Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan in svchost.exe


  • This topic is locked This topic is locked
12 replies to this topic

#1 Shpongle

Shpongle

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 21 March 2012 - 07:58 PM

Attached File  DDS.txt   18.87KB   1 downloadsI've scanned and attempted to remove with malwarebytes etc. No avail. Regularly get blue screens when trying to use computer not in safe mode. I'm not too great with computers so any help would be greatly appreciated. I read the preparation guide and am running a 64-bit system so i skipped the part about the GMER log, as requested. DDS log attached.

Edited by Shpongle, 21 March 2012 - 07:58 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 22 March 2012 - 12:11 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

<insert av's>

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Shpongle

Shpongle
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 24 March 2012 - 02:24 PM

Ran combofix log will be below. Trojan is still there and I can't run my computer out of safe mode, if I do it eventually crashes and I get a blue screen. Combofix said to disable AVG but i couldnt in safe mode so i just uninstalled it and then it still said to disable AVG, so I just ran combofix. Here is the log. Thank you very much for your help.

ComboFix 12-03-22.01 - SexyPCBuildin'Man 03/24/2012 14:06:39.2.4 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.3386 [GMT -5:00]
Running from: c:\users\SexyPCBuildin'Man\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
---- Previous Run -------
.
c:\program files (x86)\LP\1E50\18DC.tmp
c:\program files (x86)\LP\1E50\2E7E.tmp
c:\program files (x86)\LP\1E50\5ADF.tmp
c:\program files (x86)\LP\1E50\5D6C.tmp
c:\program files (x86)\LP\1E50\70DB.tmp
c:\program files (x86)\LP\1E50\772.tmp
c:\program files (x86)\LP\1E50\A0A3.tmp
c:\program files (x86)\LP\1E50\B599.tmp
c:\program files (x86)\LP\1E50\EC82.tmp
c:\program files (x86)\Object\chromeaddon\._included.js
c:\program files (x86)\Object\chromeaddon\included.js
c:\program files (x86)\Object\config.ini
c:\program files (x86)\Object\facetheme_uninstall.exe
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\program files (x86)\WebEnhancements\BrowserEnhancements.crx
c:\program files (x86)\WebEnhancements\BrowserEnhancements.safariextz
c:\program files (x86)\WebEnhancements\BrowserEnhancements.xpi
c:\program files (x86)\WebEnhancements\uninst.exe
c:\program files\Uninstall.exe
c:\users\SexyPCBuildin'Man\AppData\Roaming\SexyPCBuildin'Man3SQLite3.dll
c:\users\SexyPCBuildin'Man\AppData\Roaming\SexyPCBuildin'Manlog.dat
c:\windows\svchost.exe
c:\windows\SysWow64\ccrpTmr6.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-24 to 2012-03-24 )))))))))))))))))))))))))))))))
.
.
2012-03-24 19:12 . 2012-03-24 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-19 21:15 . 2012-03-19 21:15 -------- d-----w- c:\users\SexyPCBuildin'Man\AppData\Local\SWTOR
2012-03-19 02:28 . 2012-03-19 02:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-19 02:28 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 02:20 . 2012-03-19 02:20 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 02:20 . 2012-03-19 02:20 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-19 00:10 . 2012-03-19 00:10 397 ----a-w- C:\temp680.bat
2012-03-19 00:10 . 2012-03-19 00:10 1124 ----a-w- C:\temp670.bat
2012-03-18 23:34 . 2012-03-18 23:37 -------- d-----w- c:\users\SexyPCBuildin'Man\AppData\Roaming\Origin
2012-03-17 16:04 . 2012-03-17 16:04 -------- d-----w- c:\users\SexyPCBuildin'Man\AppData\Local\Origin
2012-03-17 16:03 . 2012-03-18 23:52 -------- d-----w- c:\programdata\Origin
2012-03-17 16:03 . 2012-03-17 16:03 -------- d-----w- c:\programdata\Electronic Arts
2012-03-17 16:03 . 2012-03-17 16:03 -------- d-----w- c:\program files (x86)\Origin Games
2012-03-17 16:03 . 2012-03-18 23:37 -------- d-----w- c:\program files (x86)\Origin
2012-03-17 15:17 . 2012-03-17 16:01 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2012-03-17 15:17 . 2012-03-17 15:17 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-03-13 23:23 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 23:23 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 23:23 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 23:23 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-06 22:58 . 2012-03-06 22:58 397 ----a-w- C:\temp944.bat
2012-03-06 22:58 . 2012-03-06 22:58 1124 ----a-w- C:\temp148.bat
2012-03-06 22:37 . 2012-03-19 00:10 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-03-06 22:36 . 2012-03-06 22:36 -------- d-----w- c:\program files (x86)\Tweaking.com
2012-03-05 02:20 . 2012-03-05 02:20 -------- d-----w- c:\users\SexyPCBuildin'Man\AppData\Local\ElevatedDiagnostics
2012-02-25 15:57 . 2012-02-25 15:57 -------- d-----w- c:\users\SexyPCBuildin'Man\AppData\Roaming\AVG2012
2012-02-25 15:42 . 2012-02-25 15:42 -------- d-----w- c:\programdata\Common Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-10 14:06 . 2011-06-02 02:56 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-10 02:15 . 2012-02-10 02:15 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\C9F.tmp
2012-02-10 02:15 . 2012-02-10 02:15 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\C9E.tmp
2011-12-28 03:59 . 2012-02-16 03:19 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2010-12-24 08:17 . 2010-12-24 08:17 76464 ----a-w- c:\program files\fraps64.dat
2010-12-24 08:17 . 2010-12-24 08:17 2354352 ----a-w- c:\program files\fraps.exe
2010-12-24 08:13 . 2010-12-24 08:13 159744 ----a-w- c:\program files\frapslcd.dll
2010-12-02 08:08 . 2010-12-02 08:08 253104 ----a-w- c:\program files\fraps32.dll
2010-12-02 08:08 . 2010-12-02 08:08 197808 ----a-w- c:\program files\fraps64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
"BitTorrent DNA"="c:\users\SexyPCBuildin'Man\Program Files (x86)\DNA\btdna.exe" [2010-12-27 323392]
"TorrentEasy"="c:\program files (x86)\TorrentEasy\TorrentEasy.exe" [2011-05-20 2557440]
"JagexProperties"="c:\.jagex_cache_32\jagd.jar" [2011-07-01 29816]
"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]
"JaGeXDaemon"="c:\.jagex_cache_32\jagc.jar" [2012-03-23 35298]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-05 95576]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-07-16 273544]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\users\SexyPCBuildin'Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
.jagex_runescape_preferences.jar [2012-3-23 35298]
CurseClientStartup.ccip [2012-2-16 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files (x86)\Ralink\Common\RaUI.exe [2010-12-28 1609728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2009-08-19 212256]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-29 248936]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE [2012-03-19 181064]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-28 c:\windows\Tasks\DriverNavigator Scheduled Scan.job
- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2010-12-27 04:37]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1899605893-1123466696-712845297-1000Core.job
- c:\users\SexyPCBuildin'Man\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-27 02:49]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1899605893-1123466696-712845297-1000UA.job
- c:\users\SexyPCBuildin'Man\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-27 02:49]
.
2012-03-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1899605893-1123466696-712845297-1000.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgRemover"="c:\users\SexyPCBuildin'Man\Downloads\avg_remover_stf_x64_2012_1796.exe" [2012-03-24 2540688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:57515
IE: Free YouTube Download - c:\users\SexyPCBuildin'Man\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\SexyPCBuildin'Man\AppData\Roaming\Mozilla\Firefox\Profiles\ulns1du7.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 57515
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
BHO-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
Toolbar-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
Wow6432Node-HKLM-Run-NPSStartup - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-facetheme - c:\program files (x86)\Object\facetheme_uninstall.exe
AddRemove-Fraps - c:\program files\uninstall.exe
AddRemove-WebEnhancements_1 - c:\program files (x86)\WebEnhancements\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-03-24 14:19:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-24 19:19
.
Pre-Run: 238,172,778,496 bytes free
Post-Run: 237,536,428,032 bytes free
.
- - End Of File - - 6F6AF23C9AC8D83DDD5ED8797BB0744B

