Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screens, Internet Connectivity Problems and Difficult to Remove Malicious Programs


  • This topic is locked This topic is locked
22 replies to this topic

#1 Gamachii

Gamachii

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 31 March 2012 - 09:07 PM

Hello!

The wonderful Broni had been helping me with some rather frustrating and mind-boggling (at least to me) issues on my laptop, and he recomended I make a post here.

This is the original post: http://www.bleepingcomputer.com/forums/topic448185.html

Originally I was having problems with bluescreens and sluggishness, and some issues connecting to google programs.

After fixing a file with tdsskiller, the sluggishness seems to have gone away or at least lessened greatly, and I seem to be able to connect to the google programs.

However, since starting my work with Broni, I've occasionally been getting new tabs opening in firefox of thier own accord, containing annoying advertisments and whatnot, as well as some issues with internet connectivity.

The internet connectivity issues started after running defogger in preperation to make this post.
Since after restarting my laptop the internet will connect for a minute or two before dropping irrepairably, I'm attributing this to a virus/malware issue. Other machines on my network are connecting fine, and resetting the router doesn't seem to help.

I have a log from gmer, but I could not download dss on another computer (which I am using to post, as well). Is there another link that I could try perhaps?

Thank you in advance for your help.

BC AdBot (Login to Remove)

 


#2 Gamachii

Gamachii
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 31 March 2012 - 09:10 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-31 21:50:00
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1234GSX rev.AH001A
Running: gmer.exe; Driver: C:\Users\L\AppData\Local\Temp\uxtcypow.sys


---- System - GMER 1.0.15 ----

SSDT 8D130336 ZwCreateSection
SSDT 8D13033B ZwSetContextThread
SSDT 8D1302D7 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C858A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82CA52F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14B7 82CAC684 4 Bytes [36, 03, 13, 8D]
.text ntoskrnl.exe!KeRemoveQueueEx + 1857 82CACA24 4 Bytes [3B, 03, 13, 8D]
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 82CACAFC 4 Bytes [D7, 02, 13, 8D]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F82E340, 0x3EE217, 0xE8000020]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 9D0FF000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 9D0FF123 629 Bytes [A5, 0F, 9D, FE, 05, 34, A5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 9D0FF399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 9D0FF3FF 136 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5418 9D0FF488 11 Bytes [89, 15, 3C, A5, 0F, 9D, E9, ...] {MOV [0x9d0fa53c], EDX; JMP 0x240bb}
PAGE ...

---- User code sections - GMER 1.0.15 ----

CODE C:\Windows\system\svchost.exe[824] C:\Windows\system\svchost.exe entry point in "CODE" section [0x00401F64]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2696] ntdll.dll!LdrLoadDll 7759F425 5 Bytes JMP 001213F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9D 0xA6 0xBF 0x98 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0C 0x84 0xF9 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA8 0x63 0xC5 0x1E ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9D 0xA6 0xBF 0x98 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0C 0x84 0xF9 0xE1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA8 0x63 0xC5 0x1E ...

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB64736$\1524540990 0 bytes
File C:\Windows\$NtUninstallKB64736$\1524540990\@ 2048 bytes
File C:\Windows\$NtUninstallKB64736$\1524540990\cfg.ini 298 bytes
File C:\Windows\$NtUninstallKB64736$\1524540990\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB64736$\1524540990\L 0 bytes
File C:\Windows\$NtUninstallKB64736$\1524540990\L\ivlejyvy 74240 bytes
File C:\Windows\$NtUninstallKB64736$\1524540990\U 0 bytes
File C:\Windows\$NtUninstallKB64736$\1524540990\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB64736$\1524540990\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB64736$\1524540990\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB64736$\1524540990\U\80000000.@ 66560 bytes
File C:\Windows\$NtUninstallKB64736$\1524540990\U\80000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB64736$\1524540990\U\80000032.@ 115712 bytes
File C:\Windows\$NtUninstallKB64736$\1524540990\version 860 bytes
File C:\Windows\$NtUninstallKB64736$\2297449070 0 bytes

---- EOF - GMER 1.0.15 ----

#3 Gamachii

Gamachii
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 01 April 2012 - 07:13 PM

