 GiB total, 75.32 GiB free.
H: is CDROM ()
I: is Removable
J: is Removable
K: is Removable
L: is Removable
M: is CDROM ()
N: is FIXED (NTFS) - 1863 GiB total, 496.205 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet Pro L7500
Device ID: ROOT\IMAGE\0000
Manufacturer: Hewlett-Packard
Name: Officejet Pro L7500
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro L7500
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro L7500
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP259: 06/03/2012 5:30:11 PM - Scheduled Checkpoint
RP260: 08/03/2012 12:54:20 AM - Scheduled Checkpoint
RP261: 08/03/2012 9:25:27 PM - Windows Update
.
==== Installed Programs ======================
.
7500_7600_7700_Help1
Ac3Tool (remove only)
Ad-Aware
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Template Projects & Footage
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Production Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe Encore CS4 Library
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Air Video Server 2.4.3
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
ArtRage Studio Pro
Autodesk Content Service
Autodesk Material Library 2012
Autodesk Material Library Base Resolution Image Library 2012
bpd_scan_Carrier
BPDSoftware
BPDSoftware_Ini
Brawl Busters
BufferChm
Camtasia Studio 7
Compatibility Pack for the 2007 Office system
Connect
CyberLink Hi-Def Suite
Desktop Icon Position Saver (64-bit)
Destinations
DeviceDiscovery
DocProc
FARO LS 1.1.406.58
Fax
Garmin BaseCamp
Garmin MapSource
Garmin TOPO Canada v4
Garmin Trip and Waypoint Manager v5
Garmin USB Drivers
Gateway Games
Gateway Recovery Center Installer
GIF Viewer 3.3
Google Earth
Google Update Helper
GPBaseService2
GPSBabel 1.4.2
HandBrake 0.9.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Update
HPProductAssistant
HPSSupply
Java™ 6 Update 5
KB0817 Keyboard Driver
KC Softwares VideoInspector
Kobo
kuler
L7500
Major League Baseball 2K11
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
MKVToolNix 5.3.0
Mozilla Firefox 7.0.1 (x86 en-US)
MPM
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need for Speed: Hot Pursuit
Need for Speed™ The Run
NETGEAR Live Parental Controls Management Utility 2.1.5
NVIDIA PhysX
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
Power2Go 5.0
PowerDVD
ProductContext
Quicken 2011
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SmartWebPrinting
Snagit 10.0.2
SolutionCenter
Status
Suite Shared Configuration CS4
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
VC 9.0 Runtime
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
Visual Studio 2008 x64 Redistributables
WebReg
Winamp3 (remove only)
ZMatrix 1.5.2
ZoneAlarm
.
==== Event Viewer Messages From Past Week ========
.
09/03/2012 7:29:14 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
09/03/2012 7:29:14 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
09/03/2012 7:29:14 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
09/03/2012 7:28:45 AM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
09/03/2012 7:27:56 AM, Error: EventLog [6008] - The previous system shutdown at 7:25:57 AM on 09/03/2012 was unexpected.
09/03/2012 7:24:19 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
09/03/2012 7:20:20 AM, Error: EventLog [6008] - The previous system shutdown at 7:17:56 AM on 09/03/2012 was unexpected.
09/03/2012 2:39:31 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
08/03/2012 8:07:13 PM, Error: EventLog [6008] - The previous system shutdown at 8:05:36 PM on 08/03/2012 was unexpected.
07/03/2012 6:18:42 PM, Error: EventLog [6008] - The previous system shutdown at 6:17:05 PM on 07/03/2012 was unexpected.
07/03/2012 2:38:28 PM, Error: EventLog [6008] - The previous system shutdown at 2:33:05 PM on 07/03/2012 was unexpected.
07/03/2012 10:04:34 AM, Error: EventLog [6008] - The previous system shutdown at 10:01:50 AM on 07/03/2012 was unexpected.
04/03/2012 1:07:19 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
.
==== End Of File ===========================

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 AM

Posted 09 March 2012 - 08:31 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 philitetes

philitetes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 09 March 2012 - 09:30 AM

Combofix ran fine with no problems.

A few more things that may or may not be related that i've noticed.

- base filtering engine service no longer exists in the services window
**** edit *****
I see that after running combofix base filtering engine service is back........yeah!!!