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 24 March 2012 - 05:35 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Shpongle

Shpongle
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 24 March 2012 - 09:52 PM

Both ran fine. Here is my tddskiller report and the aswMBR report is below it
21:35:51.0410 1252 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
21:35:51.0786 1252 ============================================================
21:35:51.0786 1252 Current date / time: 2012/03/24 21:35:51.0786
21:35:51.0786 1252 SystemInfo:
21:35:51.0786 1252
21:35:51.0786 1252 OS Version: 6.1.7600 ServicePack: 0.0
21:35:51.0786 1252 Product type: Workstation
21:35:51.0786 1252 ComputerName: ISAACWINSLETTPC
21:35:51.0787 1252 UserName: SexyPCBuildin'Man
21:35:51.0787 1252 Windows directory: C:\Windows
21:35:51.0787 1252 System windows directory: C:\Windows
21:35:51.0787 1252 Running under WOW64
21:35:51.0787 1252 Processor architecture: Intel x64
21:35:51.0787 1252 Number of processors: 4
21:35:51.0787 1252 Page size: 0x1000
21:35:51.0787 1252 Boot type: Safe boot with network
21:35:51.0787 1252 ============================================================
21:35:52.0574 1252 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:35:52.0576 1252 \Device\Harddisk0\DR0:
21:35:52.0577 1252 MBR used
21:35:52.0577 1252 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:35:52.0577 1252 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
21:35:52.0602 1252 Initialize success
21:35:52.0602 1252 ============================================================
21:35:54.0018 2024 ============================================================
21:35:54.0018 2024 Scan started
21:35:54.0018 2024 Mode: Manual;
21:35:54.0018 2024 ============================================================
21:35:54.0816 2024 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:35:54.0818 2024 1394ohci - ok
21:35:54.0841 2024 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:35:54.0844 2024 ACPI - ok
21:35:54.0867 2024 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:35:54.0868 2024 AcpiPmi - ok
21:35:54.0905 2024 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:35:54.0910 2024 adp94xx - ok
21:35:54.0925 2024 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:35:54.0928 2024 adpahci - ok
21:35:54.0948 2024 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:35:54.0950 2024 adpu320 - ok
21:35:54.0977 2024 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:35:54.0978 2024 AeLookupSvc - ok
21:35:55.0017 2024 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
21:35:55.0021 2024 AFD - ok
21:35:55.0041 2024 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:35:55.0042 2024 agp440 - ok
21:35:55.0056 2024 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:35:55.0057 2024 ALG - ok
21:35:55.0070 2024 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:35:55.0070 2024 aliide - ok
21:35:55.0089 2024 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:35:55.0090 2024 amdide - ok
21:35:55.0107 2024 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:35:55.0108 2024 AmdK8 - ok
21:35:55.0132 2024 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:35:55.0133 2024 AmdPPM - ok
21:35:55.0163 2024 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
21:35:55.0165 2024 amdsata - ok
21:35:55.0185 2024 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:35:55.0187 2024 amdsbs - ok
21:35:55.0195 2024 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
21:35:55.0196 2024 amdxata - ok
21:35:55.0233 2024 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:35:55.0234 2024 AppID - ok
21:35:55.0249 2024 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:35:55.0250 2024 AppIDSvc - ok
21:35:55.0274 2024 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
21:35:55.0275 2024 Appinfo - ok
21:35:55.0342 2024 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:35:55.0345 2024 Apple Mobile Device - ok
21:35:55.0361 2024 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
21:35:55.0363 2024 AppMgmt - ok
21:35:55.0382 2024 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:35:55.0384 2024 arc - ok
21:35:55.0399 2024 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:35:55.0401 2024 arcsas - ok
21:35:55.0466 2024 ASDR (4b720cc508b4fb999a7bf0e6d84f73e1) C:\Windows\SysWOW64\ASDR.exe
21:35:55.0468 2024 ASDR - ok
21:35:55.0481 2024 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:35:55.0482 2024 AsyncMac - ok
21:35:55.0497 2024 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:35:55.0497 2024 atapi - ok
21:35:55.0522 2024 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:35:55.0529 2024 AudioEndpointBuilder - ok
21:35:55.0538 2024 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:35:55.0541 2024 AudioSrv - ok
21:35:55.0555 2024 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
21:35:55.0556 2024 AxInstSV - ok
21:35:55.0577 2024 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:35:55.0582 2024 b06bdrv - ok
21:35:55.0599 2024 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:35:55.0602 2024 b57nd60a - ok
21:35:55.0611 2024 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:35:55.0613 2024 BDESVC - ok
21:35:55.0644 2024 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:35:55.0644 2024 Beep - ok
21:35:55.0665 2024 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
21:35:55.0672 2024 BFE - ok
21:35:55.0711 2024 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
21:35:55.0780 2024 BITS - ok
21:35:55.0796 2024 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:35:55.0797 2024 blbdrive - ok
21:35:55.0849 2024 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:35:55.0854 2024 Bonjour Service - ok
21:35:55.0886 2024 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:35:55.0887 2024 bowser - ok
21:35:55.0907 2024 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:35:55.0908 2024 BrFiltLo - ok
21:35:55.0924 2024 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:35:55.0925 2024 BrFiltUp - ok
21:35:55.0940 2024 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:35:55.0941 2024 BridgeMP - ok
21:35:55.0961 2024 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
21:35:55.0963 2024 Browser - ok
21:35:55.0983 2024 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:35:55.0987 2024 Brserid - ok
21:35:56.0000 2024 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:35:56.0001 2024 BrSerWdm - ok
21:35:56.0011 2024 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:35:56.0012 2024 BrUsbMdm - ok
21:35:56.0029 2024 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:35:56.0029 2024 BrUsbSer - ok
21:35:56.0044 2024 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:35:56.0045 2024 BTHMODEM - ok
21:35:56.0055 2024 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:35:56.0056 2024 bthserv - ok
21:35:56.0068 2024 catchme - ok
21:35:56.0085 2024 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:35:56.0086 2024 cdfs - ok
21:35:56.0110 2024 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:35:56.0112 2024 cdrom - ok
21:35:56.0129 2024 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:35:56.0130 2024 CertPropSvc - ok
21:35:56.0142 2024 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:35:56.0143 2024 circlass - ok
21:35:56.0153 2024 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:35:56.0157 2024 CLFS - ok
21:35:56.0209 2024 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:35:56.0213 2024 clr_optimization_v2.0.50727_32 - ok
21:35:56.0238 2024 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:35:56.0241 2024 clr_optimization_v2.0.50727_64 - ok
21:35:56.0270 2024 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:35:56.0271 2024 CmBatt - ok
21:35:56.0282 2024 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:35:56.0283 2024 cmdide - ok
21:35:56.0329 2024 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
21:35:56.0343 2024 CNG - ok
21:35:56.0419 2024 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:35:56.0420 2024 Compbatt - ok
21:35:56.0437 2024 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:35:56.0438 2024 CompositeBus - ok
21:35:56.0444 2024 COMSysApp - ok
21:35:56.0458 2024 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:35:56.0459 2024 crcdisk - ok
21:35:56.0480 2024 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
21:35:56.0482 2024 CryptSvc - ok
21:35:56.0510 2024 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
21:35:56.0515 2024 CSC - ok
21:35:56.0540 2024 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
21:35:56.0547 2024 CscService - ok
21:35:56.0643 2024 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:35:56.0652 2024 cvhsvc - ok
21:35:56.0689 2024 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:35:56.0695 2024 DcomLaunch - ok
21:35:56.0722 2024 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:35:56.0725 2024 defragsvc - ok
21:35:56.0757 2024 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:35:56.0758 2024 DfsC - ok
21:35:56.0773 2024 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
21:35:56.0776 2024 Dhcp - ok
21:35:56.0797 2024 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:35:56.0798 2024 discache - ok
21:35:56.0820 2024 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:35:56.0821 2024 Disk - ok
21:35:56.0851 2024 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