I was able to get DSS working. Here is the log:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by L at 19:46:04 on 2012-04-01
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1022.470 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\L\Downloads\SystemLook.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\l\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B2696036-D14A-447A-B0C5-8CC8D491F50B} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{E6139493-C190-486B-9328-10BC64613854} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{E6139493-C190-486B-9328-10BC64613854}\0527F647F6 : DhcpNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{E6139493-C190-486B-9328-10BC64613854}\05F4F4C425F41444 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E6139493-C190-486B-9328-10BC64613854}\34F6E636F627460234F616368602131313430225967686470235964656 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E6139493-C190-486B-9328-10BC64613854}\3516C647023416375637D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
TCP: Interfaces\{E6139493-C190-486B-9328-10BC64613854}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{E6139493-C190-486B-9328-10BC64613854}\E4544574541425 : DhcpNameServer = 192.168.1.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\l\appdata\roaming\mozilla\firefox\profiles\tmnavswn.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_31.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\l\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: MidnightFox: {66871bd1-5ba2-4739-b485-2a15f5969bd8} - %profile%\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-2 66616]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-3-10 25112]
.
=============== Created Last 30 ================
.
2012-03-31 20:24:07 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 20:24:04 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 20:10:40 57344 ----a-w- c:\windows\system32\FastUv32.dll
2012-03-29 19:35:25 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-28 22:14:15 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-28 22:13:22 -------- d-----w- c:\users\l\appdata\roaming\Wyiwg
2012-03-28 22:13:22 -------- d-----w- c:\users\l\appdata\roaming\Qeur
2012-03-28 22:13:22 -------- d-----w- c:\users\l\appdata\roaming\Dawead
2012-03-28 02:46:24 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{13571045-5c72-487f-bf0b-ade042387b3b}\mpengine.dll
2012-03-24 21:34:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-22 20:39:25 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-03-22 05:03:44 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-22 04:43:37 98816 ----a-w- c:\windows\sed.exe
2012-03-22 04:43:37 518144 ----a-w- c:\windows\SWREG.exe
2012-03-22 04:43:37 256000 ----a-w- c:\windows\PEV.exe
2012-03-22 04:43:37 208896 ----a-w- c:\windows\MBR.exe
.
==================== Find3M ====================
.
2012-03-31 16:06:58 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-03-31 00:26:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-29 20:24:17 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 09:03:07 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-03 05:44:24 478208 ----a-w- c:\windows\system32\timedate.cpl
.
============= FINISH: 19:51:01.97 ===============

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:04 AM

Posted 06 April 2012 - 01:04 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Gamachii

Gamachii
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 06 April 2012 - 04:10 PM

Hello Gringo!

Thank you for helping me with this problem.

Combofix detected that Antivir guard was still running, even after I disabled it.
I went ahead and ran the program anyhow, and it seemed to be alright.

Here is the log.