Combofix Log

ComboFix 12-03-09.05 - Homer 09/03/2012 9:53.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.8189.6448 [GMT -4:00]
Running from: c:\users\Homer\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Homer\AppData\Local\assembly\tmp
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_KXESCORE
.
.
((((((((((((((((((((((((( Files Created from 2012-02-09 to 2012-03-09 )))))))))))))))))))))))))))))))
.
.
2012-03-09 03:10 . 2012-03-09 03:10 -------- d-----w- c:\users\Homer\AppData\Roaming\Malwarebytes
2012-03-09 03:10 . 2012-03-09 03:10 -------- d-----w- c:\programdata\Malwarebytes
2012-03-09 03:10 . 2012-03-09 03:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-09 03:10 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-09 01:23 . 2011-11-18 18:07 76800 ----a-w- c:\windows\system32\packager.dll
2012-03-09 01:23 . 2011-11-18 17:47 66560 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-08 13:57 . 2012-03-08 13:58 -------- d-----w- c:\program files\Unlocker
2012-03-08 13:24 . 2012-03-08 13:24 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2012-03-07 21:30 . 2012-03-07 21:30 -------- d-----w- C:\My Music
2012-03-07 21:30 . 2007-08-08 19:10 245790 ----a-w- c:\windows\SysWow64\strmdll.dll
2012-03-07 21:30 . 2007-08-08 19:10 299520 ----a-w- c:\windows\SysWow64\drmclien.dll
2012-03-07 21:30 . 2003-08-07 18:01 237568 ----a-w- c:\windows\SysWow64\lame_enc.dll
2012-03-07 21:30 . 2002-12-25 13:44 380928 ----a-w- c:\windows\SysWow64\actskin4.ocx
2012-03-07 21:30 . 2002-01-05 18:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2012-03-04 21:50 . 2012-03-04 21:50 -------- d-----w- c:\users\Homer\AppData\Roaming\.ZMatrix
2012-03-04 21:50 . 2012-03-04 21:50 -------- d-----w- c:\program files (x86)\ZMatrix
2012-02-22 22:49 . 2012-03-09 14:04 -------- d-----w- c:\users\Homer\AppData\Local\assembly
2012-02-22 22:38 . 2012-02-22 22:38 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-02-22 20:13 . 2012-02-22 20:13 -------- d-----w- c:\windows\SysWow64\QuickTime
2012-02-22 20:12 . 2012-02-22 20:12 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
2012-02-22 20:12 . 2012-02-22 22:42 -------- d-----w- c:\programdata\TechSmith
2012-02-22 19:43 . 2012-02-22 22:42 -------- d-----w- c:\users\Homer\AppData\Local\TechSmith
2012-02-22 19:43 . 2012-02-23 16:45 -------- d-----w- c:\program files (x86)\TechSmith
2012-02-18 22:22 . 2004-08-04 04:56 438272 ----a-w- C:\shimgvw.dll
2012-02-18 21:29 . 2012-02-18 21:29 -------- d-----w- c:\users\Homer\AppData\Local\Stefan_Wobbe
2012-02-18 21:27 . 2012-02-18 21:27 -------- d-----w- c:\program files (x86)\GIF Viewer
2012-02-13 14:51 . 2012-02-13 16:47 -------- d-----w- c:\users\Homer\AppData\Local\LogMeIn Rescue Applet
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 00:14 . 2012-01-15 21:44 850152 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2012-02-13 16:46 . 2010-01-20 02:12 174592 ----a-w- c:\windows\system32\AC3ACM.acm
2012-01-29 09:52 . 2012-01-29 09:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-20 02:46 . 2011-12-20 02:46 43520 ----a-w- c:\windows\system32\libusb0.dll
2011-12-20 02:46 . 2011-12-20 02:46 37376 ----a-w- c:\windows\SysWow64\libusb0.dll
2011-12-20 02:46 . 2011-12-20 02:46 29184 ----a-w- c:\windows\system32\drivers\libusb0.sys
2011-12-20 02:46 . 2011-12-20 02:46 21504 ----a-w- c:\windows\SysWow64\drivers\libusb0.sys
2011-12-14 07:16 . 2011-12-14 07:16 605968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2006-05-03 15:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 16:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 18:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-07 03:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Homer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ZMatrix.lnk - c:\program files (x86)\ZMatrix\matrix.exe [2003-5-25 114688]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-04-13 6150656]
"Skytel"="Skytel.exe" [2008-04-13 1826816]
"combofix"="c:\combofix\CF7517.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=&Sys=DTP&M=G33M05G1
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Homer\AppData\Roaming\Mozilla\Firefox\Profiles\693z5ifz.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
AddRemove-XviD MPEG4 Video Codec v1.1.2 - c:\windows\system32\xvid-uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\ProgID]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\Version]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\MHotKey.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\ChiFuncExt.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-03-09 10:13:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-09 14:13
.
Pre-Run: 23,815,077,888 bytes free
Post-Run: 24,678,830,080 bytes free
.
- - End Of File - - 1A216E42C389E6040266A2E4E50CFDAE

Edited by philitetes, 09 March 2012 - 10:04 AM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 AM

Posted 09 March 2012 - 01:26 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 philitetes

philitetes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 09 March 2012 - 01:43 PM

tdsskiller.exe ran with no problems, no reboot required. found nothing.