21:35:56.0853 2024 Dnscache - ok
21:35:56.0869 2024 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
21:35:56.0872 2024 dot3svc - ok
21:35:56.0885 2024 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
21:35:56.0888 2024 DPS - ok
21:35:56.0918 2024 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:35:56.0919 2024 drmkaud - ok
21:35:56.0954 2024 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
21:35:56.0964 2024 DXGKrnl - ok
21:35:56.0980 2024 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:35:56.0982 2024 EapHost - ok
21:35:57.0045 2024 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:35:57.0097 2024 ebdrv - ok
21:35:57.0130 2024 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
21:35:57.0132 2024 EFS - ok
21:35:57.0176 2024 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
21:35:57.0183 2024 ehRecvr - ok
21:35:57.0188 2024 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:35:57.0190 2024 ehSched - ok
21:35:57.0214 2024 EIO64 (343ada10d948db29251f2d9c809af204) C:\Windows\system32\DRIVERS\EIO64.sys
21:35:57.0215 2024 EIO64 - ok
21:35:57.0238 2024 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:35:57.0243 2024 elxstor - ok
21:35:57.0257 2024 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:35:57.0258 2024 ErrDev - ok
21:35:57.0283 2024 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:35:57.0287 2024 EventSystem - ok
21:35:57.0305 2024 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:35:57.0307 2024 exfat - ok
21:35:57.0329 2024 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:35:57.0332 2024 fastfat - ok
21:35:57.0369 2024 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
21:35:57.0376 2024 Fax - ok
21:35:57.0397 2024 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:35:57.0397 2024 fdc - ok
21:35:57.0405 2024 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:35:57.0407 2024 fdPHost - ok
21:35:57.0423 2024 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:35:57.0424 2024 FDResPub - ok
21:35:57.0438 2024 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:35:57.0439 2024 FileInfo - ok
21:35:57.0447 2024 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:35:57.0448 2024 Filetrace - ok
21:35:57.0460 2024 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:35:57.0461 2024 flpydisk - ok
21:35:57.0481 2024 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:35:57.0484 2024 FltMgr - ok
21:35:57.0514 2024 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
21:35:57.0525 2024 FontCache - ok
21:35:57.0586 2024 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:35:57.0588 2024 FontCache3.0.0.0 - ok
21:35:57.0596 2024 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:35:57.0597 2024 FsDepends - ok
21:35:57.0605 2024 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:35:57.0606 2024 Fs_Rec - ok
21:35:57.0624 2024 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
21:35:57.0626 2024 fvevol - ok
21:35:57.0640 2024 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:35:57.0641 2024 gagp30kx - ok
21:35:57.0664 2024 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:35:57.0665 2024 GEARAspiWDM - ok
21:35:57.0687 2024 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
21:35:57.0696 2024 gpsvc - ok
21:35:57.0712 2024 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:35:57.0712 2024 hcw85cir - ok
21:35:57.0763 2024 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:35:57.0766 2024 HdAudAddService - ok
21:35:57.0783 2024 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:35:57.0784 2024 HDAudBus - ok
21:35:57.0802 2024 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:35:57.0803 2024 HidBatt - ok
21:35:57.0822 2024 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:35:57.0823 2024 HidBth - ok
21:35:57.0836 2024 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:35:57.0837 2024 HidIr - ok
21:35:57.0854 2024 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:35:57.0855 2024 hidserv - ok
21:35:57.0874 2024 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:35:57.0874 2024 HidUsb - ok
21:35:57.0888 2024 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
21:35:57.0890 2024 hkmsvc - ok
21:35:57.0904 2024 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
21:35:57.0907 2024 HomeGroupListener - ok
21:35:57.0928 2024 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
21:35:57.0931 2024 HomeGroupProvider - ok
21:35:57.0950 2024 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:35:57.0952 2024 HpSAMD - ok
21:35:57.0978 2024 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:35:57.0985 2024 HTTP - ok
21:35:57.0996 2024 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:35:57.0997 2024 hwpolicy - ok
21:35:58.0005 2024 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:35:58.0007 2024 i8042prt - ok
21:35:58.0028 2024 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
21:35:58.0033 2024 iaStorV - ok
21:35:58.0085 2024 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:35:58.0087 2024 IDriverT - ok
21:35:58.0111 2024 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:35:58.0120 2024 idsvc - ok
21:35:58.0137 2024 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:35:58.0138 2024 iirsp - ok
21:35:58.0162 2024 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
21:35:58.0170 2024 IKEEXT - ok
21:35:58.0186 2024 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:35:58.0187 2024 intelide - ok
21:35:58.0208 2024 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:35:58.0209 2024 intelppm - ok
21:35:58.0247 2024 IOMap (a01c412699b6f21645b2885c2bae4454) C:\Windows\system32\drivers\IOMap64.sys
21:35:58.0248 2024 IOMap - ok
21:35:58.0263 2024 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:35:58.0264 2024 IPBusEnum - ok
21:35:58.0290 2024 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:35:58.0292 2024 IpFilterDriver - ok
21:35:58.0318 2024 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
21:35:58.0324 2024 iphlpsvc - ok
21:35:58.0333 2024 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:35:58.0334 2024 IPMIDRV - ok
21:35:58.0351 2024 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:35:58.0353 2024 IPNAT - ok
21:35:58.0401 2024 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
21:35:58.0411 2024 iPod Service - ok
21:35:58.0438 2024 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:35:58.0439 2024 IRENUM - ok
21:35:58.0457 2024 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:35:58.0458 2024 isapnp - ok
21:35:58.0473 2024 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:35:58.0476 2024 iScsiPrt - ok
21:35:58.0491 2024 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:35:58.0492 2024 kbdclass - ok
21:35:58.0504 2024 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:35:58.0504 2024 kbdhid - ok
21:35:58.0538 2024 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:35:58.0539 2024 KeyIso - ok
21:35:58.0557 2024 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
21:35:58.0559 2024 KSecDD - ok
21:35:58.0577 2024 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
21:35:58.0579 2024 KSecPkg - ok
21:35:58.0589 2024 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:35:58.0590 2024 ksthunk - ok
21:35:58.0609 2024 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:35:58.0614 2024 KtmRm - ok
21:35:58.0639 2024 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys
21:35:58.0640 2024 L1C - ok
21:35:58.0663 2024 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
21:35:58.0666 2024 LanmanServer - ok
21:35:58.0687 2024 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
21:35:58.0701 2024 LanmanWorkstation - ok
21:35:58.0718 2024 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:35:58.0719 2024 lltdio - ok
21:35:58.0743 2024 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:35:58.0747 2024 lltdsvc - ok
21:35:58.0755 2024 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:35:58.0756 2024 lmhosts - ok
21:35:58.0781 2024 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:35:58.0783 2024 LSI_FC - ok
21:35:58.0792 2024 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:35:58.0793 2024 LSI_SAS - ok
21:35:58.0802 2024 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:35:58.0803 2024 LSI_SAS2 - ok
21:35:58.0814 2024 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:35:58.0815 2024 LSI_SCSI - ok
21:35:58.0831 2024 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:35:58.0832 2024 luafv - ok
21:35:58.0879 2024 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
21:35:58.0879 2024 MBAMProtector - ok
21:35:58.0951 2024 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:35:58.0957 2024 MBAMService - ok
21:35:58.0985 2024 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
21:35:58.0987 2024 Mcx2Svc - ok
21:35:59.0006 2024 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:35:59.0007 2024 megasas - ok
21:35:59.0018 2024 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:35:59.0021 2024 MegaSR - ok
21:35:59.0036 2024 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:35:59.0038 2024 MMCSS - ok
21:35:59.0060 2024 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:35:59.0060 2024 Modem - ok
21:35:59.0069 2024 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:35:59.0069 2024 monitor - ok
21:35:59.0086 2024 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:35:59.0086 2024 mouclass - ok