ComboFix 12-04-06.03 - L 04/06/2012 16:15:43.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1022.458 [GMT -4:00]
Running from: E:\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\HtEWNpDlAVa27i
c:\users\L\AppData\Roaming\Dawead
c:\users\L\AppData\Roaming\Dawead\epge.het
c:\windows\$NtUninstallKB64736$
c:\windows\$NtUninstallKB64736$\1524540990\@
c:\windows\$NtUninstallKB64736$\1524540990\cfg.ini
c:\windows\$NtUninstallKB64736$\1524540990\Desktop.ini
c:\windows\$NtUninstallKB64736$\1524540990\L\ivlejyvy
c:\windows\$NtUninstallKB64736$\1524540990\U\00000001.@
c:\windows\$NtUninstallKB64736$\1524540990\U\00000002.@
c:\windows\$NtUninstallKB64736$\1524540990\U\00000004.@
c:\windows\$NtUninstallKB64736$\1524540990\U\80000000.@
c:\windows\$NtUninstallKB64736$\1524540990\U\80000004.@
c:\windows\$NtUninstallKB64736$\1524540990\U\80000032.@
c:\windows\$NtUninstallKB64736$\1524540990\version
c:\windows\$NtUninstallKB64736$\2297449070
c:\windows\system32\dds_trash_log.cmd
.
c:\windows\system32\drivers\tdx.sys was missing
Restored copy from - c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Ias
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 20:31 . 2012-04-06 20:35 -------- d-----w- c:\users\L\AppData\Local\temp
2012-04-06 20:31 . 2012-04-06 20:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-06 20:31 . 2012-04-06 20:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 20:31 . 2010-11-20 08:39 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-03-31 20:24 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 20:24 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 20:10 . 2012-03-31 20:10 57344 ----a-w- c:\windows\system32\FastUv32.dll
2012-03-31 00:30 . 2012-03-31 00:30 -------- d-----w- c:\program files\Common Files\Java
2012-03-31 00:25 . 2012-03-31 00:25 -------- d-----w- c:\program files\Java
2012-03-29 19:35 . 2012-03-29 20:24 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-28 22:13 . 2012-03-29 23:50 -------- d-----w- c:\users\L\AppData\Roaming\Wyiwg
2012-03-28 22:13 . 2012-03-29 19:43 -------- d-----w- c:\users\L\AppData\Roaming\Qeur
2012-03-28 22:13 . 2012-03-28 22:13 240648 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\syqi.exe
2012-03-28 02:46 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13571045-5C72-487F-BF0B-ADE042387B3B}\mpengine.dll
2012-03-24 21:34 . 2012-03-24 21:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-22 20:39 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 16:06 . 2009-07-13 23:11 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-03-31 00:26 . 2010-08-03 18:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-29 20:24 . 2012-01-11 16:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 13:18 . 2010-07-28 11:00 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 06:59 . 2012-02-16 06:59 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-16 06:59 . 2012-02-16 06:59 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-16 06:59 . 2012-02-16 06:59 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-16 06:59 . 2012-02-16 06:59 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-16 06:59 . 2012-02-16 06:59 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-16 06:59 . 2012-02-16 06:59 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-16 06:59 . 2012-02-16 06:59 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-16 06:59 . 2012-02-16 06:59 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-16 06:59 . 2012-02-16 06:59 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-16 06:59 . 2012-02-16 06:59 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-16 06:59 . 2012-02-16 06:59 367104 ----a-w- c:\windows\system32\html.iec
2012-02-16 06:59 . 2012-02-16 06:59 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-16 06:59 . 2012-02-16 06:59 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-16 06:59 . 2012-02-16 06:59 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-16 06:59 . 2012-02-16 06:59 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-16 06:59 . 2012-02-16 06:59 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-16 06:59 . 2012-02-16 06:59 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-16 06:59 . 2012-02-16 06:59 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-16 06:59 . 2012-02-16 06:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-16 06:59 . 2012-02-16 06:59 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-16 06:59 . 2012-02-16 06:59 101888 ----a-w- c:\windows\system32\admparse.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\L\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\L\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\L\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\L\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
syqi.exe [2012-3-28 240648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^L^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-15 18:27 136176 ----atw- c:\users\L\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01 2634048 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 NecUsb3;USB3 Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
R3 Bicpaif;Bicpaif; [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 BlackBox;BlackBox SR2; [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 25112]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-30 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-03 691696]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-08 136360]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsb3Sevic REG_MULTI_SZ NecUsb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
evteng
tosrfec
alertservice
iap
soma
spbbcdrv
odysseyIM4
mfebopk
hpconfig
se44mdfl
IFPUSB
nnsvc
btaudio
NPDriver
lvhidsvc
bdselfpr
HBtnKey
Slntamr
KMW_SYS
nsm1mdm
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:24]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-920647692-2520404014-687441470-1000Core.job
- c:\users\L\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-15 18:27]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-920647692-2520404014-687441470-1000UA.job
- c:\users\L\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-15 18:27]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\L\AppData\Roaming\Mozilla\Firefox\Profiles\tmnavswn.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: MidnightFox: {66871bd1-5ba2-4739-b485-2a15f5969bd8} - %profile%\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-42016442.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3352)
c:\users\L\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-04-06 16:43:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-06 20:43
ComboFix2.txt 2012-03-22 05:05
ComboFix3.txt 2011-08-10 15:00
.
Pre-Run: 7,670,185,984 bytes free
Post-Run: 7,955,808,256 bytes free
.
- - End Of File - - 3CF904A13DFFF3BEBD5ACD71053F9ED6


After running Combofix, my laptop seems to be able to connect to my wireless network, which it was not doing before, however it doesn't seem to be fixed completely yet.

When clicking on Firefox or Chrome, I get the error message: C:\Users\L\AppData\Local\Google\Chrome\Application\Chrome.exe
Illegal opperation attempted on a registry key that has been marked for deletion.

Perhaps reinstalling the browser will fix this?


Since the internet is still not working completely yet I have no updates on the rogue tabs or any google programs.

The laptop did not bluescreen while running combofix, or anytime while writting this, which appears to be an improvement.

Thanks Again
Elise

Ah, missed Note #2. Doing that now, sorry.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:04 AM

Posted 06 April 2012 - 05:43 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Gamachii

Gamachii
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 06 April 2012 - 08:34 PM

The internet seems to be working just fine now.

Here's the TDSS Report, working on the aswMBR.

