Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe infected on mbam


  • This topic is locked This topic is locked
18 replies to this topic

#1 drunkpunkkk

drunkpunkkk

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 16 March 2012 - 01:47 PM

Hello, I have followed the basic guide and I am attaching the Logs, please help me out removing the malware.... recently I started getting blue screen error and when I tried to open google.com/analytics on chrome I got the error error 404 not found nguinx

Thanks in advance :)


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Shoaib at 22:33:45 on 2012-03-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2934.927 [GMT 5:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 7\WVSScheduler7.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\BitKinex\bitkinexsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\VPN4ALL\vpn4all.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\USB Disk Security\USBGuard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Shoaib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Shoaib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shoaib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Shoaib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Shoaib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shoaib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shoaib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shoaib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Shoaib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Shoaib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shoaib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\mIRC\oyeeeeeeeeeeee\mirc.exe
C:\Users\Shoaib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = Preserve
mStart Page = hxxp://www.bing.com
uInternet Settings,ProxyServer = socks=127.0.0.1:22
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.1\youtubedownloaderToolbarIE.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.1\youtubedownloaderToolbarIE.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.1\youtubedownloaderToolbarIE.dll
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [Google Update] "C:\Users\Shoaib\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [VPN4ALL] C:\Program Files (x86)\VPN4ALL\VPN4ALL.exe
mRun: [USB Antivirus] C:\Program Files (x86)\USB Disk Security\USBGuard.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Download with BitKinex - C:\Program Files (x86)\BitKinex\ieext_cp.htm
IE: &Register in BitKinex - C:\Program Files (x86)\BitKinex\ieext_reg.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0463B598-22F2-4820-A665-513C33EA4BC1} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0463B598-22F2-4820-A665-513C33EA4BC1}\1626364637567717 : DhcpNameServer = 192.168.137.1
TCP: Interfaces\{0463B598-22F2-4820-A665-513C33EA4BC1}\16C69617572756378696 : DhcpNameServer = 192.168.15.1
TCP: Interfaces\{0463B598-22F2-4820-A665-513C33EA4BC1}\868686 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0463B598-22F2-4820-A665-513C33EA4BC1}\86A666 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0463B598-22F2-4820-A665-513C33EA4BC1}\D6F647F627F6C616D21414 : DhcpNameServer = 192.168.15.1
TCP: Interfaces\{18D5C084-17AB-4B0C-B49E-E897AF8CF649} : NameServer = 10.25.64.1
TCP: Interfaces\{E0B0EEA6-A40D-483C-899E-E5848D67C473} : DhcpNameServer = 8.8.8.8
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO-X64: uTorrentBar - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.1\youtubedownloaderToolbarIE.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.1\youtubedownloaderToolbarIE.dll
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [USB Antivirus] C:\Program Files (x86)\USB Disk Security\USBGuard.exe
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [(Default)]
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shoaib\AppData\Roaming\Mozilla\Firefox\Profiles\07gyovup.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Shoaib\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Shoaib\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Shoaib\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AcuWVSSchedulerv7;Acunetix WVS Scheduler v7;C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 7\WVSScheduler7.exe [2011-10-5 675976]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [2009-3-3 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-3-24 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-3-24 269480]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-3-4 748440]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 BitKinex;BitKinex File Transfer Service;C:\Program Files (x86)\BitKinex\bitkinexsvc.exe DISPATCH --> C:\Program Files (x86)\BitKinex\bitkinexsvc.exe DISPATCH [?]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2009-11-26 338168]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2010-3-17 514232]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-17 102968]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-19 20480]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-1-6 331608]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-14 13336]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\system32\drivers\NMgamingms.sys --> C:\Windows\system32\drivers\NMgamingms.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-03-16 16:56:40 -------- d-----w- C:\Users\Shoaib\AppData\Roaming\Malwarebytes
2012-03-16 16:56:09 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-16 16:56:01 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-16 16:56:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-16 16:44:38 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6478A7FB-7578-4358-8760-0A8C890A994D}\offreg.dll
2012-03-16 16:40:32 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-15 20:35:28 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar
2012-03-15 20:35:28 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-03-15 20:35:28 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-03-12 09:21:38 -------- d-----w- C:\Program Files (x86)\SwfModify
2012-03-12 09:15:57 -------- d-----w- C:\Program Files (x86)\Openworld
2012-03-12 09:15:19 -------- d-----w- C:\Users\Shoaib\AppData\Local\blekkotb
2012-03-12 09:15:14 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor
2012-03-12 09:15:03 -------- d-----w- C:\Program Files (x86)\blekkotb
2012-02-27 23:58:48 -------- d-----w- C:\ProgramData\Recovery
2012-02-27 14:34:44 -------- d-----w- C:\Users\Shoaib\New
2012-02-27 13:29:11 -------- d-----w- C:\Users\Shoaib\AppData\Local\{752DF526-6772-4253-9318-5AE1CC31EA2B}
2012-02-27 13:28:57 -------- d-----w- C:\Users\Shoaib\AppData\Local\{B6B715B9-1BDD-4280-83F0-F86098D95575}
2012-02-20 01:15:47 -------- d-----w- C:\Program Files (x86)\VPN4ALL
2012-02-18 23:19:10 -------- d-----w- C:\ProgramData\hssff
.
==================== Find3M ====================
.
2012-02-19 23:19:02 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 22:36:25.71 ===============

Attached Files


Edited by drunkpunkkk, 16 March 2012 - 01:57 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:34 AM

Posted 17 March 2012 - 01:05 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Backup The Computer!!

If you have not done it yet spend a few minutes to backup the computer. Removing malware can be unpredictable and this may save you and me allot of grief later.

There is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the computer backed up you may do the following.


Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 drunkpunkkk

drunkpunkkk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 17 March 2012 - 06:19 AM

Hello Gringo,
I am quite glad to have a quick response. My computer is running fine now, I can even now visit google.com/analytics, its been one day and I have not received the blue screen error yet, but still if there are some problems help me out.