21:35:59.0108 2024 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:35:59.0109 2024 mouhid - ok
21:35:59.0126 2024 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:35:59.0127 2024 mountmgr - ok
21:35:59.0137 2024 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:35:59.0139 2024 mpio - ok
21:35:59.0155 2024 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:35:59.0156 2024 mpsdrv - ok
21:35:59.0182 2024 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
21:35:59.0191 2024 MpsSvc - ok
21:35:59.0209 2024 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:35:59.0211 2024 MRxDAV - ok
21:35:59.0243 2024 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:35:59.0245 2024 mrxsmb - ok
21:35:59.0265 2024 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:35:59.0268 2024 mrxsmb10 - ok
21:35:59.0293 2024 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:35:59.0294 2024 mrxsmb20 - ok
21:35:59.0302 2024 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:35:59.0303 2024 msahci - ok
21:35:59.0323 2024 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:35:59.0325 2024 msdsm - ok
21:35:59.0340 2024 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:35:59.0342 2024 MSDTC - ok
21:35:59.0352 2024 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:35:59.0352 2024 Msfs - ok
21:35:59.0367 2024 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:35:59.0367 2024 mshidkmdf - ok
21:35:59.0375 2024 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:35:59.0376 2024 msisadrv - ok
21:35:59.0397 2024 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:35:59.0400 2024 MSiSCSI - ok
21:35:59.0406 2024 msiserver - ok
21:35:59.0424 2024 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:35:59.0424 2024 MSKSSRV - ok
21:35:59.0459 2024 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:35:59.0459 2024 MSPCLOCK - ok
21:35:59.0467 2024 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:35:59.0468 2024 MSPQM - ok
21:35:59.0486 2024 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:35:59.0490 2024 MsRPC - ok
21:35:59.0505 2024 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:35:59.0505 2024 mssmbios - ok
21:35:59.0523 2024 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:35:59.0524 2024 MSTEE - ok
21:35:59.0537 2024 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:35:59.0537 2024 MTConfig - ok
21:35:59.0555 2024 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:35:59.0556 2024 Mup - ok
21:35:59.0591 2024 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
21:35:59.0596 2024 napagent - ok
21:35:59.0617 2024 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:35:59.0620 2024 NativeWifiP - ok
21:35:59.0650 2024 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:35:59.0659 2024 NDIS - ok
21:35:59.0673 2024 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:35:59.0673 2024 NdisCap - ok
21:35:59.0696 2024 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:35:59.0697 2024 NdisTapi - ok
21:35:59.0714 2024 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:35:59.0715 2024 Ndisuio - ok
21:35:59.0735 2024 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:35:59.0737 2024 NdisWan - ok
21:35:59.0752 2024 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:35:59.0753 2024 NDProxy - ok
21:35:59.0770 2024 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:35:59.0771 2024 NetBIOS - ok
21:35:59.0787 2024 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:35:59.0789 2024 NetBT - ok
21:35:59.0822 2024 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:35:59.0822 2024 Netlogon - ok
21:35:59.0852 2024 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:35:59.0856 2024 Netman - ok
21:35:59.0868 2024 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:35:59.0873 2024 netprofm - ok
21:35:59.0912 2024 netr28x (d9a089e17112f04f452d22254b959d87) C:\Windows\system32\DRIVERS\netr28x.sys
21:35:59.0919 2024 netr28x - ok
21:35:59.0974 2024 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:35:59.0975 2024 NetTcpPortSharing - ok
21:35:59.0996 2024 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:35:59.0997 2024 nfrd960 - ok
21:36:00.0017 2024 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
21:36:00.0020 2024 NlaSvc - ok
21:36:00.0037 2024 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:36:00.0038 2024 Npfs - ok
21:36:00.0051 2024 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:36:00.0052 2024 nsi - ok
21:36:00.0064 2024 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:36:00.0064 2024 nsiproxy - ok
21:36:00.0115 2024 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
21:36:00.0131 2024 Ntfs - ok
21:36:00.0141 2024 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:36:00.0142 2024 Null - ok
21:36:00.0168 2024 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
21:36:00.0170 2024 NVHDA - ok
21:36:00.0394 2024 nvlddmkm (10ad52b18792420e27bd5a0e912b1891) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:36:00.0576 2024 nvlddmkm - ok
21:36:00.0598 2024 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
21:36:00.0600 2024 nvraid - ok
21:36:00.0610 2024 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
21:36:00.0612 2024 nvstor - ok
21:36:00.0628 2024 nvsvc (49873a036b03e7ab0287c5d54d54f1e0) C:\Windows\system32\nvvsvc.exe
21:36:00.0631 2024 nvsvc - ok
21:36:00.0655 2024 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:36:00.0657 2024 nv_agp - ok
21:36:00.0668 2024 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:36:00.0669 2024 ohci1394 - ok
21:36:00.0731 2024 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:36:00.0733 2024 ose - ok
21:36:00.0833 2024 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:36:00.0911 2024 osppsvc - ok
21:36:00.0944 2024 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:36:00.0948 2024 p2pimsvc - ok
21:36:00.0964 2024 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:36:00.0969 2024 p2psvc - ok
21:36:00.0988 2024 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:36:00.0989 2024 Parport - ok
21:36:01.0006 2024 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:36:01.0007 2024 partmgr - ok
21:36:01.0019 2024 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:36:01.0022 2024 PcaSvc - ok
21:36:01.0041 2024 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:36:01.0043 2024 pci - ok
21:36:01.0055 2024 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:36:01.0056 2024 pciide - ok
21:36:01.0073 2024 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:36:01.0076 2024 pcmcia - ok
21:36:01.0095 2024 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:36:01.0096 2024 pcw - ok
21:36:01.0118 2024 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:36:01.0125 2024 PEAUTH - ok
21:36:01.0168 2024 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
21:36:01.0182 2024 PeerDistSvc - ok
21:36:01.0225 2024 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:36:01.0302 2024 PerfHost - ok
21:36:01.0348 2024 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
21:36:01.0362 2024 pla - ok
21:36:01.0406 2024 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
21:36:01.0411 2024 PlugPlay - ok
21:36:01.0517 2024 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:36:01.0519 2024 PNRPAutoReg - ok
21:36:01.0529 2024 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:36:01.0532 2024 PNRPsvc - ok
21:36:01.0559 2024 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
21:36:01.0564 2024 PolicyAgent - ok
21:36:01.0581 2024 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:36:01.0584 2024 Power - ok
21:36:01.0611 2024 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:36:01.0613 2024 PptpMiniport - ok
21:36:01.0628 2024 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:36:01.0629 2024 Processor - ok
21:36:01.0646 2024 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
21:36:01.0649 2024 ProfSvc - ok
21:36:01.0680 2024 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:36:01.0681 2024 ProtectedStorage - ok
21:36:01.0702 2024 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:36:01.0703 2024 Psched - ok
21:36:01.0733 2024 PSEXESVC (a283e768fa12ef33087f07b01f82d6dd) C:\Windows\PSEXESVC.EXE
21:36:01.0736 2024 PSEXESVC - ok
21:36:01.0772 2024 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:36:01.0787 2024 ql2300 - ok
21:36:01.0801 2024 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:36:01.0803 2024 ql40xx - ok
21:36:01.0822 2024 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:36:01.0825 2024 QWAVE - ok
21:36:01.0846 2024 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:36:01.0846 2024 QWAVEdrv - ok
21:36:01.0890 2024 RalinkRegistryWriter (2ee6d9cab03900646d1d3d9077167bd6) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
21:36:01.0894 2024 RalinkRegistryWriter - ok
21:36:01.0907 2024 RalinkRegistryWriter64 (46358c32af09a57a171bc422649be53b) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
21:36:01.0909 2024 RalinkRegistryWriter64 - ok
21:36:01.0926 2024 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:36:01.0927 2024 RasAcd - ok
21:36:01.0944 2024 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:36:01.0945 2024 RasAgileVpn - ok
21:36:01.0962 2024 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:36:01.0964 2024 RasAuto - ok
21:36:01.0985 2024 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:36:01.0986 2024 Rasl2tp - ok
21:36:02.0009 2024 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