21:28:56.0748 0772 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
21:28:57.0106 0772 ============================================================
21:28:57.0106 0772 Current date / time: 2012/04/06 21:28:57.0106
21:28:57.0106 0772 SystemInfo:
21:28:57.0106 0772
21:28:57.0106 0772 OS Version: 6.1.7600 ServicePack: 0.0
21:28:57.0106 0772 Product type: Workstation
21:28:57.0106 0772 ComputerName: AETHERIUS
21:28:57.0106 0772 UserName: L
21:28:57.0106 0772 Windows directory: C:\Windows
21:28:57.0106 0772 System windows directory: C:\Windows
21:28:57.0106 0772 Processor architecture: Intel x86
21:28:57.0106 0772 Number of processors: 2
21:28:57.0106 0772 Page size: 0x1000
21:28:57.0106 0772 Boot type: Normal boot
21:28:57.0106 0772 ============================================================
21:28:58.0573 0772 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:28:58.0588 0772 \Device\Harddisk0\DR0:
21:28:58.0588 0772 MBR used
21:28:58.0588 0772 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xDCA5800
21:28:58.0620 0772 Initialize success
21:28:58.0620 0772 ============================================================
21:29:15.0047 2172 ============================================================
21:29:15.0047 2172 Scan started
21:29:15.0047 2172 Mode: Manual;
21:29:15.0047 2172 ============================================================
21:29:15.0827 2172 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
21:29:15.0827 2172 1394ohci - ok
21:29:15.0873 2172 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
21:29:15.0873 2172 ACPI - ok
21:29:15.0905 2172 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
21:29:15.0936 2172 AcpiPmi - ok
21:29:16.0076 2172 Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
21:29:16.0076 2172 Adobe LM Service - ok
21:29:16.0295 2172 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:29:16.0295 2172 AdobeFlashPlayerUpdateSvc - ok
21:29:16.0388 2172 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:29:16.0435 2172 adp94xx - ok
21:29:16.0482 2172 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:29:16.0513 2172 adpahci - ok
21:29:16.0653 2172 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:29:16.0700 2172 adpu320 - ok
21:29:16.0763 2172 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:29:16.0763 2172 AeLookupSvc - ok
21:29:16.0856 2172 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
21:29:16.0872 2172 AFD - ok
21:29:16.0934 2172 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
21:29:16.0934 2172 agp440 - ok
21:29:17.0137 2172 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:29:17.0137 2172 aic78xx - ok
21:29:17.0231 2172 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:29:17.0231 2172 ALG - ok
21:29:17.0277 2172 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
21:29:17.0324 2172 aliide - ok
21:29:17.0402 2172 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
21:29:17.0433 2172 amdagp - ok
21:29:17.0574 2172 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
21:29:17.0605 2172 amdide - ok
21:29:17.0636 2172 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:29:17.0636 2172 AmdK8 - ok
21:29:17.0667 2172 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:29:17.0667 2172 AmdPPM - ok
21:29:17.0745 2172 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
21:29:17.0745 2172 amdsata - ok
21:29:17.0823 2172 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:29:17.0823 2172 amdsbs - ok
21:29:18.0011 2172 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
21:29:18.0011 2172 amdxata - ok
21:29:18.0167 2172 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:29:18.0167 2172 AntiVirSchedulerService - ok
21:29:18.0229 2172 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:29:18.0229 2172 AntiVirService - ok
21:29:18.0416 2172 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
21:29:18.0416 2172 AppID - ok
21:29:18.0510 2172 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:29:18.0510 2172 AppIDSvc - ok
21:29:18.0603 2172 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
21:29:18.0603 2172 Appinfo - ok
21:29:18.0697 2172 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
21:29:18.0697 2172 AppMgmt - ok
21:29:18.0869 2172 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:29:18.0869 2172 arc - ok
21:29:18.0931 2172 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:29:18.0931 2172 arcsas - ok
21:29:18.0978 2172 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:29:18.0978 2172 AsyncMac - ok
21:29:18.0993 2172 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
21:29:18.0993 2172 atapi - ok
21:29:19.0087 2172 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
21:29:19.0103 2172 AudioEndpointBuilder - ok
21:29:19.0103 2172 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
21:29:19.0118 2172 Audiosrv - ok
21:29:19.0259 2172 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
21:29:19.0259 2172 avgntflt - ok
21:29:19.0352 2172 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
21:29:19.0368 2172 avipbb - ok
21:29:19.0415 2172 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
21:29:19.0415 2172 AxInstSV - ok
21:29:19.0508 2172 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:29:19.0508 2172 b06bdrv - ok