TDSSKILLER LOG

14:31:19.0295 3308 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
14:31:21.0296 3308 ============================================================
14:31:21.0296 3308 Current date / time: 2012/03/09 14:31:21.0296
14:31:21.0296 3308 SystemInfo:
14:31:21.0296 3308
14:31:21.0297 3308 OS Version: 6.0.6002 ServicePack: 2.0
14:31:21.0297 3308 Product type: Workstation
14:31:21.0297 3308 ComputerName: HOMER-PC
14:31:21.0297 3308 UserName: Homer
14:31:21.0297 3308 Windows directory: C:\Windows
14:31:21.0297 3308 System windows directory: C:\Windows
14:31:21.0297 3308 Running under WOW64
14:31:21.0297 3308 Processor architecture: Intel x64
14:31:21.0297 3308 Number of processors: 4
14:31:21.0297 3308 Page size: 0x1000
14:31:21.0297 3308 Boot type: Normal boot
14:31:21.0297 3308 ============================================================
14:31:22.0346 3308 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:31:32.0001 3308 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:31:32.0109 3308 \Device\Harddisk0\DR0:
14:31:32.0132 3308 MBR used
14:31:32.0133 3308 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x210426C
14:31:32.0133 3308 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x21042AB, BlocksNum 0xF9F55FB
14:31:32.0142 3308 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11AF98E5, BlocksNum 0x2800A34
14:31:32.0167 3308 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x142FA358, BlocksNum 0x6403941
14:31:32.0175 3308 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x1A6FDCD8, BlocksNum 0x5A007BB4
14:31:32.0175 3308 \Device\Harddisk1\DR1:
14:31:32.0175 3308 MBR used
14:31:32.0175 3308 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
14:31:32.0387 3308 Initialize success
14:31:32.0387 3308 ============================================================
14:31:40.0195 4732 ============================================================
14:31:40.0195 4732 Scan started
14:31:40.0195 4732 Mode: Manual;
14:31:40.0195 4732 ============================================================
14:31:41.0222 4732 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
14:31:41.0228 4732 ACPI - ok
14:31:41.0257 4732 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
14:31:41.0260 4732 adfs - ok
14:31:41.0302 4732 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
14:31:41.0311 4732 adp94xx - ok
14:31:41.0348 4732 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
14:31:41.0355 4732 adpahci - ok
14:31:41.0375 4732 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
14:31:41.0379 4732 adpu160m - ok
14:31:41.0395 4732 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
14:31:41.0400 4732 adpu320 - ok
14:31:41.0476 4732 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
14:31:41.0482 4732 AFD - ok
14:31:41.0504 4732 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
14:31:41.0506 4732 agp440 - ok
14:31:41.0537 4732 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
14:31:41.0540 4732 aic78xx - ok
14:31:41.0567 4732 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
14:31:41.0569 4732 aliide - ok
14:31:41.0588 4732 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
14:31:41.0590 4732 amdide - ok
14:31:41.0609 4732 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
14:31:41.0612 4732 AmdK8 - ok
14:31:41.0649 4732 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
14:31:41.0652 4732 arc - ok
14:31:41.0675 4732 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
14:31:41.0678 4732 arcsas - ok
14:31:41.0727 4732 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
14:31:41.0730 4732 aswMonFlt - ok
14:31:41.0764 4732 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
14:31:41.0766 4732 AsyncMac - ok
14:31:41.0785 4732 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
14:31:41.0786 4732 atapi - ok
14:31:41.0875 4732 AVGIDSDriver (fa46adf6e497cf185160f09e603ce2a3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
14:31:41.0878 4732 AVGIDSDriver - ok
14:31:41.0889 4732 AVGIDSEH (d6b93e5d8b96a66f55a4d2ee7f24667c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
14:31:41.0890 4732 AVGIDSEH - ok
14:31:41.0911 4732 AVGIDSFilter (ff6551f1ab0da3b30c9dec923f21b504) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
14:31:41.0913 4732 AVGIDSFilter - ok
14:31:41.0943 4732 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
14:31:41.0949 4732 Avgldx64 - ok
14:31:41.0968 4732 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
14:31:41.0970 4732 Avgmfx64 - ok
14:31:42.0003 4732 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
14:31:42.0005 4732 Avgrkx64 - ok
14:31:42.0030 4732 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
14:31:42.0055 4732 Avgtdia - ok
14:31:42.0114 4732 b57nd60a (1777e5ac9fc74f7991b2aba25ea34759) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:31:42.0119 4732 b57nd60a - ok
14:31:42.0150 4732 BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:31:42.0159 4732 BCM43XV - ok
14:31:42.0168 4732 Beep - ok
14:31:42.0202 4732 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
14:31:42.0204 4732 blbdrive - ok
14:31:42.0250 4732 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
14:31:42.0254 4732 bowser - ok
14:31:42.0275 4732 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
14:31:42.0277 4732 BrFiltLo - ok
14:31:42.0297 4732 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
14:31:42.0299 4732 BrFiltUp - ok
14:31:42.0328 4732 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
14:31:42.0331 4732 Brserid - ok
14:31:42.0352 4732 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
14:31:42.0355 4732 BrSerWdm - ok
14:31:42.0371 4732 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
14:31:42.0372 4732 BrUsbMdm - ok
14:31:42.0388 4732 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
14:31:42.0390 4732 BrUsbSer - ok
14:31:42.0410 4732 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
14:31:42.0412 4732 BTHMODEM - ok
14:31:42.0461 4732 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
14:31:42.0464 4732 BVRPMPR5a64 - ok
14:31:42.0473 4732 catchme - ok
14:31:42.0518 4732 CAXHWBS2 (551be1536b27dc056ea4d48275efb089) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
14:31:42.0526 4732 CAXHWBS2 - ok
14:31:42.0544 4732 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
14:31:42.0547 4732 cdfs - ok
14:31:42.0574 4732 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
14:31:42.0577 4732 cdrom - ok
14:31:42.0592 4732 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
14:31:42.0595 4732 circlass - ok
14:31:42.0621 4732 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
14:31:42.0628 4732 CLFS - ok
14:31:42.0653 4732 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
14:31:42.0655 4732 CmBatt - ok
14:31:42.0673 4732 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
14:31:42.0675 4732 cmdide - ok
14:31:42.0694 4732 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
14:31:42.0695 4732 Compbatt - ok
14:31:42.0709 4732 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
14:31:42.0710 4732 crcdisk - ok
14:31:42.0739 4732 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
14:31:42.0742 4732 DfsC - ok
14:31:42.0780 4732 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
14:31:42.0782 4732 disk - ok
14:31:42.0857 4732 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
14:31:42.0859 4732 drmkaud - ok
14:31:43.0006 4732 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