21:36:02.0013 2024 RasMan - ok
21:36:02.0031 2024 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:36:02.0032 2024 RasPppoe - ok
21:36:02.0045 2024 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:36:02.0047 2024 RasSstp - ok
21:36:02.0061 2024 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:36:02.0065 2024 rdbss - ok
21:36:02.0079 2024 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:36:02.0080 2024 rdpbus - ok
21:36:02.0090 2024 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:36:02.0090 2024 RDPCDD - ok
21:36:02.0122 2024 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
21:36:02.0124 2024 RDPDR - ok
21:36:02.0142 2024 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:36:02.0142 2024 RDPENCDD - ok
21:36:02.0152 2024 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:36:02.0152 2024 RDPREFMP - ok
21:36:02.0181 2024 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
21:36:02.0184 2024 RDPWD - ok
21:36:02.0204 2024 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:36:02.0206 2024 rdyboost - ok
21:36:02.0223 2024 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:36:02.0224 2024 RemoteAccess - ok
21:36:02.0241 2024 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:36:02.0243 2024 RemoteRegistry - ok
21:36:02.0252 2024 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:36:02.0253 2024 RpcEptMapper - ok
21:36:02.0271 2024 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:36:02.0272 2024 RpcLocator - ok
21:36:02.0297 2024 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:36:02.0300 2024 RpcSs - ok
21:36:02.0317 2024 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:36:02.0318 2024 rspndr - ok
21:36:02.0343 2024 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
21:36:02.0344 2024 s3cap - ok
21:36:02.0371 2024 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:36:02.0372 2024 SamSs - ok
21:36:02.0394 2024 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:36:02.0395 2024 sbp2port - ok
21:36:02.0459 2024 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
21:36:02.0470 2024 SBSDWSCService - ok
21:36:02.0488 2024 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:36:02.0491 2024 SCardSvr - ok
21:36:02.0506 2024 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:36:02.0507 2024 scfilter - ok
21:36:02.0551 2024 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
21:36:02.0562 2024 Schedule - ok
21:36:02.0588 2024 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:36:02.0588 2024 SCPolicySvc - ok
21:36:02.0609 2024 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
21:36:02.0612 2024 SDRSVC - ok
21:36:02.0691 2024 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:36:02.0694 2024 SeaPort - ok
21:36:02.0713 2024 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:36:02.0714 2024 secdrv - ok
21:36:02.0727 2024 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
21:36:02.0728 2024 seclogon - ok
21:36:02.0741 2024 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:36:02.0743 2024 SENS - ok
21:36:02.0757 2024 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:36:02.0759 2024 SensrSvc - ok
21:36:02.0776 2024 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:36:02.0777 2024 Serenum - ok
21:36:02.0799 2024 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:36:02.0800 2024 Serial - ok
21:36:02.0820 2024 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:36:02.0821 2024 sermouse - ok
21:36:02.0843 2024 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
21:36:02.0846 2024 SessionEnv - ok
21:36:02.0866 2024 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:36:02.0867 2024 sffdisk - ok
21:36:02.0877 2024 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:36:02.0878 2024 sffp_mmc - ok
21:36:02.0889 2024 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:36:02.0890 2024 sffp_sd - ok
21:36:02.0903 2024 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:36:02.0904 2024 sfloppy - ok
21:36:02.0970 2024 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
21:36:02.0978 2024 Sftfs - ok
21:36:03.0048 2024 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:36:03.0065 2024 sftlist - ok
21:36:03.0083 2024 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:36:03.0086 2024 Sftplay - ok
21:36:03.0103 2024 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:36:03.0104 2024 Sftredir - ok
21:36:03.0113 2024 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
21:36:03.0113 2024 Sftvol - ok
21:36:03.0128 2024 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:36:03.0132 2024 sftvsa - ok
21:36:03.0164 2024 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:36:03.0168 2024 SharedAccess - ok
21:36:03.0186 2024 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
21:36:03.0191 2024 ShellHWDetection - ok
21:36:03.0204 2024 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:36:03.0205 2024 SiSRaid2 - ok
21:36:03.0220 2024 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:36:03.0221 2024 SiSRaid4 - ok
21:36:03.0249 2024 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:36:03.0251 2024 Smb - ok
21:36:03.0270 2024 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:36:03.0272 2024 SNMPTRAP - ok
21:36:03.0280 2024 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:36:03.0280 2024 spldr - ok
21:36:03.0306 2024 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
21:36:03.0312 2024 Spooler - ok
21:36:03.0375 2024 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
21:36:03.0427 2024 sppsvc - ok
21:36:03.0445 2024 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:36:03.0447 2024 sppuinotify - ok
21:36:03.0479 2024 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:36:03.0483 2024 srv - ok
21:36:03.0499 2024 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:36:03.0504 2024 srv2 - ok
21:36:03.0534 2024 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:36:03.0536 2024 srvnet - ok
21:36:03.0562 2024 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:36:03.0565 2024 SSDPSRV - ok
21:36:03.0578 2024 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:36:03.0580 2024 SstpSvc - ok
21:36:03.0620 2024 ss_bus (d21ff3592daee244ee8376830a672b52) C:\Windows\system32\DRIVERS\ss_bus.sys
21:36:03.0622 2024 ss_bus - ok
21:36:03.0640 2024 ss_mdfl (451db3d10e6112e06b4506d4a7becec1) C:\Windows\system32\DRIVERS\ss_mdfl.sys
21:36:03.0641 2024 ss_mdfl - ok
21:36:03.0659 2024 ss_mdm (ef40c8a268a5263a0ef48fed8e57cbed) C:\Windows\system32\DRIVERS\ss_mdm.sys
21:36:03.0661 2024 ss_mdm - ok
21:36:03.0683 2024 Steam Client Service - ok
21:36:03.0718 2024 Stereo Service (fb8fcf538184a28f674fea9521d7a6bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:36:03.0720 2024 Stereo Service - ok
21:36:03.0741 2024 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:36:03.0742 2024 stexstor - ok
21:36:03.0772 2024 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
21:36:03.0779 2024 stisvc - ok
21:36:03.0799 2024 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
21:36:03.0800 2024 storflt - ok
21:36:03.0813 2024 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
21:36:03.0814 2024 storvsc - ok
21:36:03.0834 2024 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:36:03.0834 2024 swenum - ok
21:36:03.0856 2024 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:36:03.0862 2024 swprv - ok
21:36:03.0898 2024 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
21:36:03.0922 2024 SysMain - ok
21:36:03.0938 2024 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
21:36:03.0940 2024 TabletInputService - ok
21:36:03.0959 2024 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
21:36:03.0963 2024 TapiSrv - ok
21:36:03.0971 2024 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:36:03.0973 2024 TBS - ok
21:36:04.0027 2024 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
21:36:04.0059 2024 Tcpip - ok
21:36:04.0096 2024 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
21:36:04.0105 2024 TCPIP6 - ok
21:36:04.0119 2024 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:36:04.0120 2024 tcpipreg - ok
21:36:04.0138 2024 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:36:04.0138 2024 TDPIPE - ok
21:36:04.0163 2024 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
21:36:04.0164 2024 TDTCP - ok
21:36:04.0185 2024 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:36:04.0186 2024 tdx - ok
21:36:04.0195 2024 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:36:04.0195 2024 TermDD - ok
21:36:04.0219 2024 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
21:36:04.0227 2024 TermService - ok
21:36:04.0257 2024 TFsExDisk (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
21:36:04.0258 2024 TFsExDisk - ok
21:36:04.0273 2024 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:36:04.0275 2024 Themes - ok
21:36:04.0302 2024 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:36:04.0303 2024 THREADORDER - ok
21:36:04.0316 2024 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:36:04.0327 2024 TrkWks - ok
21:36:04.0350 2024 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
21:36:04.0352 2024 TrustedInstaller - ok
21:36:04.0373 2024 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:36:04.0374 2024 tssecsrv - ok
21:36:04.0392 2024 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:36:04.0394 2024 tunnel - ok