ComboFix Log



ComboFix 12-03-16.05 - Shoaib 03/17/2012 15:56:09.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2934.1748 [GMT 5:00]
Running from: c:\users\Shoaib\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\sXe Injected
c:\program files (x86)\sXe Injected\chrome-extension_icpgjfneehieebagbmdbhnlpiopdcmna_0.localstorage
c:\program files (x86)\sXe Injected\Chrome\chrome-extension_icpgjfneehieebagbmdbhnlpiopdcmna_0.localstorage
c:\program files (x86)\sXe Injected\chromechange.exe
c:\program files (x86)\sXe Injected\ddsxei.sys
c:\program files (x86)\sXe Injected\default.reg
c:\program files (x86)\sXe Injected\firechange.exe
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.3_1\background.html
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.3_1\background.js
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.3_1\example.html
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.3_1\icon128.png
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.3_1\icon19.png
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.3_1\manifest.json
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.3_1\options.css
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.3_1\options.html
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.3_1\options.js
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.3_1\README.md
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.3_1\redirect.html
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.3_1\redirect.js
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\background.html
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\background.js
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\example.html
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\icon128.png
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\icon19.png
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\icon200.png
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\manifest.json
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\options.css
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\options.html
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\options.js
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\README.md
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\redirect.html
c:\program files (x86)\sXe Injected\icpgjfneehieebagbmdbhnlpiopdcmna\1.0.4_0\redirect.js
c:\program files (x86)\sXe Injected\localstrike-search.xml
c:\program files (x86)\sXe Injected\localstrike.xml
c:\program files (x86)\sXe Injected\newtaburl_local.xpi
c:\program files (x86)\sXe Injected\Preferences
c:\program files (x86)\sXe Injected\search.ini
c:\program files (x86)\sXe Injected\speeddial.ini
c:\program files (x86)\sXe Injected\sXe-I EULA.txt
c:\program files (x86)\sXe Injected\sXe Injected.exe
c:\program files (x86)\sXe Injected\sXe Injected.txt
c:\program files (x86)\sXe Injected\sXe.dll
c:\program files (x86)\sXe Injected\TopSites.plist
c:\program files (x86)\sXe Injected\uninstall.exe
c:\program files (x86)\sXe Injected\uninstall.ini
c:\program files (x86)\sXe Injected\Web Data
c:\program files (x86)\sXe Injected\web.dll
c:\program files (x86)\USB Disk Security\USBGuard.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-17 to 2012-03-17 )))))))))))))))))))))))))))))))
.
.
2012-03-17 11:08 . 2012-03-17 11:08 -------- d-----w- c:\users\Yo\AppData\Local\temp
2012-03-17 11:08 . 2012-03-17 11:08 -------- d-----w- c:\users\P\AppData\Local\temp
2012-03-17 11:08 . 2012-03-17 11:08 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-03-17 11:08 . 2012-03-17 11:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-16 16:56 . 2012-03-16 16:56 -------- d-----w- c:\users\Shoaib\AppData\Roaming\Malwarebytes
2012-03-16 16:56 . 2012-03-16 16:56 -------- d-----w- c:\programdata\Malwarebytes
2012-03-16 16:56 . 2012-03-16 16:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-16 16:56 . 2011-12-10 10:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 16:44 . 2012-03-17 10:42 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6478A7FB-7578-4358-8760-0A8C890A994D}\offreg.dll
2012-03-16 16:40 . 2012-03-16 16:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-15 20:35 . 2012-03-15 20:35 -------- d-----w- c:\program files (x86)\Application Updater
2012-03-15 20:35 . 2012-03-15 20:35 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar
2012-03-15 20:35 . 2012-03-15 20:35 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-03-13 10:20 . 2012-03-13 10:20 -------- d-----w- c:\users\P\AppData\Local\Diagnostics
2012-03-13 10:16 . 2012-03-13 10:16 -------- d-----w- c:\users\P\AppData\Roaming\Apple Computer
2012-03-13 10:16 . 2012-03-13 15:42 -------- d-----w- c:\users\P\AppData\Local\blekkotb
2012-03-12 09:21 . 2012-03-15 01:10 -------- d-----w- c:\program files (x86)\SwfModify
2012-03-12 09:15 . 2012-03-12 09:15 -------- d-----w- c:\program files (x86)\Openworld
2012-03-12 09:15 . 2012-03-12 09:17 -------- d-----w- c:\users\Shoaib\AppData\Local\blekkotb
2012-03-12 09:15 . 2012-03-15 01:10 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-03-12 09:15 . 2012-03-15 01:10 -------- d-----w- c:\program files (x86)\blekkotb
2012-02-27 23:58 . 2012-03-08 08:44 -------- d-----w- c:\programdata\Recovery
2012-02-27 14:34 . 2012-03-04 05:25 -------- d-----w- c:\users\Shoaib\New
2012-02-26 08:34 . 2012-03-16 08:39 -------- d-----w- c:\users\Shoaib\AppData\Roaming\FileZilla
2012-02-26 08:34 . 2012-03-06 20:29 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2012-02-20 01:15 . 2012-02-20 01:15 -------- d-----w- c:\program files (x86)\VPN4ALL
2012-02-19 23:19 . 2012-02-19 23:19 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-18 23:19 . 2012-02-18 23:19 -------- d-----w- c:\programdata\hssff
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-19 23:19 . 2011-03-27 21:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VPN4ALL"="c:\program files (x86)\VPN4ALL\VPN4ALL.exe" [2011-09-02 1784832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-03-04 934752]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AcuWVSSchedulerv7;Acunetix WVS Scheduler v7;c:\program files (x86)\Acunetix\Web Vulnerability Scanner 7\WVSScheduler7.exe [2011-10-05 675976]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-03-04 748440]
S2 BitKinex;BitKinex File Transfer Service;c:\program files (x86)\BitKinex\bitkinexsvc.exe DISPATCH [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2009-11-26 338168]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-01-06 331608]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-01-04 329544]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 21:28 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3996266104-256763300-1206398389-1000Core.job
- c:\users\Shoaib\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-20 18:02]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3996266104-256763300-1206398389-1000UA.job
- c:\users\Shoaib\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-20 18:02]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3996266104-256763300-1206398389-1016Core.job
- c:\users\P\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-07 12:40]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3996266104-256763300-1206398389-1016UA.job
- c:\users\P\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-07 12:40]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3996266104-256763300-1206398389-1017Core.job
- c:\users\Yo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-27 16:31]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3996266104-256763300-1206398389-1017UA.job
- c:\users\Yo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-27 16:31]
.
2012-03-15 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2012-01-04 23:02 287048 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-01 487424]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyServer = socks=127.0.0.1:22
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download with BitKinex - c:\program files (x86)\BitKinex\ieext_cp.htm
IE: &Register in BitKinex - c:\program files (x86)\BitKinex\ieext_reg.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{18D5C084-17AB-4B0C-B49E-E897AF8CF649}: NameServer = 10.25.64.1
FF - ProfilePath - c:\users\Shoaib\AppData\Roaming\Mozilla\Firefox\Profiles\07gyovup.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-USB Antivirus - c:\program files (x86)\USB Disk Security\USBGuard.exe
Wow6432Node-HKLM-Run-USB Security - c:\program files (x86)\USB Disk Security\USBGuard.exe
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-sXe Injected - c:\program files (x86)\sXe Injected\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-17 16:15:21
ComboFix-quarantined-files.txt 2012-03-17 11:15
.
Pre-Run: 48,578,134,016 bytes free
Post-Run: 48,012,296,192 bytes free
.
- - End Of File - - 98B664B93ADF82340D86D23F6D09B239

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:34 AM

Posted 17 March 2012 - 12:54 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 drunkpunkkk

drunkpunkkk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 17 March 2012 - 02:02 PM

Hello Gringo,
Everything is going fine and smooth. Thanks for your quick responses. Following are the logs from TDSS and aswMBR