21:29:19.0664 2172 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:29:19.0664 2172 b57nd60x - ok
21:29:19.0773 2172 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:29:19.0773 2172 BDESVC - ok
21:29:19.0805 2172 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:29:19.0805 2172 Beep - ok
21:29:20.0007 2172 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
21:29:20.0023 2172 BFE - ok
21:29:20.0226 2172 BITCOMET_HELPER_SERVICE - ok
21:29:20.0366 2172 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
21:29:20.0382 2172 BITS - ok
21:29:20.0507 2172 BlackBox - ok
21:29:20.0585 2172 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:29:20.0600 2172 blbdrive - ok
21:29:20.0756 2172 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files\Bonjour\mDNSResponder.exe
21:29:20.0756 2172 Bonjour Service - ok
21:29:20.0865 2172 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
21:29:20.0865 2172 bowser - ok
21:29:21.0068 2172 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:29:21.0099 2172 BrFiltLo - ok
21:29:21.0146 2172 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:29:21.0193 2172 BrFiltUp - ok
21:29:21.0396 2172 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
21:29:21.0411 2172 BridgeMP - ok
21:29:21.0723 2172 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
21:29:21.0723 2172 Browser - ok
21:29:21.0833 2172 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:29:21.0895 2172 Brserid - ok
21:29:21.0957 2172 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:29:21.0957 2172 BrSerWdm - ok
21:29:21.0989 2172 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:29:22.0020 2172 BrUsbMdm - ok
21:29:22.0129 2172 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:29:22.0160 2172 BrUsbSer - ok
21:29:22.0254 2172 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:29:22.0316 2172 BTHMODEM - ok
21:29:22.0535 2172 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:29:22.0550 2172 bthserv - ok
21:29:22.0737 2172 catchme - ok
21:29:22.0971 2172 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:29:22.0971 2172 cdfs - ok
21:29:23.0081 2172 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
21:29:23.0081 2172 cdrom - ok
21:29:23.0205 2172 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
21:29:23.0205 2172 CertPropSvc - ok
21:29:23.0361 2172 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:29:23.0361 2172 circlass - ok
21:29:23.0408 2172 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:29:23.0408 2172 CLFS - ok
21:29:23.0564 2172 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:29:23.0595 2172 clr_optimization_v2.0.50727_32 - ok
21:29:23.0751 2172 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:29:23.0751 2172 clr_optimization_v4.0.30319_32 - ok
21:29:23.0907 2172 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:29:23.0907 2172 CmBatt - ok
21:29:23.0939 2172 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
21:29:23.0954 2172 cmdide - ok
21:29:24.0032 2172 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
21:29:24.0048 2172 CNG - ok
21:29:24.0141 2172 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
21:29:24.0188 2172 CnxtHdAudService - ok
21:29:24.0375 2172 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:29:24.0375 2172 Compbatt - ok
21:29:24.0422 2172 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:29:24.0422 2172 CompositeBus - ok
21:29:24.0438 2172 COMSysApp - ok
21:29:24.0469 2172 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:29:24.0500 2172 crcdisk - ok
21:29:24.0609 2172 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
21:29:24.0609 2172 CryptSvc - ok
21:29:24.0765 2172 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
21:29:24.0765 2172 CSC - ok
21:29:24.0859 2172 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
21:29:24.0875 2172 CscService - ok
21:29:25.0031 2172 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
21:29:25.0062 2172 DcomLaunch - ok
21:29:25.0265 2172 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:29:25.0265 2172 defragsvc - ok
21:29:25.0405 2172 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
21:29:25.0405 2172 DfsC - ok
21:29:25.0452 2172 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
21:29:25.0452 2172 Dhcp - ok
21:29:25.0608 2172 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:29:25.0608 2172 discache - ok
21:29:25.0764 2172 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:29:25.0764 2172 Disk - ok
21:29:25.0826 2172 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
21:29:25.0826 2172 Dnscache - ok
21:29:25.0904 2172 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
21:29:25.0920 2172 dot3svc - ok
21:29:26.0045 2172 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
21:29:26.0045 2172 DPS - ok
21:29:26.0169 2172 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:29:26.0169 2172 drmkaud - ok
21:29:26.0263 2172 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
21:29:26.0279 2172 DXGKrnl - ok
21:29:26.0310 2172 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
21:29:26.0310 2172 E100B - ok
21:29:26.0481 2172 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:29:26.0481 2172 EapHost - ok
21:29:26.0840 2172 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:29:26.0903 2172 ebdrv - ok