14:31:43.0046 4732 DXGKrnl - ok
14:31:43.0082 4732 e1express (6130d06a3d41ac5dc67e9d4513239125) C:\Windows\system32\DRIVERS\e1e6032e.sys
14:31:43.0089 4732 e1express - ok
14:31:43.0115 4732 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
14:31:43.0119 4732 E1G60 - ok
14:31:43.0148 4732 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
14:31:43.0152 4732 Ecache - ok
14:31:43.0188 4732 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
14:31:43.0190 4732 ElbyCDIO - ok
14:31:43.0217 4732 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
14:31:43.0225 4732 elxstor - ok
14:31:43.0246 4732 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
14:31:43.0248 4732 ErrDev - ok
14:31:43.0285 4732 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
14:31:43.0289 4732 exfat - ok
14:31:43.0323 4732 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
14:31:43.0328 4732 fastfat - ok
14:31:43.0359 4732 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
14:31:43.0361 4732 fdc - ok
14:31:43.0387 4732 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
14:31:43.0390 4732 FileInfo - ok
14:31:43.0414 4732 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
14:31:43.0417 4732 Filetrace - ok
14:31:43.0438 4732 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:31:43.0440 4732 flpydisk - ok
14:31:43.0454 4732 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
14:31:43.0459 4732 FltMgr - ok
14:31:43.0482 4732 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
14:31:43.0484 4732 Fs_Rec - ok
14:31:43.0500 4732 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
14:31:43.0503 4732 gagp30kx - ok
14:31:43.0553 4732 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:31:43.0555 4732 GEARAspiWDM - ok
14:31:43.0598 4732 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys
14:31:43.0601 4732 grmnusb - ok
14:31:43.0662 4732 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
14:31:43.0668 4732 HdAudAddService - ok
14:31:43.0715 4732 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:31:43.0732 4732 HDAudBus - ok
14:31:43.0752 4732 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
14:31:43.0754 4732 HidBth - ok
14:31:43.0772 4732 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
14:31:43.0774 4732 HidIr - ok
14:31:43.0786 4732 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
14:31:43.0788 4732 HidUsb - ok
14:31:43.0824 4732 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
14:31:43.0858 4732 HpCISSs - ok
14:31:43.0923 4732 HSF_DPV (9c369cbc5f19da9968223197b5205f68) C:\Windows\system32\DRIVERS\CAX_DPV.sys
14:31:43.0949 4732 HSF_DPV - ok
14:31:43.0995 4732 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
14:31:44.0011 4732 HTTP - ok
14:31:44.0028 4732 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
14:31:44.0030 4732 i2omp - ok
14:31:44.0065 4732 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
14:31:44.0067 4732 i8042prt - ok
14:31:44.0088 4732 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
14:31:44.0094 4732 iaStorV - ok
14:31:44.0115 4732 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
14:31:44.0117 4732 iirsp - ok
14:31:44.0176 4732 IntcAzAudAddService (2c62599e693372a9221c262b8040e3ac) C:\Windows\system32\drivers\RTKVHD64.sys
14:31:44.0202 4732 IntcAzAudAddService - ok
14:31:44.0242 4732 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
14:31:44.0244 4732 intelide - ok
14:31:44.0266 4732 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
14:31:44.0267 4732 intelppm - ok
14:31:44.0301 4732 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:31:44.0304 4732 IpFilterDriver - ok
14:31:44.0316 4732 IpInIp - ok
14:31:44.0335 4732 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
14:31:44.0338 4732 IPMIDRV - ok
14:31:44.0355 4732 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
14:31:44.0358 4732 IPNAT - ok
14:31:44.0384 4732 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
14:31:44.0386 4732 IRENUM - ok
14:31:44.0404 4732 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
14:31:44.0406 4732 isapnp - ok
14:31:44.0429 4732 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
14:31:44.0433 4732 iScsiPrt - ok
14:31:44.0453 4732 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
14:31:44.0455 4732 iteatapi - ok
14:31:44.0471 4732 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
14:31:44.0474 4732 iteraid - ok
14:31:44.0496 4732 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
14:31:44.0498 4732 kbdclass - ok
14:31:44.0509 4732 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
14:31:44.0511 4732 kbdhid - ok
14:31:44.0550 4732 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
14:31:44.0559 4732 KSecDD - ok
14:31:44.0581 4732 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
14:31:44.0583 4732 ksthunk - ok
14:31:44.0623 4732 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
14:31:44.0626 4732 Lbd - ok
14:31:44.0656 4732 libusb0 (acec35f181075b20a5ef4a71958b13df) C:\Windows\system32\drivers\libusb0.sys
14:31:44.0659 4732 libusb0 - ok
14:31:44.0677 4732 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
14:31:44.0680 4732 lltdio - ok
14:31:44.0708 4732 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
14:31:44.0712 4732 LSI_FC - ok
14:31:44.0729 4732 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
14:31:44.0733 4732 LSI_SAS - ok
14:31:44.0764 4732 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
14:31:44.0767 4732 LSI_SCSI - ok
14:31:44.0779 4732 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
14:31:44.0782 4732 luafv - ok
14:31:44.0866 4732 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
14:31:44.0868 4732 MBAMProtector - ok
14:31:44.0895 4732 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:31:44.0897 4732 mdmxsdk - ok
14:31:44.0921 4732 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
14:31:44.0923 4732 megasas - ok
14:31:44.0944 4732 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
14:31:44.0952 4732 MegaSR - ok
14:31:44.0976 4732 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
14:31:44.0978 4732 Modem - ok
14:31:44.0995 4732 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
14:31:44.0997 4732 monitor - ok
14:31:45.0012 4732 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
14:31:45.0015 4732 mouclass - ok
14:31:45.0026 4732 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
14:31:45.0027 4732 mouhid - ok
14:31:45.0039 4732 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
14:31:45.0041 4732 MountMgr - ok
14:31:45.0066 4732 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
14:31:45.0070 4732 mpio - ok
14:31:45.0092 4732 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
14:31:45.0095 4732 mpsdrv - ok
14:31:45.0135 4732 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
14:31:45.0137 4732 Mraid35x - ok
14:31:45.0166 4732 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
14:31:45.0169 4732 MRxDAV - ok
14:31:45.0202 4732 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:31:45.0206 4732 mrxsmb - ok
14:31:45.0225 4732 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:31:45.0231 4732 mrxsmb10 - ok
14:31:45.0242 4732 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:31:45.0245 4732 mrxsmb20 - ok
14:31:45.0272 4732 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
14:31:45.0275 4732 msahci - ok
14:31:45.0296 4732 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