TDSSkiller

23:17:45.0175 4624 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
23:17:45.0785 4624 ============================================================
23:17:45.0785 4624 Current date / time: 2012/03/17 23:17:45.0785
23:17:45.0785 4624 SystemInfo:
23:17:45.0785 4624
23:17:45.0785 4624 OS Version: 6.1.7600 ServicePack: 0.0
23:17:45.0785 4624 Product type: Workstation
23:17:45.0786 4624 ComputerName: SHOAIB-PC
23:17:45.0786 4624 UserName: Shoaib
23:17:45.0786 4624 Windows directory: C:\Windows
23:17:45.0786 4624 System windows directory: C:\Windows
23:17:45.0786 4624 Running under WOW64
23:17:45.0786 4624 Processor architecture: Intel x64
23:17:45.0786 4624 Number of processors: 4
23:17:45.0786 4624 Page size: 0x1000
23:17:45.0786 4624 Boot type: Normal boot
23:17:45.0786 4624 ============================================================
23:17:47.0079 4624 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:17:47.0091 4624 \Device\Harddisk0\DR0:
23:17:47.0091 4624 MBR used
23:17:47.0091 4624 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:17:47.0091 4624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x232ED000
23:17:47.0091 4624 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23351000, BlocksNum 0x20A9800
23:17:47.0091 4624 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
23:17:47.0184 4624 Initialize success
23:17:47.0184 4624 ============================================================
23:17:56.0867 5688 ============================================================
23:17:56.0868 5688 Scan started
23:17:56.0868 5688 Mode: Manual;
23:17:56.0868 5688 ============================================================
23:18:00.0128 5688 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
23:18:00.0147 5688 1394ohci - ok
23:18:00.0208 5688 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
23:18:00.0215 5688 Accelerometer - ok
23:18:00.0300 5688 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
23:18:00.0307 5688 ACPI - ok
23:18:00.0342 5688 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
23:18:00.0349 5688 AcpiPmi - ok
23:18:00.0519 5688 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:18:00.0539 5688 adp94xx - ok
23:18:00.0600 5688 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:18:00.0617 5688 adpahci - ok
23:18:00.0650 5688 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:18:00.0663 5688 adpu320 - ok
23:18:00.0786 5688 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
23:18:00.0796 5688 AFD - ok
23:18:00.0883 5688 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
23:18:00.0893 5688 agp440 - ok
23:18:01.0011 5688 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
23:18:01.0017 5688 aliide - ok
23:18:01.0084 5688 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
23:18:01.0091 5688 amdide - ok
23:18:01.0126 5688 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:18:01.0136 5688 AmdK8 - ok
23:18:01.0373 5688 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys
23:18:01.0490 5688 amdkmdag - ok
23:18:01.0629 5688 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys
23:18:01.0632 5688 amdkmdap - ok
23:18:01.0660 5688 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:18:01.0671 5688 AmdPPM - ok
23:18:01.0730 5688 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
23:18:01.0741 5688 amdsata - ok
23:18:01.0805 5688 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:18:01.0820 5688 amdsbs - ok
23:18:01.0845 5688 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
23:18:01.0853 5688 amdxata - ok
23:18:01.0996 5688 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
23:18:02.0005 5688 AppID - ok
23:18:02.0107 5688 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:18:02.0118 5688 arc - ok
23:18:02.0183 5688 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:18:02.0194 5688 arcsas - ok
23:18:02.0230 5688 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:18:02.0236 5688 AsyncMac - ok
23:18:02.0282 5688 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
23:18:02.0288 5688 atapi - ok
23:18:02.0420 5688 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
23:18:02.0446 5688 athr - ok
23:18:02.0544 5688 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
23:18:02.0557 5688 AtiHdmiService - ok
23:18:02.0691 5688 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
23:18:02.0701 5688 avgntflt - ok
23:18:02.0764 5688 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
23:18:02.0766 5688 avipbb - ok
23:18:02.0841 5688 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:18:02.0861 5688 b06bdrv - ok
23:18:02.0937 5688 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:18:02.0953 5688 b57nd60a - ok
23:18:03.0051 5688 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:18:03.0052 5688 Beep - ok
23:18:03.0155 5688 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:18:03.0162 5688 blbdrive - ok
23:18:03.0248 5688 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
23:18:03.0259 5688 bowser - ok
23:18:03.0291 5688 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:18:03.0300 5688 BrFiltLo - ok
23:18:03.0334 5688 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:18:03.0338 5688 BrFiltUp - ok
23:18:03.0440 5688 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:18:03.0450 5688 BridgeMP - ok
23:18:03.0534 5688 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:18:03.0553 5688 Brserid - ok
23:18:03.0582 5688 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:18:03.0590 5688 BrSerWdm - ok
23:18:03.0613 5688 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:18:03.0618 5688 BrUsbMdm - ok
23:18:03.0667 5688 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:18:03.0672 5688 BrUsbSer - ok
23:18:03.0793 5688 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
23:18:03.0794 5688 BthEnum - ok
23:18:03.0865 5688 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:18:03.0873 5688 BTHMODEM - ok
23:18:03.0910 5688 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:18:03.0914 5688 BthPan - ok
23:18:03.0975 5688 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\system32\Drivers\BTHport.sys
23:18:03.0995 5688 BTHPORT - ok
23:18:04.0121 5688 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\system32\Drivers\BTHUSB.sys
23:18:04.0122 5688 BTHUSB - ok
23:18:04.0163 5688 btwaudio - ok
23:18:04.0180 5688 btwavdt - ok
23:18:04.0192 5688 btwl2cap - ok
23:18:04.0210 5688 btwrchid - ok
23:18:04.0219 5688 catchme - ok
23:18:04.0263 5688 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:18:04.0273 5688 cdfs - ok
23:18:04.0337 5688 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
23:18:04.0340 5688 cdrom - ok
23:18:04.0407 5688 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:18:04.0452 5688 circlass - ok
23:18:04.0558 5688 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:18:04.0565 5688 CLFS - ok
23:18:04.0671 5688 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:18:04.0672 5688 CmBatt - ok
23:18:04.0692 5688 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
23:18:04.0699 5688 cmdide - ok
23:18:04.0741 5688 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
23:18:04.0764 5688 CNG - ok
23:18:04.0858 5688 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:18:04.0866 5688 Compbatt - ok
23:18:04.0928 5688 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:18:04.0937 5688 CompositeBus - ok
23:18:05.0007 5688 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:18:05.0014 5688 crcdisk - ok
23:18:05.0100 5688 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
23:18:05.0102 5688 DfsC - ok
23:18:05.0176 5688 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:18:05.0177 5688 discache - ok
23:18:05.0299 5688 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:18:05.0310 5688 Disk - ok
23:18:05.0416 5688 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:18:05.0420 5688 drmkaud - ok
23:18:05.0526 5688 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
23:18:05.0533 5688 dtsoftbus01 - ok
23:18:05.0592 5688 DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys
23:18:05.0593 5688 DVMIO - ok
23:18:05.0663 5688 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
23:18:05.0690 5688 DXGKrnl - ok
23:18:05.0849 5688 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:18:05.0917 5688 ebdrv - ok
23:18:06.0067 5688 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:18:06.0088 5688 elxstor - ok
23:18:06.0122 5688 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
23:18:06.0129 5688 ErrDev - ok
23:18:06.0205 5688 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:18:06.0219 5688 exfat - ok
23:18:06.0309 5688 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:18:06.0313 5688 fastfat - ok
23:18:06.0391 5688 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:18:06.0398 5688 fdc - ok
23:18:06.0430 5688 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:18:06.0441 5688 FileInfo - ok
23:18:06.0456 5688 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:18:06.0463 5688 Filetrace - ok
23:18:06.0503 5688 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:18:06.0509 5688 flpydisk - ok
23:18:06.0528 5688 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
23:18:06.0545 5688 FltMgr - ok
23:18:06.0580 5688 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:18:06.0591 5688 FsDepends - ok
23:18:06.0617 5688 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:18:06.0625 5688 Fs_Rec - ok
23:18:06.0670 5688 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:18:06.0674 5688 fvevol - ok
23:18:06.0751 5688 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:18:06.0762 5688 gagp30kx - ok
23:18:06.0857 5688 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:18:06.0865 5688 hcw85cir - ok
23:18:06.0891 5688 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
23:18:06.0920 5688 HdAudAddService - ok
23:18:06.0988 5688 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:18:06.0992 5688 HDAudBus - ok
23:18:07.0087 5688 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
23:18:07.0088 5688 HECIx64 - ok
23:18:07.0119 5688 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:18:07.0125 5688 HidBatt - ok
23:18:07.0160 5688 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:18:07.0170 5688 HidBth - ok
23:18:07.0240 5688 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:18:07.0248 5688 HidIr - ok
23:18:07.0306 5688 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