21:29:27.0090 2172 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
21:29:27.0090 2172 EFS - ok
21:29:27.0215 2172 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
21:29:27.0277 2172 ehRecvr - ok
21:29:27.0324 2172 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:29:27.0339 2172 ehSched - ok
21:29:27.0573 2172 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:29:27.0636 2172 elxstor - ok
21:29:27.0667 2172 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
21:29:27.0683 2172 ErrDev - ok
21:29:27.0792 2172 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:29:27.0807 2172 EventSystem - ok
21:29:28.0010 2172 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:29:28.0010 2172 exfat - ok
21:29:28.0041 2172 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:29:28.0057 2172 fastfat - ok
21:29:28.0151 2172 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
21:29:28.0151 2172 Fax - ok
21:29:28.0182 2172 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:29:28.0182 2172 fdc - ok
21:29:28.0197 2172 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:29:28.0197 2172 fdPHost - ok
21:29:28.0229 2172 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:29:28.0229 2172 FDResPub - ok
21:29:28.0416 2172 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:29:28.0431 2172 FileInfo - ok
21:29:28.0447 2172 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:29:28.0447 2172 Filetrace - ok
21:29:28.0665 2172 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:29:28.0712 2172 FLEXnet Licensing Service - ok
21:29:28.0899 2172 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:29:28.0946 2172 flpydisk - ok
21:29:28.0993 2172 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:29:29.0009 2172 FltMgr - ok
21:29:29.0102 2172 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
21:29:29.0118 2172 FontCache - ok
21:29:29.0445 2172 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:29:29.0477 2172 FontCache3.0.0.0 - ok
21:29:29.0617 2172 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:29:29.0617 2172 FsDepends - ok
21:29:29.0695 2172 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:29:29.0695 2172 Fs_Rec - ok
21:29:29.0804 2172 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
21:29:29.0804 2172 fvevol - ok
21:29:29.0913 2172 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:29:29.0913 2172 gagp30kx - ok
21:29:30.0007 2172 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
21:29:30.0007 2172 gpsvc - ok
21:29:30.0116 2172 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:29:30.0116 2172 hcw85cir - ok
21:29:30.0241 2172 HdAudAddService (de4020f928a2f8a6327f5687f36d361b) C:\Windows\system32\drivers\CHDART.sys
21:29:30.0288 2172 HdAudAddService - ok
21:29:30.0381 2172 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:29:30.0381 2172 HDAudBus - ok
21:29:30.0413 2172 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:29:30.0413 2172 HidBatt - ok
21:29:30.0459 2172 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:29:30.0459 2172 HidBth - ok
21:29:30.0615 2172 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:29:30.0631 2172 HidIr - ok
21:29:30.0740 2172 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
21:29:30.0740 2172 hidserv - ok
21:29:30.0881 2172 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
21:29:30.0881 2172 HidUsb - ok
21:29:31.0161 2172 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
21:29:31.0161 2172 hkmsvc - ok
21:29:31.0271 2172 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
21:29:31.0271 2172 HomeGroupListener - ok
21:29:31.0349 2172 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
21:29:31.0364 2172 HomeGroupProvider - ok
21:29:31.0583 2172 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:29:31.0629 2172 HpSAMD - ok
21:29:31.0770 2172 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
21:29:31.0785 2172 HTTP - ok
21:29:31.0832 2172 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
21:29:31.0832 2172 hwpolicy - ok
21:29:32.0035 2172 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
21:29:32.0035 2172 i8042prt - ok
21:29:32.0175 2172 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
21:29:32.0175 2172 iaStorV - ok
21:29:32.0487 2172 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:29:32.0675 2172 idsvc - ok
21:29:32.0893 2172 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:29:32.0893 2172 iirsp - ok
21:29:33.0189 2172 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
21:29:33.0189 2172 IKEEXT - ok
21:29:33.0423 2172 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
21:29:33.0423 2172 intelide - ok
21:29:33.0486 2172 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:29:33.0486 2172 intelppm - ok
21:29:33.0548 2172 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:29:33.0564 2172 IPBusEnum - ok
21:29:33.0579 2172 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:29:33.0595 2172 IpFilterDriver - ok
21:29:33.0938 2172 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
21:29:33.0954 2172 iphlpsvc - ok
21:29:34.0032 2172 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:29:34.0079 2172 IPMIDRV - ok
21:29:34.0172 2172 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:29:34.0219 2172 IPNAT - ok