14:31:45.0299 4732 msdsm - ok
14:31:45.0325 4732 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
14:31:45.0327 4732 Msfs - ok
14:31:45.0343 4732 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
14:31:45.0345 4732 msisadrv - ok
14:31:45.0372 4732 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
14:31:45.0374 4732 MSKSSRV - ok
14:31:45.0409 4732 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
14:31:45.0411 4732 MSPCLOCK - ok
14:31:45.0422 4732 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
14:31:45.0423 4732 MSPQM - ok
14:31:45.0454 4732 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
14:31:45.0461 4732 MsRPC - ok
14:31:45.0474 4732 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
14:31:45.0475 4732 mssmbios - ok
14:31:45.0497 4732 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
14:31:45.0500 4732 MSTEE - ok
14:31:45.0527 4732 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
14:31:45.0530 4732 Mup - ok
14:31:45.0569 4732 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
14:31:45.0574 4732 NativeWifiP - ok
14:31:45.0614 4732 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
14:31:45.0631 4732 NDIS - ok
14:31:45.0653 4732 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
14:31:45.0654 4732 NdisTapi - ok
14:31:45.0670 4732 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
14:31:45.0672 4732 Ndisuio - ok
14:31:45.0698 4732 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
14:31:45.0703 4732 NdisWan - ok
14:31:45.0720 4732 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
14:31:45.0723 4732 NDProxy - ok
14:31:45.0744 4732 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
14:31:45.0746 4732 NetBIOS - ok
14:31:45.0765 4732 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
14:31:45.0771 4732 netbt - ok
14:31:45.0811 4732 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
14:31:45.0813 4732 nfrd960 - ok
14:31:45.0838 4732 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
14:31:45.0839 4732 Npfs - ok
14:31:45.0853 4732 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
14:31:45.0854 4732 nsiproxy - ok
14:31:45.0906 4732 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
14:31:45.0931 4732 Ntfs - ok
14:31:45.0972 4732 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
14:31:45.0974 4732 NuidFltr - ok
14:31:45.0994 4732 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
14:31:45.0997 4732 Null - ok
14:31:46.0243 4732 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:31:46.0425 4732 nvlddmkm - ok
14:31:46.0446 4732 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
14:31:46.0450 4732 nvraid - ok
14:31:46.0468 4732 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
14:31:46.0470 4732 nvstor - ok
14:31:46.0507 4732 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
14:31:46.0511 4732 nv_agp - ok
14:31:46.0520 4732 NwlnkFlt - ok
14:31:46.0532 4732 NwlnkFwd - ok
14:31:46.0564 4732 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
14:31:46.0565 4732 ohci1394 - ok
14:31:46.0598 4732 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
14:31:46.0601 4732 Parport - ok
14:31:46.0622 4732 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
14:31:46.0625 4732 partmgr - ok
14:31:46.0662 4732 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
14:31:46.0667 4732 pci - ok
14:31:46.0706 4732 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
14:31:46.0708 4732 pciide - ok
14:31:46.0729 4732 pcmcia (a2d6b9c3f532baa27cb0c158d8ef4da6) C:\Windows\system32\DRIVERS\pcmcia.sys
14:31:46.0734 4732 pcmcia - ok
14:31:46.0770 4732 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
14:31:46.0787 4732 PEAUTH - ok
14:31:46.0850 4732 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
14:31:46.0853 4732 PptpMiniport - ok
14:31:46.0877 4732 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
14:31:46.0879 4732 Processor - ok
14:31:46.0902 4732 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
14:31:46.0905 4732 PSched - ok
14:31:46.0934 4732 PxHlpa64 (901dba98359966a62a6548596988e931) C:\Windows\system32\Drivers\PxHlpa64.sys
14:31:46.0936 4732 PxHlpa64 - ok
14:31:46.0971 4732 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
14:31:46.0997 4732 ql2300 - ok
14:31:47.0038 4732 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
14:31:47.0042 4732 ql40xx - ok
14:31:47.0069 4732 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
14:31:47.0072 4732 QWAVEdrv - ok
14:31:47.0135 4732 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
14:31:47.0176 4732 R300 - ok
14:31:47.0199 4732 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
14:31:47.0201 4732 RasAcd - ok
14:31:47.0221 4732 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:31:47.0225 4732 Rasl2tp - ok
14:31:47.0244 4732 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
14:31:47.0246 4732 RasPppoe - ok
14:31:47.0258 4732 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
14:31:47.0261 4732 RasSstp - ok
14:31:47.0278 4732 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
14:31:47.0284 4732 rdbss - ok
14:31:47.0295 4732 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:31:47.0296 4732 RDPCDD - ok
14:31:47.0325 4732 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
14:31:47.0331 4732 rdpdr - ok
14:31:47.0342 4732 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
14:31:47.0343 4732 RDPENCDD - ok
14:31:47.0377 4732 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
14:31:47.0383 4732 RDPWD - ok
14:31:47.0428 4732 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
14:31:47.0431 4732 rspndr - ok
14:31:47.0480 4732 RTSTOR (fe1d4924e1680a192f9617c5eca19c93) C:\Windows\system32\drivers\RTSTOR64.SYS
14:31:47.0482 4732 RTSTOR - ok
14:31:47.0502 4732 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
14:31:47.0505 4732 sbp2port - ok
14:31:47.0543 4732 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
14:31:47.0546 4732 sdbus - ok
14:31:47.0568 4732 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:31:47.0570 4732 secdrv - ok
14:31:47.0598 4732 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
14:31:47.0600 4732 Serenum - ok
14:31:47.0624 4732 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
14:31:47.0627 4732 Serial - ok
14:31:47.0650 4732 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
14:31:47.0653 4732 sermouse - ok
14:31:47.0676 4732 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
14:31:47.0679 4732 sffdisk - ok
14:31:47.0699 4732 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
14:31:47.0701 4732 sffp_mmc - ok
14:31:47.0717 4732 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
14:31:47.0719 4732 sffp_sd - ok
14:31:47.0738 4732 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
14:31:47.0740 4732 sfloppy - ok
14:31:47.0766 4732 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
14:31:47.0769 4732 SiSRaid2 - ok
14:31:47.0788 4732 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
14:31:47.0791 4732 SiSRaid4 - ok
14:31:47.0817 4732 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
14:31:47.0819 4732 Smb - ok
14:31:47.0858 4732 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
14:31:47.0860 4732 spldr - ok
14:31:47.0899 4732 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
14:31:47.0907 4732 srv - ok
14:31:47.0927 4732 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
14:31:47.0931 4732 srv2 - ok