23:18:07.0312 5688 HidUsb - ok
23:18:07.0408 5688 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
23:18:07.0415 5688 hpdskflt - ok
23:18:07.0524 5688 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:18:07.0535 5688 HpSAMD - ok
23:18:07.0657 5688 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
23:18:07.0664 5688 HssDrv - ok
23:18:07.0774 5688 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
23:18:07.0787 5688 HTTP - ok
23:18:07.0843 5688 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
23:18:07.0844 5688 hwpolicy - ok
23:18:07.0918 5688 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:18:07.0930 5688 i8042prt - ok
23:18:07.0972 5688 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys
23:18:07.0979 5688 iaStor - ok
23:18:08.0059 5688 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
23:18:08.0078 5688 iaStorV - ok
23:18:08.0370 5688 igfx (6cbfc48e5c663ea8493ae3e75a6bf511) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:18:08.0572 5688 igfx - ok
23:18:08.0656 5688 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:18:08.0666 5688 iirsp - ok
23:18:08.0756 5688 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
23:18:08.0758 5688 Impcd - ok
23:18:08.0791 5688 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
23:18:08.0799 5688 intelide - ok
23:18:09.0024 5688 intelkmd (6cbfc48e5c663ea8493ae3e75a6bf511) C:\Windows\system32\DRIVERS\igdpmd64.sys
23:18:09.0157 5688 intelkmd - ok
23:18:09.0233 5688 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:18:09.0235 5688 intelppm - ok
23:18:09.0296 5688 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:18:09.0305 5688 IpFilterDriver - ok
23:18:09.0385 5688 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:18:09.0396 5688 IPMIDRV - ok
23:18:09.0408 5688 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:18:09.0418 5688 IPNAT - ok
23:18:09.0438 5688 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:18:09.0445 5688 IRENUM - ok
23:18:09.0503 5688 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
23:18:09.0511 5688 isapnp - ok
23:18:09.0551 5688 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
23:18:09.0574 5688 iScsiPrt - ok
23:18:09.0647 5688 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:18:09.0655 5688 kbdclass - ok
23:18:09.0716 5688 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
23:18:09.0723 5688 kbdhid - ok
23:18:09.0785 5688 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
23:18:09.0797 5688 KSecDD - ok
23:18:09.0844 5688 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
23:18:09.0859 5688 KSecPkg - ok
23:18:09.0878 5688 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:18:09.0883 5688 ksthunk - ok
23:18:10.0021 5688 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:18:10.0022 5688 lltdio - ok
23:18:10.0114 5688 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:18:10.0125 5688 LSI_FC - ok
23:18:10.0164 5688 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:18:10.0175 5688 LSI_SAS - ok
23:18:10.0218 5688 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:18:10.0247 5688 LSI_SAS2 - ok
23:18:10.0307 5688 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:18:10.0317 5688 LSI_SCSI - ok
23:18:10.0421 5688 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:18:10.0423 5688 luafv - ok
23:18:10.0504 5688 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
23:18:10.0510 5688 ManyCam - ok
23:18:10.0609 5688 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
23:18:10.0610 5688 MBAMProtector - ok
23:18:10.0687 5688 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:18:10.0695 5688 megasas - ok
23:18:10.0771 5688 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:18:10.0787 5688 MegaSR - ok
23:18:10.0846 5688 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:18:10.0848 5688 Modem - ok
23:18:10.0870 5688 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:18:10.0872 5688 monitor - ok
23:18:10.0942 5688 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:18:10.0943 5688 mouclass - ok
23:18:10.0960 5688 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:18:10.0967 5688 mouhid - ok
23:18:10.0993 5688 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
23:18:10.0996 5688 mountmgr - ok
23:18:11.0033 5688 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
23:18:11.0049 5688 mpio - ok
23:18:11.0109 5688 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:18:11.0117 5688 mpsdrv - ok
23:18:11.0144 5688 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
23:18:11.0157 5688 MRxDAV - ok
23:18:11.0211 5688 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:18:11.0222 5688 mrxsmb - ok
23:18:11.0269 5688 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:18:11.0285 5688 mrxsmb10 - ok
23:18:11.0324 5688 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:18:11.0334 5688 mrxsmb20 - ok
23:18:11.0363 5688 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
23:18:11.0372 5688 msahci - ok
23:18:11.0412 5688 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
23:18:11.0426 5688 msdsm - ok
23:18:11.0536 5688 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:18:11.0537 5688 Msfs - ok
23:18:11.0585 5688 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:18:11.0590 5688 mshidkmdf - ok
23:18:11.0611 5688 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
23:18:11.0619 5688 msisadrv - ok
23:18:11.0686 5688 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:18:11.0692 5688 MSKSSRV - ok
23:18:11.0711 5688 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:18:11.0717 5688 MSPCLOCK - ok
23:18:11.0734 5688 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:18:11.0739 5688 MSPQM - ok
23:18:11.0765 5688 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
23:18:11.0782 5688 MsRPC - ok
23:18:11.0809 5688 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:18:11.0811 5688 mssmbios - ok
23:18:11.0835 5688 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:18:11.0839 5688 MSTEE - ok
23:18:11.0905 5688 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:18:11.0911 5688 MTConfig - ok
23:18:11.0938 5688 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:18:11.0947 5688 Mup - ok
23:18:12.0016 5688 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:18:12.0032 5688 NativeWifiP - ok
23:18:12.0106 5688 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
23:18:12.0132 5688 NDIS - ok
23:18:12.0197 5688 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:18:12.0205 5688 NdisCap - ok
23:18:12.0277 5688 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:18:12.0278 5688 NdisTapi - ok
23:18:12.0338 5688 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
23:18:12.0346 5688 Ndisuio - ok
23:18:12.0364 5688 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:18:12.0367 5688 NdisWan - ok
23:18:12.0425 5688 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
23:18:12.0427 5688 NDProxy - ok
23:18:12.0542 5688 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:18:12.0543 5688 NetBIOS - ok
23:18:12.0613 5688 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
23:18:12.0617 5688 NetBT - ok
23:18:12.0830 5688 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
23:18:12.0936 5688 netw5v64 - ok
23:18:13.0005 5688 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:18:13.0014 5688 nfrd960 - ok
23:18:13.0126 5688 NMgamingmsFltr (fbca3fd51604147770eb4fb53d6144a8) C:\Windows\system32\drivers\NMgamingms.sys
23:18:13.0130 5688 NMgamingmsFltr - ok
23:18:13.0149 5688 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:18:13.0156 5688 Npfs - ok
23:18:13.0181 5688 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:18:13.0182 5688 nsiproxy - ok
23:18:13.0271 5688 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
23:18:13.0319 5688 Ntfs - ok
23:18:13.0378 5688 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:18:13.0379 5688 Null - ok
23:18:13.0466 5688 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
23:18:13.0478 5688 nvraid - ok
23:18:13.0499 5688 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
23:18:13.0512 5688 nvstor - ok
23:18:13.0556 5688 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
23:18:13.0569 5688 nv_agp - ok
23:18:13.0612 5688 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
23:18:13.0622 5688 ohci1394 - ok
23:18:13.0758 5688 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:18:13.0769 5688 Parport - ok
23:18:13.0814 5688 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
23:18:13.0825 5688 partmgr - ok
23:18:13.0848 5688 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
23:18:13.0852 5688 pci - ok
23:18:13.0875 5688 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
23:18:13.0881 5688 pciide - ok
23:18:13.0919 5688 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:18:13.0937 5688 pcmcia - ok
23:18:13.0957 5688 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:18:13.0966 5688 pcw - ok
23:18:13.0995 5688 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:18:14.0006 5688 PEAUTH - ok
23:18:14.0162 5688 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
23:18:14.0172 5688 PptpMiniport - ok
23:18:14.0194 5688 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:18:14.0204 5688 Processor - ok
23:18:14.0242 5688 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
23:18:14.0246 5688 Psched - ok
23:18:14.0339 5688 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:18:14.0378 5688 ql2300 - ok
23:18:14.0411 5688 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:18:14.0425 5688 ql40xx - ok
23:18:14.0516 5688 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:18:14.0524 5688 QWAVEdrv - ok
23:18:14.0549 5688 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:18:14.0555 5688 RasAcd - ok
23:18:14.0645 5688 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:18:14.0646 5688 RasAgileVpn - ok
23:18:14.0686 5688 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:18:14.0697 5688 Rasl2tp - ok
23:18:14.0724 5688 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:18:14.0734 5688 RasPppoe - ok
23:18:14.0757 5688 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:18:14.0759 5688 RasSstp - ok
23:18:14.0786 5688 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
23:18:14.0792 5688 rdbss - ok
23:18:14.0827 5688 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:18:14.0834 5688 rdpbus - ok
23:18:14.0936 5688 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:18:14.0937 5688 RDPCDD - ok