21:29:34.0313 2172 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:29:34.0313 2172 IRENUM - ok
21:29:34.0422 2172 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
21:29:34.0422 2172 isapnp - ok
21:29:34.0469 2172 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
21:29:34.0469 2172 iScsiPrt - ok
21:29:34.0547 2172 ivusb (37412294ea4b70ed8b4a9338ebaeecaa) C:\Windows\system32\DRIVERS\ivusb.sys
21:29:34.0547 2172 ivusb - ok
21:29:34.0640 2172 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:29:34.0640 2172 kbdclass - ok
21:29:34.0765 2172 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
21:29:34.0781 2172 kbdhid - ok
21:29:35.0108 2172 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:29:35.0108 2172 KeyIso - ok
21:29:35.0171 2172 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
21:29:35.0171 2172 KSecDD - ok
21:29:35.0264 2172 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
21:29:35.0264 2172 KSecPkg - ok
21:29:35.0420 2172 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:29:35.0420 2172 KtmRm - ok
21:29:35.0483 2172 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
21:29:35.0498 2172 LanmanServer - ok
21:29:35.0561 2172 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
21:29:35.0561 2172 LanmanWorkstation - ok
21:29:35.0701 2172 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:29:35.0701 2172 lltdio - ok
21:29:35.0857 2172 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:29:35.0873 2172 lltdsvc - ok
21:29:35.0919 2172 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:29:35.0935 2172 lmhosts - ok
21:29:35.0966 2172 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:29:35.0982 2172 LSI_FC - ok
21:29:36.0013 2172 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:29:36.0013 2172 LSI_SAS - ok
21:29:36.0138 2172 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:29:36.0138 2172 LSI_SAS2 - ok
21:29:36.0231 2172 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:29:36.0231 2172 LSI_SCSI - ok
21:29:36.0263 2172 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:29:36.0278 2172 luafv - ok
21:29:36.0341 2172 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
21:29:36.0341 2172 Mcx2Svc - ok
21:29:36.0372 2172 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:29:36.0372 2172 megasas - ok
21:29:36.0419 2172 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:29:36.0419 2172 MegaSR - ok
21:29:36.0528 2172 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:29:36.0543 2172 MMCSS - ok
21:29:36.0653 2172 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:29:36.0653 2172 Modem - ok
21:29:36.0715 2172 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:29:36.0715 2172 monitor - ok
21:29:36.0777 2172 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:29:36.0793 2172 mouclass - ok
21:29:36.0824 2172 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:29:36.0824 2172 mouhid - ok
21:29:36.0902 2172 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
21:29:36.0902 2172 mountmgr - ok
21:29:36.0980 2172 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
21:29:36.0980 2172 mpio - ok
21:29:37.0105 2172 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:29:37.0105 2172 mpsdrv - ok
21:29:37.0277 2172 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
21:29:37.0292 2172 MpsSvc - ok
21:29:37.0479 2172 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
21:29:37.0479 2172 MRxDAV - ok
21:29:37.0557 2172 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:29:37.0557 2172 mrxsmb - ok
21:29:37.0635 2172 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:29:37.0635 2172 mrxsmb10 - ok
21:29:37.0698 2172 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:29:37.0698 2172 mrxsmb20 - ok
21:29:37.0713 2172 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
21:29:37.0713 2172 msahci - ok
21:29:37.0729 2172 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
21:29:37.0729 2172 msdsm - ok
21:29:37.0807 2172 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:29:37.0807 2172 MSDTC - ok
21:29:37.0994 2172 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:29:37.0994 2172 Msfs - ok
21:29:38.0010 2172 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:29:38.0010 2172 mshidkmdf - ok
21:29:38.0041 2172 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
21:29:38.0041 2172 msisadrv - ok
21:29:38.0119 2172 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:29:38.0119 2172 MSiSCSI - ok
21:29:38.0166 2172 msiserver - ok
21:29:38.0197 2172 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:29:38.0197 2172 MSKSSRV - ok
21:29:38.0400 2172 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:29:38.0400 2172 MSPCLOCK - ok
21:29:38.0415 2172 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:29:38.0415 2172 MSPQM - ok
21:29:38.0447 2172 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:29:38.0462 2172 MsRPC - ok
21:29:38.0493 2172 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
21:29:38.0493 2172 mssmbios - ok
21:29:38.0525 2172 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:29:38.0525 2172 MSTEE - ok
21:29:38.0540 2172 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:29:38.0571 2172 MTConfig - ok
21:29:38.0634 2172 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:29:38.0634 2172 Mup - ok