14:31:47.0948 4732 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
14:31:47.0952 4732 srvnet - ok
14:31:48.0006 4732 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
14:31:48.0009 4732 StillCam - ok
14:31:48.0037 4732 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
14:31:48.0071 4732 swenum - ok
14:31:48.0096 4732 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
14:31:48.0098 4732 Symc8xx - ok
14:31:48.0117 4732 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
14:31:48.0119 4732 Sym_hi - ok
14:31:48.0136 4732 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
14:31:48.0139 4732 Sym_u3 - ok
14:31:48.0190 4732 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
14:31:48.0215 4732 Tcpip - ok
14:31:48.0257 4732 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
14:31:48.0264 4732 Tcpip6 - ok
14:31:48.0295 4732 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
14:31:48.0297 4732 tcpipreg - ok
14:31:48.0318 4732 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
14:31:48.0320 4732 TDPIPE - ok
14:31:48.0342 4732 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
14:31:48.0344 4732 TDTCP - ok
14:31:48.0378 4732 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
14:31:48.0382 4732 tdx - ok
14:31:48.0405 4732 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
14:31:48.0407 4732 TermDD - ok
14:31:48.0440 4732 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:31:48.0442 4732 tssecsrv - ok
14:31:48.0454 4732 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
14:31:48.0456 4732 tunnel - ok
14:31:48.0491 4732 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
14:31:48.0494 4732 uagp35 - ok
14:31:48.0522 4732 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
14:31:48.0528 4732 udfs - ok
14:31:48.0551 4732 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
14:31:48.0554 4732 uliagpkx - ok
14:31:48.0576 4732 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
14:31:48.0582 4732 uliahci - ok
14:31:48.0605 4732 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
14:31:48.0609 4732 UlSata - ok
14:31:48.0630 4732 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
14:31:48.0634 4732 ulsata2 - ok
14:31:48.0656 4732 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
14:31:48.0658 4732 umbus - ok
14:31:48.0710 4732 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:31:48.0712 4732 USBAAPL64 - ok
14:31:48.0751 4732 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
14:31:48.0755 4732 usbccgp - ok
14:31:48.0776 4732 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
14:31:48.0779 4732 usbcir - ok
14:31:48.0813 4732 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
14:31:48.0847 4732 usbehci - ok
14:31:48.0884 4732 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
14:31:48.0890 4732 usbhub - ok
14:31:48.0917 4732 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
14:31:48.0919 4732 usbohci - ok
14:31:48.0932 4732 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
14:31:48.0934 4732 usbprint - ok
14:31:48.0951 4732 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:31:48.0954 4732 USBSTOR - ok
14:31:48.0971 4732 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
14:31:48.0973 4732 usbuhci - ok
14:31:49.0003 4732 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
14:31:49.0005 4732 VClone - ok
14:31:49.0041 4732 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
14:31:49.0043 4732 vga - ok
14:31:49.0058 4732 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
14:31:49.0060 4732 VgaSave - ok
14:31:49.0076 4732 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
14:31:49.0078 4732 viaide - ok
14:31:49.0090 4732 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
14:31:49.0093 4732 volmgr - ok
14:31:49.0126 4732 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
14:31:49.0134 4732 volmgrx - ok
14:31:49.0155 4732 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
14:31:49.0160 4732 volsnap - ok
14:31:49.0198 4732 Vsdatant (f3099c3d724816493df8bbc5168f81cd) C:\Windows\system32\DRIVERS\vsdatant.sys
14:31:49.0206 4732 Vsdatant - ok
14:31:49.0216 4732 vsdatant7 - ok
14:31:49.0254 4732 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
14:31:49.0258 4732 vsmraid - ok
14:31:49.0282 4732 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
14:31:49.0284 4732 WacomPen - ok
14:31:49.0314 4732 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
14:31:49.0318 4732 Wanarp - ok
14:31:49.0322 4732 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
14:31:49.0323 4732 Wanarpv6 - ok
14:31:49.0348 4732 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
14:31:49.0350 4732 Wd - ok
14:31:49.0385 4732 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
14:31:49.0401 4732 Wdf01000 - ok
14:31:49.0448 4732 winachsf (d36af55c2c09b55aacf4a65c7fea9c37) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
14:31:49.0465 4732 winachsf - ok
14:31:49.0509 4732 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
14:31:49.0511 4732 WmiAcpi - ok
14:31:49.0567 4732 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
14:31:49.0570 4732 WpdUsb - ok
14:31:49.0591 4732 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
14:31:49.0593 4732 ws2ifsl - ok
14:31:49.0634 4732 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:31:49.0638 4732 WUDFRd - ok
14:31:49.0656 4732 XAudio (e288fa83c178a3458bac1fa80b346c06) C:\Windows\system32\DRIVERS\xaudio64.sys
14:31:49.0657 4732 XAudio - ok
14:31:49.0712 4732 xcbdaNtsc (03273cb16a4bb912163227cb34e3bfdc) C:\Windows\system32\DRIVERS\xcbdax64.sys
14:31:49.0717 4732 xcbdaNtsc - ok
14:31:49.0762 4732 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys
14:31:49.0779 4732 xnacc - ok
14:31:49.0834 4732 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (6839fa0c104dbbdd989e2eac27acb761) C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl
14:31:49.0835 4732 {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
14:31:49.0847 4732 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:31:49.0900 4732 \Device\Harddisk0\DR0 - ok
14:31:49.0903 4732 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
14:31:49.0905 4732 \Device\Harddisk1\DR1 - ok
14:31:49.0909 4732 Boot (0x1200) (952bbc5560cb52972e2b15304eb4d2c5) \Device\Harddisk0\DR0\Partition0
14:31:49.0910 4732 \Device\Harddisk0\DR0\Partition0 - ok
14:31:49.0925 4732 Boot (0x1200) (4854ca6a0a1fe6884fef05cb011c97fb) \Device\Harddisk0\DR0\Partition1
14:31:49.0927 4732 \Device\Harddisk0\DR0\Partition1 - ok
14:31:49.0940 4732 Boot (0x1200) (ccbec5801c692735f9e051c672bb14c7) \Device\Harddisk0\DR0\Partition2
14:31:49.0942 4732 \Device\Harddisk0\DR0\Partition2 - ok
14:31:49.0957 4732 Boot (0x1200) (6aec9bc849b3555d2f2dff784b3aebc3) \Device\Harddisk0\DR0\Partition3
14:31:49.0959 4732 \Device\Harddisk0\DR0\Partition3 - ok
14:31:49.0973 4732 Boot (0x1200) (54ca1bf0687cc2b4d26a6be21aebcb07) \Device\Harddisk0\DR0\Partition4
14:31:49.0975 4732 \Device\Harddisk0\DR0\Partition4 - ok
14:31:49.0978 4732 Boot (0x1200) (56d7289bd65f2a16a44dacbd86183774) \Device\Harddisk1\DR1\Partition0
14:31:49.0979 4732 \Device\Harddisk1\DR1\Partition0 - ok
14:31:49.0980 4732 ============================================================
14:31:49.0980 4732 Scan finished
14:31:49.0980 4732 ============================================================
14:31:49.0990 4368 Detected object count: 0
14:31:49.0990 4368 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 AM