23:18:14.0999 5688 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:18:15.0000 5688 RDPENCDD - ok
23:18:15.0023 5688 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:18:15.0025 5688 RDPREFMP - ok
23:18:15.0052 5688 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
23:18:15.0065 5688 RDPWD - ok
23:18:15.0103 5688 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
23:18:15.0119 5688 rdyboost - ok
23:18:15.0180 5688 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:18:15.0189 5688 RFCOMM - ok
23:18:15.0264 5688 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
23:18:15.0270 5688 RimUsb - ok
23:18:15.0393 5688 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:18:15.0401 5688 rspndr - ok
23:18:15.0471 5688 RTL8167 (365ed58b47b46de8b1c5fa759b6fcd6e) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:18:15.0476 5688 RTL8167 - ok
23:18:15.0512 5688 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
23:18:15.0524 5688 sbp2port - ok
23:18:15.0552 5688 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
23:18:15.0561 5688 scfilter - ok
23:18:15.0592 5688 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
23:18:15.0603 5688 sdbus - ok
23:18:15.0628 5688 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:18:15.0628 5688 secdrv - ok
23:18:15.0669 5688 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:18:15.0675 5688 Serenum - ok
23:18:15.0758 5688 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:18:15.0768 5688 Serial - ok
23:18:15.0799 5688 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:18:15.0805 5688 sermouse - ok
23:18:15.0855 5688 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
23:18:15.0862 5688 sffdisk - ok
23:18:15.0883 5688 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:18:15.0890 5688 sffp_mmc - ok
23:18:15.0912 5688 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:18:15.0917 5688 sffp_sd - ok
23:18:15.0960 5688 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:18:15.0966 5688 sfloppy - ok
23:18:16.0045 5688 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:18:16.0055 5688 SiSRaid2 - ok
23:18:16.0122 5688 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:18:16.0132 5688 SiSRaid4 - ok
23:18:16.0167 5688 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:18:16.0178 5688 Smb - ok
23:18:16.0246 5688 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:18:16.0253 5688 spldr - ok
23:18:16.0319 5688 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
23:18:16.0327 5688 srv - ok
23:18:16.0376 5688 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
23:18:16.0396 5688 srv2 - ok
23:18:16.0485 5688 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:18:16.0501 5688 SrvHsfHDA - ok
23:18:16.0551 5688 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:18:16.0592 5688 SrvHsfV92 - ok
23:18:16.0622 5688 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:18:16.0648 5688 SrvHsfWinac - ok
23:18:16.0737 5688 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
23:18:16.0749 5688 srvnet - ok
23:18:16.0828 5688 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:18:16.0836 5688 stexstor - ok
23:18:16.0915 5688 STHDA (f991751c2477257bbcedb364a0f449b4) C:\Windows\system32\DRIVERS\stwrt64.sys
23:18:16.0934 5688 STHDA - ok
23:18:17.0033 5688 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:18:17.0034 5688 swenum - ok
23:18:17.0163 5688 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
23:18:17.0200 5688 SynTP - ok
23:18:17.0338 5688 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
23:18:17.0343 5688 tap0901 - ok
23:18:17.0413 5688 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
23:18:17.0420 5688 taphss - ok
23:18:17.0537 5688 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
23:18:17.0601 5688 Tcpip - ok
23:18:17.0685 5688 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
23:18:17.0708 5688 TCPIP6 - ok
23:18:17.0738 5688 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
23:18:17.0745 5688 tcpipreg - ok
23:18:17.0803 5688 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:18:17.0808 5688 TDPIPE - ok
23:18:17.0820 5688 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:18:17.0827 5688 TDTCP - ok
23:18:17.0883 5688 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
23:18:17.0892 5688 tdx - ok
23:18:17.0920 5688 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
23:18:17.0929 5688 TermDD - ok
23:18:17.0974 5688 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:18:17.0982 5688 tssecsrv - ok
23:18:18.0049 5688 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
23:18:18.0061 5688 tunnel - ok
23:18:18.0128 5688 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:18:18.0138 5688 uagp35 - ok
23:18:18.0168 5688 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
23:18:18.0186 5688 udfs - ok
23:18:18.0234 5688 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:18:18.0243 5688 uliagpkx - ok
23:18:18.0306 5688 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
23:18:18.0314 5688 umbus - ok
23:18:18.0345 5688 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:18:18.0351 5688 UmPass - ok
23:18:18.0401 5688 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
23:18:18.0412 5688 usbccgp - ok
23:18:18.0445 5688 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
23:18:18.0460 5688 usbcir - ok
23:18:18.0515 5688 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
23:18:18.0523 5688 usbehci - ok
23:18:18.0547 5688 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
23:18:18.0564 5688 usbhub - ok
23:18:18.0590 5688 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
23:18:18.0596 5688 usbohci - ok
23:18:18.0614 5688 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:18:18.0621 5688 usbprint - ok
23:18:18.0666 5688 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:18:18.0678 5688 USBSTOR - ok
23:18:18.0705 5688 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
23:18:18.0713 5688 usbuhci - ok
23:18:18.0775 5688 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
23:18:18.0785 5688 usbvideo - ok
23:18:18.0873 5688 VBoxDrv (00203e05f2fe6cfb94229ed91d6010a2) C:\Windows\system32\DRIVERS\VBoxDrv.sys
23:18:18.0877 5688 VBoxDrv - ok
23:18:18.0936 5688 VBoxNetAdp (85df2c59645d374be7e3234241761230) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
23:18:18.0953 5688 VBoxNetAdp - ok
23:18:18.0980 5688 VBoxNetFlt (57daefdd2c459afef2596a656f016e74) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
23:18:18.0983 5688 VBoxNetFlt - ok
23:18:19.0021 5688 VBoxUSB (6bba400d16083847c04be5db099748aa) C:\Windows\system32\Drivers\VBoxUSB.sys
23:18:19.0032 5688 VBoxUSB - ok
23:18:19.0114 5688 VBoxUSBMon (74ce29e023c79c195ddff87fbf075037) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
23:18:19.0115 5688 VBoxUSBMon - ok
23:18:19.0178 5688 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:18:19.0187 5688 vdrvroot - ok
23:18:19.0227 5688 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:18:19.0234 5688 vga - ok
23:18:19.0293 5688 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:18:19.0299 5688 VgaSave - ok
23:18:19.0336 5688 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
23:18:19.0355 5688 vhdmp - ok
23:18:19.0390 5688 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
23:18:19.0397 5688 viaide - ok
23:18:19.0425 5688 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
23:18:19.0436 5688 volmgr - ok
23:18:19.0466 5688 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
23:18:19.0474 5688 volmgrx - ok
23:18:19.0518 5688 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
23:18:19.0538 5688 volsnap - ok
23:18:19.0561 5688 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:18:19.0574 5688 vsmraid - ok
23:18:19.0611 5688 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:18:19.0617 5688 vwifibus - ok
23:18:19.0707 5688 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:18:19.0708 5688 vwififlt - ok
23:18:19.0764 5688 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:18:19.0765 5688 vwifimp - ok
23:18:19.0844 5688 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:18:19.0850 5688 WacomPen - ok
23:18:19.0905 5688 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:18:19.0906 5688 WANARP - ok
23:18:19.0936 5688 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:18:19.0938 5688 Wanarpv6 - ok
23:18:20.0023 5688 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:18:20.0031 5688 Wd - ok
23:18:20.0120 5688 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:18:20.0147 5688 Wdf01000 - ok
23:18:20.0257 5688 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:18:20.0261 5688 WfpLwf - ok
23:18:20.0284 5688 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:18:20.0292 5688 WIMMount - ok
23:18:20.0443 5688 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
23:18:20.0456 5688 WinUsb - ok
23:18:20.0504 5688 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:18:20.0506 5688 WmiAcpi - ok
23:18:20.0571 5688 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:18:20.0572 5688 ws2ifsl - ok
23:18:20.0608 5688 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
23:18:20.0618 5688 WudfPf - ok
23:18:20.0687 5688 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:18:20.0700 5688 WUDFRd - ok
23:18:20.0832 5688 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
23:18:20.0854 5688 yukonw7 - ok
23:18:20.0940 5688 MBR (0x1B8) (2729e6119ed3e526cfe0e851c76c2f53) \Device\Harddisk0\DR0
23:18:20.0978 5688 \Device\Harddisk0\DR0 - ok
23:18:21.0016 5688 Boot (0x1200) (9fe3b92441ee943013f57f88c4be1358) \Device\Harddisk0\DR0\Partition0
23:18:21.0018 5688 \Device\Harddisk0\DR0\Partition0 - ok
23:18:21.0038 5688 Boot (0x1200) (f3f1c7f02ad9b5dcf942beb1b512a98f) \Device\Harddisk0\DR0\Partition1
23:18:21.0040 5688 \Device\Harddisk0\DR0\Partition1 - ok
23:18:21.0074 5688 Boot (0x1200) (9f63afc73fcf3e0f05b0e370ad2ad9b8) \Device\Harddisk0\DR0\Partition2
23:18:21.0076 5688 \Device\Harddisk0\DR0\Partition2 - ok
23:18:21.0094 5688 Boot (0x1200) (60041409dd63870d9431c724e034f7ea) \Device\Harddisk0\DR0\Partition3
23:18:21.0095 5688 \Device\Harddisk0\DR0\Partition3 - ok
23:18:21.0095 5688 ============================================================
23:18:21.0095 5688 Scan finished
23:18:21.0095 5688 ============================================================
23:18:21.0112 3952 Detected object count: 0
23:18:21.0112 3952 Actual detected object count: 0











aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-17 23:18:40
-----------------------------
23:18:40.708 OS Version: Windows x64 6.1.7600
23:18:40.708 Number of processors: 4 586 0x2502
23:18:40.709 ComputerName: SHOAIB-PC UserName: Shoaib
23:18:41.869 Initialize success
23:26:59.984 AVAST engine defs: 12031700
23:27:06.612 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:27:06.617 Disk 0 Vendor: Hitachi_ PC3O Size: 305245MB BusType: 3
23:27:06.625 Disk 0 MBR read successfully
23:27:06.630 Disk 0 MBR scan
23:27:06.665 Disk 0 unknown MBR code
23:27:06.693 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
23:27:06.706 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 288218 MB offset 409600
23:27:06.751 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16723 MB offset 590680064
23:27:06.779 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
23:27:06.859 Disk 0 scanning C:\Windows\system32\drivers
23:27:22.439 Service scanning
23:28:02.582 Modules scanning
23:28:02.599 Disk 0 trace - called modules:
23:28:02.952 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
23:28:02.963 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80064a8060]
23:28:02.973 3 CLASSPNP.SYS[fffff88001b4343f] -> nt!IofCallDriver -> [0xfffffa800636db10]
23:28:02.983 5 hpdskflt.sys[fffff88001aea289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80044e2050]
23:28:04.831 AVAST engine scan C:\Windows
23:28:13.365 AVAST engine scan C:\Windows\system32
23:34:55.489 AVAST engine scan C:\Windows\system32\drivers
23:35:26.115 AVAST engine scan C:\Users\Shoaib
23:56:07.451 AVAST engine scan C:\ProgramData
23:59:58.968 Scan finished successfully
00:01:10.793 Disk 0 MBR has been saved successfully to "C:\Users\Shoaib\Desktop\MBR.dat"
00:01:10.806 The log file has been saved successfully to "C:\Users\Shoaib\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:34 AM