21:36:04.0410 2024 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:36:04.0411 2024 uagp35 - ok
21:36:04.0432 2024 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:36:04.0435 2024 udfs - ok
21:36:04.0452 2024 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:36:04.0453 2024 UI0Detect - ok
21:36:04.0475 2024 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:36:04.0476 2024 uliagpkx - ok
21:36:04.0489 2024 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:36:04.0490 2024 umbus - ok
21:36:04.0505 2024 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:36:04.0505 2024 UmPass - ok
21:36:04.0531 2024 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
21:36:04.0534 2024 UmRdpService - ok
21:36:04.0551 2024 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:36:04.0555 2024 upnphost - ok
21:36:04.0593 2024 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:36:04.0594 2024 USBAAPL64 - ok
21:36:04.0640 2024 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
21:36:04.0641 2024 usbaudio - ok
21:36:04.0658 2024 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
21:36:04.0660 2024 usbccgp - ok
21:36:04.0678 2024 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:36:04.0679 2024 usbcir - ok
21:36:04.0687 2024 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
21:36:04.0688 2024 usbehci - ok
21:36:04.0707 2024 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
21:36:04.0710 2024 usbhub - ok
21:36:04.0729 2024 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
21:36:04.0729 2024 usbohci - ok
21:36:04.0742 2024 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:36:04.0743 2024 usbprint - ok
21:36:04.0753 2024 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:36:04.0755 2024 USBSTOR - ok
21:36:04.0772 2024 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:36:04.0773 2024 usbuhci - ok
21:36:04.0791 2024 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:36:04.0793 2024 UxSms - ok
21:36:04.0821 2024 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:36:04.0822 2024 VaultSvc - ok
21:36:04.0831 2024 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:36:04.0831 2024 vdrvroot - ok
21:36:04.0855 2024 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
21:36:04.0861 2024 vds - ok
21:36:04.0883 2024 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:36:04.0884 2024 vga - ok
21:36:04.0904 2024 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:36:04.0904 2024 VgaSave - ok
21:36:04.0926 2024 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:36:04.0929 2024 vhdmp - ok
21:36:04.0946 2024 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:36:04.0947 2024 viaide - ok
21:36:04.0968 2024 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
21:36:04.0971 2024 vmbus - ok
21:36:04.0986 2024 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
21:36:04.0986 2024 VMBusHID - ok
21:36:05.0005 2024 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:36:05.0006 2024 volmgr - ok
21:36:05.0028 2024 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:36:05.0032 2024 volmgrx - ok
21:36:05.0056 2024 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:36:05.0060 2024 volsnap - ok
21:36:05.0077 2024 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:36:05.0079 2024 vsmraid - ok
21:36:05.0113 2024 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
21:36:05.0134 2024 VSS - ok
21:36:05.0176 2024 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:36:05.0177 2024 vwifibus - ok
21:36:05.0196 2024 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:36:05.0197 2024 vwififlt - ok
21:36:05.0214 2024 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:36:05.0215 2024 vwifimp - ok
21:36:05.0230 2024 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:36:05.0235 2024 W32Time - ok
21:36:05.0245 2024 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:36:05.0246 2024 WacomPen - ok
21:36:05.0265 2024 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:36:05.0267 2024 WANARP - ok
21:36:05.0270 2024 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:36:05.0270 2024 Wanarpv6 - ok
21:36:05.0316 2024 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:36:05.0329 2024 WatAdminSvc - ok
21:36:05.0364 2024 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
21:36:05.0380 2024 wbengine - ok
21:36:05.0396 2024 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:36:05.0399 2024 WbioSrvc - ok
21:36:05.0416 2024 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
21:36:05.0421 2024 wcncsvc - ok
21:36:05.0433 2024 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:36:05.0434 2024 WcsPlugInService - ok
21:36:05.0452 2024 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:36:05.0452 2024 Wd - ok
21:36:05.0478 2024 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:36:05.0484 2024 Wdf01000 - ok
21:36:05.0540 2024 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:36:05.0542 2024 WdiServiceHost - ok
21:36:05.0545 2024 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:36:05.0546 2024 WdiSystemHost - ok
21:36:05.0556 2024 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
21:36:05.0560 2024 WebClient - ok
21:36:05.0579 2024 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:36:05.0582 2024 Wecsvc - ok
21:36:05.0595 2024 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:36:05.0597 2024 wercplsupport - ok
21:36:05.0621 2024 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:36:05.0623 2024 WerSvc - ok
21:36:05.0637 2024 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:36:05.0638 2024 WfpLwf - ok
21:36:05.0656 2024 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:36:05.0657 2024 WIMMount - ok
21:36:05.0687 2024 WinDefend - ok
21:36:05.0692 2024 WinHttpAutoProxySvc - ok
21:36:05.0734 2024 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:36:05.0737 2024 Winmgmt - ok
21:36:05.0781 2024 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
21:36:05.0813 2024 WinRM - ok
21:36:05.0850 2024 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:36:05.0851 2024 WinUsb - ok
21:36:05.0875 2024 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:36:05.0884 2024 Wlansvc - ok
21:36:05.0990 2024 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:36:06.0022 2024 wlidsvc - ok
21:36:06.0030 2024 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:36:06.0031 2024 WmiAcpi - ok
21:36:06.0052 2024 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:36:06.0055 2024 wmiApSrv - ok
21:36:06.0057 2024 WMPNetworkSvc - ok
21:36:06.0073 2024 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:36:06.0074 2024 WPCSvc - ok
21:36:06.0090 2024 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
21:36:06.0093 2024 WPDBusEnum - ok
21:36:06.0107 2024 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:36:06.0107 2024 ws2ifsl - ok
21:36:06.0134 2024 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:36:06.0136 2024 wscsvc - ok
21:36:06.0143 2024 WSearch - ok
21:36:06.0204 2024 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
21:36:06.0235 2024 wuauserv - ok
21:36:06.0251 2024 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:36:06.0253 2024 WudfPf - ok
21:36:06.0269 2024 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:36:06.0271 2024 WUDFRd - ok
21:36:06.0291 2024 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
21:36:06.0293 2024 wudfsvc - ok
21:36:06.0312 2024 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:36:06.0383 2024 WwanSvc - ok
21:36:06.0413 2024 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
21:36:06.0437 2024 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
21:36:06.0437 2024 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
21:36:06.0458 2024 Boot (0x1200) (59093ae41137f5ff20bb2afcde8ac202) \Device\Harddisk0\DR0\Partition0
21:36:06.0459 2024 \Device\Harddisk0\DR0\Partition0 - ok
21:36:06.0465 2024 Boot (0x1200) (fcc2c704d8d76ea7fc39c8a8eb50fbd9) \Device\Harddisk0\DR0\Partition1
21:36:06.0466 2024 \Device\Harddisk0\DR0\Partition1 - ok
21:36:06.0466 2024 ============================================================
21:36:06.0466 2024 Scan finished
21:36:06.0466 2024 ============================================================
21:36:06.0475 1608 Detected object count: 1
21:36:06.0475 1608 Actual detected object count: 1
21:36:30.0882 1608 \Device\Harddisk0\DR0\# - copied to quarantine
21:36:30.0883 1608 \Device\Harddisk0\DR0 - copied to quarantine
21:36:30.0921 1608 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
21:36:30.0923 1608 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
21:36:30.0928 1608 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
21:36:30.0938 1608 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
21:36:30.0945 1608 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
21:36:30.0946 1608 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
21:36:30.0948 1608 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
21:36:30.0949 1608 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
21:36:30.0953 1608 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
21:36:30.0955 1608 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
21:36:30.0957 1608 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
21:36:30.0959 1608 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
21:36:30.0960 1608 \Device\Harddisk0\DR0 - ok
21:36:31.0000 1608 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
21:36:42.0735 1796 Deinitialize success





aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-24 21:40:46
-----------------------------
21:40:46.038 OS Version: Windows x64 6.1.7600
21:40:46.038 Number of processors: 4 586 0x503
21:40:46.038 ComputerName: ISAACWINSLETTPC UserName:
21:40:47.270 Initialize success
21:41:11.326 AVAST engine defs: 12032401
21:42:19.155 The log file has been saved successfully to "C:\Users\SexyPCBuildin'Man\Documents\aswMBR.txt"
21:42:49.840 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
21:42:49.840 Disk 0 Vendor: WDC_WD5001AALS-00E3A0 05.01D05 Size: 476940MB BusType: 3
21:42:49.856 Disk 0 MBR read successfully
21:42:49.856 Disk 0 MBR scan
21:42:49.871 Disk 0 Windows 7 default MBR code
21:42:49.887 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:42:49.887 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
21:42:49.918 Disk 0 scanning C:\Windows\system32\drivers
21:42:55.706 Service scanning
21:43:09.824 Modules scanning
21:43:09.839 Disk 0 trace - called modules:
21:43:09.855 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:43:10.401 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800497b060]
21:43:10.416 3 CLASSPNP.SYS[fffff88000fbf43f] -> nt!IofCallDriver -> [0xfffffa8004776520]
21:43:10.416 5 ACPI.sys[fffff88000ef5781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa800477c060]
21:43:11.696 AVAST engine scan C:\Windows
21:43:13.973 AVAST engine scan C:\Windows\system32
21:45:15.170 AVAST engine scan C:\Windows\system32\drivers
21:45:22.065 AVAST engine scan C:\Users\SexyPCBuildin'Man
21:49:35.659 AVAST engine scan C:\ProgramData
21:49:55.206 File: C:\ProgramData\Microsoft\Windows\DRM\C9E.tmp **INFECTED** Win32:Malware-gen
21:49:55.221 File: C:\ProgramData\Microsoft\Windows\DRM\C9F.tmp **INFECTED** Win32:Malware-gen
21:50:07.889 Scan finished successfully
21:50:37.810 Disk 0 MBR has been saved successfully to "C:\Users\SexyPCBuildin'Man\Documents\MBR.dat"
21:50:37.810 The log file has been saved successfully to "C:\Users\SexyPCBuildin'Man\Documents\aswMBR1.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 24 March 2012 - 10:16 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\ProgramData\Microsoft\Windows\DRM