Posted 09 March 2012 - 01:56 PM

Hello

did you run aswMBR? let me have the report



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 philitetes

philitetes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 09 March 2012 - 02:12 PM

****edit****
whoops missed your reply...........was just waiting for the last program to finish, apologies for the delay.


aswMBR.exe ran with no problems.

aswMBR.exe log file

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-09 14:39:12
-----------------------------
14:39:12.184 OS Version: Windows x64 6.0.6002 Service Pack 2
14:39:12.184 Number of processors: 4 586 0x1707
14:39:12.184 ComputerName: HOMER-PC UserName: Homer
14:39:12.825 Initialize success
14:40:36.635 AVAST engine defs: 12030900
14:41:00.346 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:41:00.349 Disk 0 Vendor: ST31000340AS SD46 Size: 953869MB BusType: 3
14:41:00.352 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
14:41:00.354 Disk 1 Vendor: ST32000542AS CC34 Size: 1907729MB BusType: 3
14:41:00.375 Disk 0 MBR read successfully
14:41:00.378 Disk 0 MBR scan
14:41:00.384 Disk 0 Windows VISTA default MBR code
14:41:00.388 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 16904 MB offset 63
14:41:00.401 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 127978 MB offset 34620075
14:41:00.406 Disk 0 Partition - 00 05 Extended 808984 MB offset 296720550
14:41:00.426 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20481 MB offset 296720613
14:41:00.432 Disk 0 Partition - 00 05 Extended 788502 MB offset 338666265
14:41:00.478 Disk 0 scanning C:\Windows\system32\drivers
14:41:10.480 Service scanning
14:41:29.475 Modules scanning
14:41:29.483 Disk 0 trace - called modules:
14:41:29.499 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:41:29.506 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007cd83a0]
14:41:29.512 3 CLASSPNP.SYS[fffffa6000fd2c33] -> nt!IofCallDriver -> [0xfffffa8007973520]
14:41:29.520 5 acpi.sys[fffffa60008fffde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800796f940]
14:41:30.471 AVAST engine scan C:\Windows
14:41:34.826 AVAST engine scan C:\Windows\system32
14:45:22.128 AVAST engine scan C:\Windows\system32\drivers
14:45:33.973 AVAST engine scan C:\Users\Homer
15:03:38.083 AVAST engine scan C:\ProgramData
15:05:31.288 Disk 0 MBR has been saved successfully to "C:\Users\Homer\Desktop\MBR.dat"
15:05:31.297 The log file has been saved successfully to "C:\Users\Homer\Desktop\aswMBR.txt"

Edited by philitetes, 09 March 2012 - 02:14 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 AM

Posted 09 March 2012 - 03:05 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 philitetes

philitetes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 09 March 2012 - 03:41 PM

Hi.

combofix.exe ran with no problems.
computer seems to be stable, the missing/crippled services are still there and running as they should

combofix.exe results.