Posted 17 March 2012 - 02:34 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files (x86)\YouTube Downloader Toolbar
c:\program files (x86)\Common Files\Spigot
c:\program files (x86)\Application Updater

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 drunkpunkkk

drunkpunkkk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 17 March 2012 - 03:41 PM

Hello Gringo,
While combofix was scanning and looking for the viruses, I had installed Malwarebytes Anti-Malware, it still showed me that my svchost.exe is infected. Everything else is fine I can browse and visit the internet perfectly but the problem is with svchost.exe anyhow, the logs are below

COMBOFIX LOG

ComboFix 12-03-16.05 - Shoaib 03/18/2012 1:04.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2934.1504 [GMT 5:00]
Running from: c:\users\Shoaib\Desktop\ComboFix.exe
Command switches used :: c:\users\Shoaib\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Application Updater
c:\program files (x86)\Application Updater\ApplicationUpdater.exe
c:\program files (x86)\Application Updater\config.ini
c:\program files (x86)\Common Files\Spigot
c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\config.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files (x86)\Common Files\Spigot\Search Settings\wth.dll
c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ie.xml
c:\program files (x86)\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\chrome.manifest
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\install.rdf
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8
c:\program files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9
c:\program files (x86)\Common Files\Spigot\wtxpcom\install.rdf
c:\program files (x86)\YouTube Downloader Toolbar
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome.manifest
c:\program files (x86)\YouTube Downloader Toolbar\FF\chrome\chrome.jar
c:\program files (x86)\YouTube Downloader Toolbar\FF\install.rdf
c:\program files (x86)\YouTube Downloader Toolbar\IE\5.1\config.ini
c:\program files (x86)\YouTube Downloader Toolbar\IE\5.1\youtubedownloaderToolbarIE.dll
c:\program files (x86)\YouTube Downloader Toolbar\Res\amazon.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\dailymotion.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\dropinsavings.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\dropinsavingsabt.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\ebay.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\facebook.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\googleplus.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\hulu.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\icon_settings.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\Lang\res1031.ini
c:\program files (x86)\YouTube Downloader Toolbar\Res\Lang\res1033.ini
c:\program files (x86)\YouTube Downloader Toolbar\Res\Lang\res1034.ini
c:\program files (x86)\YouTube Downloader Toolbar\Res\Lang\res1036.ini
c:\program files (x86)\YouTube Downloader Toolbar\Res\Lang\res1040.ini
c:\program files (x86)\YouTube Downloader Toolbar\Res\metacafe.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\radio-close.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\radio-minimize.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\radiobeta.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search-button-hover.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search-button.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search-chevron-hover.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search-chevron.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_amazon.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_baidu.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_ebay.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_yahoo.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_yandex.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\search_youtube.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\twitter.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\veoh.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\widgets.xml
c:\program files (x86)\YouTube Downloader Toolbar\Res\youtube.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\ytd.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\ytd_logo.gif
c:\program files (x86)\YouTube Downloader Toolbar\Res\ytd_logo_hover.gif
c:\program files (x86)\YouTube Downloader Toolbar\WidgiHelper.exe
c:\users\Shoaib\AppData\Roaming\mIRC\logs\status.log
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Application Updater
-------\Service_Application Updater
.
.
((((((((((((((((((((((((( Files Created from 2012-02-17 to 2012-03-17 )))))))))))))))))))))))))))))))
.
.
2012-03-17 20:27 . 2012-03-17 20:27 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-03-17 20:27 . 2012-03-17 20:27 -------- d-----w- c:\users\Yo\AppData\Local\temp
2012-03-17 20:27 . 2012-03-17 20:27 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-03-17 20:27 . 2012-03-17 20:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-17 12:17 . 2012-03-17 15:24 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6478A7FB-7578-4358-8760-0A8C890A994D}\offreg.dll
2012-03-17 11:15 . 2012-03-17 20:27 -------- d-----w- c:\users\P\AppData\Local\temp
2012-03-16 16:56 . 2012-03-16 16:56 -------- d-----w- c:\users\Shoaib\AppData\Roaming\Malwarebytes
2012-03-16 16:56 . 2012-03-16 16:56 -------- d-----w- c:\programdata\Malwarebytes
2012-03-16 16:56 . 2012-03-16 16:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-16 16:56 . 2011-12-10 10:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 16:40 . 2012-03-16 16:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-13 10:20 . 2012-03-13 10:20 -------- d-----w- c:\users\P\AppData\Local\Diagnostics
2012-03-13 10:16 . 2012-03-13 10:16 -------- d-----w- c:\users\P\AppData\Roaming\Apple Computer
2012-03-13 10:16 . 2012-03-13 15:42 -------- d-----w- c:\users\P\AppData\Local\blekkotb
2012-03-12 09:21 . 2012-03-15 01:10 -------- d-----w- c:\program files (x86)\SwfModify
2012-03-12 09:15 . 2012-03-12 09:15 -------- d-----w- c:\program files (x86)\Openworld
2012-03-12 09:15 . 2012-03-12 09:17 -------- d-----w- c:\users\Shoaib\AppData\Local\blekkotb
2012-03-12 09:15 . 2012-03-15 01:10 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-03-12 09:15 . 2012-03-15 01:10 -------- d-----w- c:\program files (x86)\blekkotb
2012-02-27 23:58 . 2012-03-08 08:44 -------- d-----w- c:\programdata\Recovery
2012-02-27 14:34 . 2012-03-04 05:25 -------- d-----w- c:\users\Shoaib\New
2012-02-26 08:34 . 2012-03-16 08:39 -------- d-----w- c:\users\Shoaib\AppData\Roaming\FileZilla
2012-02-26 08:34 . 2012-03-06 20:29 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2012-02-20 01:15 . 2012-02-20 01:15 -------- d-----w- c:\program files (x86)\VPN4ALL
2012-02-19 23:19 . 2012-02-19 23:19 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-18 23:19 . 2012-02-18 23:19 -------- d-----w- c:\programdata\hssff
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-19 23:19 . 2011-03-27 21:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-17_11.08.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-16 21:07 . 2012-03-17 12:19 61458 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-17 20:32 44806 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-11 15:27 . 2012-03-17 20:32 19094 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3996266104-256763300-1206398389-1000_UserData.bin
+ 2011-12-01 12:02 . 2012-03-17 15:26 2048 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3996266104-256763300-1206398389-1016_UserData.bin
- 2010-06-13 22:48 . 2012-03-16 21:46 4368 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2010-06-13 22:48 . 2012-03-17 20:29 4368 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-03-17 20:30 . 2012-03-17 20:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-17 10:39 . 2012-03-17 10:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-17 20:30 . 2012-03-17 20:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-17 10:39 . 2012-03-17 10:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-02 15:04 . 2012-03-17 10:39 163840 c:\windows\Temp\Cookies\index.dat
+ 2011-08-02 15:04 . 2012-03-17 20:30 163840 c:\windows\Temp\Cookies\index.dat
+ 2011-01-14 17:37 . 2012-03-17 12:49 362748 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-14 02:36 . 2012-03-17 15:28 624178 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-17 10:44 624178 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-17 10:44 106522 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-17 15:28 106522 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-16 21:46 411740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-17 20:29 411740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-02 15:04 . 2012-03-17 20:30 8077312 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-02 15:04 . 2012-03-17 10:39 8077312 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-02 15:04 . 2012-03-17 20:30 7569408 c:\windows\Temp\History\History.IE5\index.dat
- 2011-08-02 15:04 . 2012-03-17 10:39 7569408 c:\windows\Temp\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2012-03-17 10:54 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-17 12:31 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-09-12 19:01 . 2012-03-17 20:29 2972712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3996266104-256763300-1206398389-1016-8192.dat
+ 2011-08-07 22:32 . 2012-03-17 20:29 16408940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3996266104-256763300-1206398389-1000-12288.dat
- 2011-08-07 22:32 . 2012-03-16 21:46 16408940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3996266104-256763300-1206398389-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VPN4ALL"="c:\program files (x86)\VPN4ALL\VPN4ALL.exe" [2011-09-02 1784832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AcuWVSSchedulerv7;Acunetix WVS Scheduler v7;c:\program files (x86)\Acunetix\Web Vulnerability Scanner 7\WVSScheduler7.exe [2011-10-05 675976]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 BitKinex;BitKinex File Transfer Service;c:\program files (x86)\BitKinex\bitkinexsvc.exe DISPATCH [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2009-11-26 338168]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-01-06 331608]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-01-04 329544]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 21:28 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3996266104-256763300-1206398389-1000Core.job
- c:\users\Shoaib\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-20 18:02]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3996266104-256763300-1206398389-1000UA.job
- c:\users\Shoaib\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-20 18:02]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3996266104-256763300-1206398389-1016Core.job
- c:\users\P\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-07 12:40]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3996266104-256763300-1206398389-1016UA.job
- c:\users\P\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-07 12:40]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3996266104-256763300-1206398389-1017Core.job
- c:\users\Yo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-27 16:31]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3996266104-256763300-1206398389-1017UA.job
- c:\users\Yo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-27 16:31]
.
2012-03-15 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-01 487424]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"combofix"="c:\combofix\CF10526.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyServer = socks=127.0.0.1:22
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download with BitKinex - c:\program files (x86)\BitKinex\ieext_cp.htm
IE: &Register in BitKinex - c:\program files (x86)\BitKinex\ieext_reg.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{18D5C084-17AB-4B0C-B49E-E897AF8CF649}: NameServer = 10.25.64.1
FF - ProfilePath - c:\users\Shoaib\AppData\Roaming\Mozilla\Firefox\Profiles\07gyovup.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-SearchSettings - c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\BitKinex\bitkinexsvc.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-03-18 01:38:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-17 20:38
ComboFix2.txt 2012-03-17 11:15
.
Pre-Run: 47,464,910,848 bytes free
Post-Run: 47,072,514,048 bytes free
.
- - End Of File - - 04779E9805DFA9DF2B522597F77C396A