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:57515

FireFox::
FF - ProfilePath - c:\users\SexyPCBuildin'Man\AppData\Roaming\Mozilla\Firefox\Profiles\ulns1du7.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 57515

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Shpongle

Shpongle
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 24 March 2012 - 10:43 PM

Ran fine and my computer is running perfectly. Scan so zero malicious objects. Thank you so much for your help.

ComboFix 12-03-22.01 - SexyPCBuildin'Man 03/24/2012 22:25:34.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2433 [GMT -5:00]
Running from: c:\users\SexyPCBuildin'Man\Downloads\ComboFix.exe
Command switches used :: c:\users\SexyPCBuildin'Man\AppData\Roaming\Microsoft\Windows\Recent\CFScript.lnk
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))
.
.
2012-03-25 03:30 . 2012-03-25 03:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-25 02:36 . 2012-03-25 02:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-19 21:15 . 2012-03-19 21:15 -------- d-----w- c:\users\SexyPCBuildin'Man\AppData\Local\SWTOR
2012-03-19 02:28 . 2012-03-19 02:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-19 02:28 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 02:20 . 2012-03-19 02:20 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 02:20 . 2012-03-19 02:20 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-19 00:10 . 2012-03-19 00:10 397 ----a-w- C:\temp680.bat
2012-03-19 00:10 . 2012-03-19 00:10 1124 ----a-w- C:\temp670.bat
2012-03-18 23:34 . 2012-03-18 23:37 -------- d-----w- c:\users\SexyPCBuildin'Man\AppData\Roaming\Origin
2012-03-17 16:04 . 2012-03-17 16:04 -------- d-----w- c:\users\SexyPCBuildin'Man\AppData\Local\Origin
2012-03-17 16:03 . 2012-03-18 23:52 -------- d-----w- c:\programdata\Origin
2012-03-17 16:03 . 2012-03-17 16:03 -------- d-----w- c:\programdata\Electronic Arts
2012-03-17 16:03 . 2012-03-17 16:03 -------- d-----w- c:\program files (x86)\Origin Games
2012-03-17 16:03 . 2012-03-18 23:37 -------- d-----w- c:\program files (x86)\Origin
2012-03-17 15:17 . 2012-03-17 16:01 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2012-03-17 15:17 . 2012-03-17 15:17 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-03-13 23:23 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 23:23 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 23:23 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 23:23 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-06 22:58 . 2012-03-06 22:58 397 ----a-w- C:\temp944.bat
2012-03-06 22:58 . 2012-03-06 22:58 1124 ----a-w- C:\temp148.bat
2012-03-06 22:37 . 2012-03-19 00:10 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-03-06 22:36 . 2012-03-06 22:36 -------- d-----w- c:\program files (x86)\Tweaking.com
2012-03-05 02:20 . 2012-03-05 02:20 -------- d-----w- c:\users\SexyPCBuildin'Man\AppData\Local\ElevatedDiagnostics
2012-02-25 15:57 . 2012-02-25 15:57 -------- d-----w- c:\users\SexyPCBuildin'Man\AppData\Roaming\AVG2012
2012-02-25 15:42 . 2012-02-25 15:42 -------- d-----w- c:\programdata\Common Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-10 14:06 . 2011-06-02 02:56 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-10 02:15 . 2012-02-10 02:15 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\C9F.tmp
2012-02-10 02:15 . 2012-02-10 02:15 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\C9E.tmp
2011-12-28 03:59 . 2012-02-16 03:19 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2010-12-24 08:17 . 2010-12-24 08:17 76464 ----a-w- c:\program files\fraps64.dat
2010-12-24 08:17 . 2010-12-24 08:17 2354352 ----a-w- c:\program files\fraps.exe
2010-12-24 08:13 . 2010-12-24 08:13 159744 ----a-w- c:\program files\frapslcd.dll
2010-12-02 08:08 . 2010-12-02 08:08 253104 ----a-w- c:\program files\fraps32.dll
2010-12-02 08:08 . 2010-12-02 08:08 197808 ----a-w- c:\program files\fraps64.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-24_19.14.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-27 23:25 . 2012-03-25 03:14 50342 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-25 03:14 24196 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-27 18:24 . 2012-03-25 03:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-27 18:24 . 2012-03-24 05:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-27 18:24 . 2012-03-24 05:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-27 18:24 . 2012-03-25 03:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-25 03:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-24 05:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-27 22:00 . 2012-03-25 02:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-27 22:00 . 2012-03-23 22:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-27 22:00 . 2012-03-25 02:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-27 22:00 . 2012-03-23 22:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-25 03:31 . 2012-03-25 03:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-24 19:13 . 2012-03-24 19:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-25 03:31 . 2012-03-25 03:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-24 19:13 . 2012-03-24 19:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-10 02:18 . 2012-03-25 03:35 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-02-10 02:18 . 2012-03-24 19:14 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-03-25 03:35 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-24 19:14 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-25 03:35 868352 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-24 19:14 868352 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:12 . 2012-03-25 03:29 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-03-23 22:29 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-03-23 22:30 248220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-25 03:30 248220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-03-25 03:35 2097152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-24 19:14 2097152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:34 . 2012-03-23 21:22 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-25 03:22 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
"BitTorrent DNA"="c:\users\SexyPCBuildin'Man\Program Files (x86)\DNA\btdna.exe" [2010-12-27 323392]
"TorrentEasy"="c:\program files (x86)\TorrentEasy\TorrentEasy.exe" [2011-05-20 2557440]
"JagexProperties"="c:\.jagex_cache_32\jagd.jar" [2011-07-01 29816]
"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]
"JaGeXDaemon"="c:\.jagex_cache_32\jagc.jar" [2012-03-25 35298]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-05 95576]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-07-16 273544]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\users\SexyPCBuildin'Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
.jagex_runescape_preferences.jar [2012-3-24 35298]
CurseClientStartup.ccip [2012-2-16 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files (x86)\Ralink\Common\RaUI.exe [2010-12-28 1609728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PSEXESVC;PsExec;c:\windows\PSEXESVC.EXE [2012-03-19 181064]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2009-08-19 212256]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-29 248936]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-28 c:\windows\Tasks\DriverNavigator Scheduled Scan.job
- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2010-12-27 04:37]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1899605893-1123466696-712845297-1000Core.job
- c:\users\SexyPCBuildin'Man\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-27 02:49]
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1899605893-1123466696-712845297-1000UA.job
- c:\users\SexyPCBuildin'Man\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-27 02:49]
.
2012-03-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1899605893-1123466696-712845297-1000.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:57515
IE: Free YouTube Download - c:\users\SexyPCBuildin'Man\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\SexyPCBuildin'Man\AppData\Roaming\Mozilla\Firefox\Profiles\ulns1du7.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 57515
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ASDR.exe
c:\program files (x86)\Ralink\Common\RaRegistry.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\bin\javaw.exe
.
**************************************************************************
.
Completion time: 2012-03-24 22:38:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-25 03:38
ComboFix2.txt 2012-03-24 19:19
.
Pre-Run: 238,341,087,232 bytes free
Post-Run: 238,021,230,592 bytes free
.
- - End Of File - - 71068AE00DEC26F93F5445682011DE86

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 24 March 2012 - 10:50 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Shpongle

Shpongle
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 25 March 2012 - 11:53 AM

µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
Any Video Converter 3.1.8
Apple Application Support
Apple Software Update
ASUS Smart Doctor
Audacity 1.3.14 (Unicode)
Audiosurf
Bing Bar
Bing Bar Platform
Call of Duty 4: Modern Warfare
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Dedicated Server
Call of Duty: Modern Warfare 3 - Multiplayer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cool Timer 3.7
Counter-Strike: Source
Curse Client
D3DX10
Dell Driver Download Manager
DNA
DVDVideoSoftTB Toolbar
Facetheme
Fraps
Free Mouse Auto Clicker 2.8.2
Free YouTube Download version 3.0.13.815
Fritz10
Google Chrome
Java™ 6 Update 26
LAME v3.98.3 for Audacity
Malwarebytes Anti-Malware version 1.60.1.1000
Messenger Companion
Microsoft Default Manager
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Student 2010 - English
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA StereoUSB Driver
Origin
PlayItAll media player 1.0.5
Portal 2
Quake Live Mozilla Plugin
QuickTime
Ralink RT2860 Wireless LAN Card
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Samsung New PC Studio
Security Task Manager 1.8d
Skype Toolbars
Skype™ 5.3
Spotify
Spybot - Search & Destroy
Star Wars: The Old Republic
Steam
Tarrasch Chess GUI V1.00b
Team Fortress 2
The Weather Channel Desktop 6
TorrentEasy
TubeSucker
Tweaking.com - Windows Repair (All in One)
Visual Studio 2008 x64 Redistributables
WebEnhancements
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinZip 15.5
World of Warcraft
Xvid MPEG-4 Video Codec

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 25 March 2012 - 07:43 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Adobe Reader 9.5.0
Bing Bar
Bing Bar Platform
DNA
Java™ 6 Update 26
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 28 March 2012 - 12:01 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 31 March 2012 - 01:11 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:39 PM

Posted 04 April 2012 - 01:11 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users