ComboFix 12-03-09.05 - Homer 09/03/2012 16:06:22.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.8189.3763 [GMT -4:00]
Running from: c:\users\Homer\Desktop\ComboFix.exe
Command switches used :: c:\users\Homer\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-09 to 2012-03-09 )))))))))))))))))))))))))))))))
.
.
2012-03-09 20:16 . 2012-03-09 20:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-09 20:16 . 2012-03-09 20:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-09 03:10 . 2012-03-09 03:10 -------- d-----w- c:\users\Homer\AppData\Roaming\Malwarebytes
2012-03-09 03:10 . 2012-03-09 03:10 -------- d-----w- c:\programdata\Malwarebytes
2012-03-09 03:10 . 2012-03-09 03:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-09 03:10 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-09 01:23 . 2011-11-18 18:07 76800 ----a-w- c:\windows\system32\packager.dll
2012-03-09 01:23 . 2011-11-18 17:47 66560 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-08 13:57 . 2012-03-08 13:58 -------- d-----w- c:\program files\Unlocker
2012-03-08 13:24 . 2012-03-08 13:24 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2012-03-07 21:30 . 2012-03-07 21:30 -------- d-----w- C:\My Music
2012-03-07 21:30 . 2007-08-08 19:10 245790 ----a-w- c:\windows\SysWow64\strmdll.dll
2012-03-07 21:30 . 2007-08-08 19:10 299520 ----a-w- c:\windows\SysWow64\drmclien.dll
2012-03-07 21:30 . 2003-08-07 18:01 237568 ----a-w- c:\windows\SysWow64\lame_enc.dll
2012-03-07 21:30 . 2002-12-25 13:44 380928 ----a-w- c:\windows\SysWow64\actskin4.ocx
2012-03-07 21:30 . 2002-01-05 18:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2012-03-04 21:50 . 2012-03-04 21:50 -------- d-----w- c:\users\Homer\AppData\Roaming\.ZMatrix
2012-03-04 21:50 . 2012-03-04 21:50 -------- d-----w- c:\program files (x86)\ZMatrix
2012-02-22 22:49 . 2012-03-09 14:04 -------- d-----w- c:\users\Homer\AppData\Local\assembly
2012-02-22 22:38 . 2012-02-22 22:38 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-02-22 20:13 . 2012-02-22 20:13 -------- d-----w- c:\windows\SysWow64\QuickTime
2012-02-22 20:12 . 2012-02-22 20:12 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
2012-02-22 20:12 . 2012-02-22 22:42 -------- d-----w- c:\programdata\TechSmith
2012-02-22 19:43 . 2012-02-22 22:42 -------- d-----w- c:\users\Homer\AppData\Local\TechSmith
2012-02-22 19:43 . 2012-02-23 16:45 -------- d-----w- c:\program files (x86)\TechSmith
2012-02-18 22:22 . 2004-08-04 04:56 438272 ----a-w- C:\shimgvw.dll
2012-02-18 21:29 . 2012-02-18 21:29 -------- d-----w- c:\users\Homer\AppData\Local\Stefan_Wobbe
2012-02-18 21:27 . 2012-02-18 21:27 -------- d-----w- c:\program files (x86)\GIF Viewer
2012-02-13 14:51 . 2012-02-13 16:47 -------- d-----w- c:\users\Homer\AppData\Local\LogMeIn Rescue Applet
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 00:14 . 2012-01-15 21:44 850152 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2012-02-13 16:46 . 2010-01-20 02:12 174592 ----a-w- c:\windows\system32\AC3ACM.acm
2012-01-29 09:52 . 2012-01-29 09:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-20 02:46 . 2011-12-20 02:46 43520 ----a-w- c:\windows\system32\libusb0.dll
2011-12-20 02:46 . 2011-12-20 02:46 37376 ----a-w- c:\windows\SysWow64\libusb0.dll
2011-12-20 02:46 . 2011-12-20 02:46 29184 ----a-w- c:\windows\system32\drivers\libusb0.sys
2011-12-20 02:46 . 2011-12-20 02:46 21504 ----a-w- c:\windows\SysWow64\drivers\libusb0.sys
2011-12-14 07:16 . 2011-12-14 07:16 605968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2006-05-03 15:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 16:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 18:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-07 03:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-09_14.08.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2012-03-09 14:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-03-09 20:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-03-09 14:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-03-09 20:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-03-09 14:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2012-03-09 20:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-03-09 20:20 48986 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-03-09 20:20 81142 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-05 11:46 . 2012-03-09 20:20 10700 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-403344419-302363006-438959069-1000_UserData.bin
+ 2008-02-05 08:07 . 2012-03-09 20:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-05 08:07 . 2012-03-09 11:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-05 08:07 . 2012-03-09 11:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-05 08:07 . 2012-03-09 20:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-02-05 08:07 . 2012-03-09 11:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-02-05 08:07 . 2012-03-09 20:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-06 13:33 . 2012-03-09 20:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-06 13:33 . 2012-03-09 14:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-06 13:39 . 2012-03-09 20:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-06 13:39 . 2012-03-07 18:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-06 13:39 . 2012-03-07 18:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-10-06 13:39 . 2012-03-09 20:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-10-06 13:39 . 2012-03-07 18:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-10-06 13:39 . 2012-03-09 20:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-10-06 13:33 . 2012-03-09 14:07 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-06 13:33 . 2012-03-09 20:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-06 13:33 . 2012-03-09 20:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-06 13:33 . 2012-03-09 14:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-06 13:38 . 2012-03-09 11:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-06 13:38 . 2012-03-09 20:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-06 13:38 . 2012-03-09 11:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-06 13:38 . 2012-03-09 20:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-09 20:18 . 2012-03-09 20:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-09 14:06 . 2012-03-09 14:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-09 14:06 . 2012-03-09 14:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-09 20:18 . 2012-03-09 20:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 12:46 . 2012-03-09 14:12 677666 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-03-09 11:35 677666 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-03-09 14:12 135926 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-03-09 11:35 135926 c:\windows\system32\perfc009.dat
- 2011-10-06 07:21 . 2012-03-09 11:30 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-10-06 07:21 . 2012-03-09 20:05 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-10-06 13:33 . 2012-03-09 14:07 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-10-06 13:33 . 2012-03-09 20:19 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-10-12 08:58 . 2012-03-09 20:17 501956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-10-12 08:58 . 2012-03-09 14:05 501956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-10-12 08:58 . 2012-03-09 14:05 35949894 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-403344419-302363006-438959069-1000-12288.dat
+ 2011-10-12 08:58 . 2012-03-09 20:17 35949894 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-403344419-302363006-438959069-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Homer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ZMatrix.lnk - c:\program files (x86)\ZMatrix\matrix.exe [2003-5-25 114688]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-04-13 6150656]
"Skytel"="Skytel.exe" [2008-04-13 1826816]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=&Sys=DTP&M=G33M05G1
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Homer\AppData\Roaming\Mozilla\Firefox\Profiles\693z5ifz.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\ProgID]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\Version]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\MHotKey.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\ChiFuncExt.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-03-09 16:25:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-09 20:25
ComboFix2.txt 2012-03-09 14:13
.
Pre-Run: 24,357,408,768 bytes free
Post-Run: 24,321,474,560 bytes free
.
- - End Of File - - 9134D75BEE738DD125D5F8849AB4A602

Edited by philitetes, 09 March 2012 - 03:45 PM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 AM

Posted 09 March 2012 - 05:43 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 5
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 philitetes

philitetes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 10 March 2012 - 07:01 AM

Hey.

Java uninstall and install went a-okay.
TFC started and ran with no problems....TFC rebooted computer.
MBAM updated and performed quick scan...found nothing.

MBAM results:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.10.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19190
Homer :: HOMER-PC [administrator]

Protection: Disabled

10/03/2012 7:13:17 AM
mbam-log-2012-03-10 (07-13-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208752
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



________________________________





HijackThis installed and ran with no problems.

Some of the files that are supposedly 'missing' are in actual fact present and running on this system..........it seems HijackThis is mistaken.

HijackThis log.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:44:11 AM, on 10/03/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19190)
Boot mode: Normal

Running processes:
C:\Windows\MHotKey.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\ChiFuncExt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=CCO&Br=GTW&Loc=&Sys=DTP&M=G33M05G1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - Startup: ZMatrix.lnk = C:\Program Files (x86)\ZMatrix\matrix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 9309 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 AM

Posted 10 March 2012 - 07:51 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
      O4 - Startup: ZMatrix.lnk = C:\Program Files (x86)\ZMatrix\matrix.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users