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:34 AM

Posted 18 March 2012 - 07:09 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Adobe Reader 9.4.5 MUI
uTorrentBar Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 drunkpunkkk

drunkpunkkk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 19 March 2012 - 04:45 AM

Hello Gringo, everything is running smooth and fine, I am not having any problems uptil now, thanks alot for your help. Following are the logs

Edit:
I just started the computer and got the error from AVIRA anti virus, pop up windows error which said

"The profile could not be found"

MBAM
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.19.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Shoaib :: SHOAIB-PC [administrator]

Protection: Enabled

3/19/2012 2:29:26 PM
mbam-log-2012-03-19 (14-29-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251754
Time elapsed: 11 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:43:34 PM, on 3/19/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\VPN4ALL\vpn4all.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Shoaib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shoaib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Shoaib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shoaib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:22
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [VPN4ALL] C:\Program Files (x86)\VPN4ALL\VPN4ALL.exe
O8 - Extra context menu item: &Download with BitKinex - C:\Program Files (x86)\BitKinex\ieext_cp.htm
O8 - Extra context menu item: &Register in BitKinex - C:\Program Files (x86)\BitKinex\ieext_reg.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{18D5C084-17AB-4B0C-B49E-E897AF8CF649}: NameServer = 10.25.64.1
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Acunetix WVS Scheduler v7 (AcuWVSSchedulerv7) - Acunetix Ltd. - C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 7\WVSScheduler7.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BitKinex File Transfer Service (BitKinex) - Unknown owner - C:\Program Files (x86)\BitKinex\bitkinexsvc.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\VPN4ALL\Connect\openvpnserv.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11769 bytes

Edited by drunkpunkkk, 19 March 2012 - 10:25 AM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:34 AM

Posted 19 March 2012 - 12:28 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 drunkpunkkk

drunkpunkkk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 20 March 2012 - 10:45 AM

Dear Gringo,

I scanning esnet and in 1 hour it only scanned 2% of my computer, I tried again and this time it scanned 5% in 1 hours and 15 minutes, is this normal? this is taking a lot of time, I am on a fast computer but maybe a slow internet, maybe you can recommend me some other program to scan?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:34 AM

Posted 20 March 2012 - 01:11 PM

Hello

try resetting IE - go here and scroll down and click on show all and click on the fix-it button - http://windows.microsoft.com/en-US/windows-vista/Reset-Internet-Explorer-8-settings


if that does not work then try this one

F-Secure Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go HERE to run an online scan from F-Secure
  • Click on Start scanning
  • This will open a new window

    In Interner Explorer
  • It will require an activex control, please install it
  • Click Accept

  • In Firefox
  • It will require an Add-on to be installed, please install it
  • Order to install the Add-on Firefox needs to be restarted, please do so
[*]Click Full System Scan
[*]It will now download the scanner this may take a while please be patient
[*]It will then start scanning wait for the scan to finish
[*]Click Automatic cleaning (recommended)
[*]Wait for it finish the cleaning process
[*]Click show report
[*]This will open up a window with the results of the scan copy and paste those results as a reply to this topic[/list]

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:34 AM

Posted 22 March 2012 - 11:40 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 drunkpunkkk

drunkpunkkk
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 23 March 2012 - 07:07 AM

Hello Gringo, because I am on a slow internet so I face alot of problems running online scanner, I am still trying.....

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:34 AM

Posted 23 March 2012 - 11:05 AM

Please download Kaspersky Virus Removal Tool and SAVE it to your desktop

  • Right click and run as admin (xp please double click to run)
  • select lang
  • accept the license aggreement
  • click on settings (gear looking thing on the right)
  • put check mark in
    • system memory
      hidden objects
      disk boot sectors
      computer
      os
  • go back to automatic scan
  • click on start scan
  • For this scan select skip for anything found
  • when the scan is complete click on the report button (looks like a peace of paper on the right of the gear looking thing)
  • on the left you will see
    status
    Detected threats<-- click on this one
    automatic Scan report
    Manual disinfection report
  • click on the save button
    save to a location that you can find it ( default is in the document folder)
  • copy and paste this report in your next post

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users