21:29:38.0743 2172 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
21:29:38.0743 2172 napagent - ok
21:29:38.0977 2172 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:29:38.0977 2172 NativeWifiP - ok
21:29:39.0071 2172 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
21:29:39.0086 2172 NDIS - ok
21:29:39.0133 2172 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:29:39.0133 2172 NdisCap - ok
21:29:39.0211 2172 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:29:39.0211 2172 NdisTapi - ok
21:29:39.0367 2172 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
21:29:39.0367 2172 Ndisuio - ok
21:29:39.0445 2172 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
21:29:39.0445 2172 NdisWan - ok
21:29:39.0461 2172 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
21:29:39.0461 2172 NDProxy - ok
21:29:39.0523 2172 NecUsb3 - ok
21:29:39.0601 2172 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:29:39.0601 2172 NetBIOS - ok
21:29:39.0632 2172 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
21:29:39.0632 2172 NetBT - ok
21:29:39.0773 2172 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:29:39.0773 2172 Netlogon - ok
21:29:39.0851 2172 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:29:39.0851 2172 Netman - ok
21:29:39.0929 2172 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:29:39.0944 2172 netprofm - ok
21:29:40.0116 2172 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:29:40.0147 2172 NetTcpPortSharing - ok
21:29:40.0490 2172 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
21:29:40.0709 2172 netw5v32 - ok
21:29:40.0911 2172 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:29:40.0911 2172 nfrd960 - ok
21:29:40.0974 2172 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
21:29:40.0989 2172 NlaSvc - ok
21:29:41.0036 2172 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:29:41.0036 2172 Npfs - ok
21:29:41.0099 2172 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:29:41.0114 2172 nsi - ok
21:29:41.0130 2172 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:29:41.0130 2172 nsiproxy - ok
21:29:41.0255 2172 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
21:29:41.0270 2172 Ntfs - ok
21:29:41.0457 2172 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:29:41.0457 2172 Null - ok
21:29:41.0801 2172 nvlddmkm (05b288b25c2ebd9a4e9e5114ae790876) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:29:42.0066 2172 nvlddmkm - ok
21:29:42.0284 2172 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
21:29:42.0284 2172 nvraid - ok
21:29:42.0315 2172 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
21:29:42.0315 2172 nvstor - ok
21:29:42.0378 2172 nvsvc (e937a615d4289e83e234c3ec26092431) C:\Windows\system32\nvvsvc.exe
21:29:42.0378 2172 nvsvc - ok
21:29:42.0456 2172 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
21:29:42.0456 2172 nv_agp - ok
21:29:42.0487 2172 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
21:29:42.0487 2172 ohci1394 - ok
21:29:42.0565 2172 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:29:42.0581 2172 p2pimsvc - ok
21:29:42.0768 2172 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:29:42.0783 2172 p2psvc - ok
21:29:42.0815 2172 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:29:42.0815 2172 Parport - ok
21:29:42.0893 2172 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
21:29:42.0893 2172 partmgr - ok
21:29:42.0924 2172 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:29:42.0924 2172 Parvdm - ok
21:29:42.0955 2172 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:29:42.0971 2172 PcaSvc - ok
21:29:43.0002 2172 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
21:29:43.0002 2172 pci - ok
21:29:43.0158 2172 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
21:29:43.0158 2172 pciide - ok
21:29:43.0189 2172 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:29:43.0205 2172 pcmcia - ok
21:29:43.0267 2172 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:29:43.0267 2172 pcw - ok
21:29:43.0314 2172 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:29:43.0329 2172 PEAUTH - ok
21:29:43.0439 2172 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
21:29:43.0470 2172 PeerDistSvc - ok
21:29:43.0704 2172 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
21:29:43.0735 2172 pla - ok
21:29:43.0813 2172 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
21:29:43.0829 2172 PlugPlay - ok
21:29:43.0938 2172 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:29:43.0953 2172 PNRPAutoReg - ok
21:29:44.0047 2172 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:29:44.0047 2172 PNRPsvc - ok
21:29:44.0125 2172 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
21:29:44.0141 2172 PolicyAgent - ok
21:29:44.0203 2172 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
21:29:44.0219 2172 Power - ok
21:29:44.0328 2172 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:29:44.0328 2172 PptpMiniport - ok
21:29:44.0484 2172 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:29:44.0484 2172 Processor - ok
21:29:44.0562 2172 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
21:29:44.0562 2172 ProfSvc - ok
21:29:44.0624 2172 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:29:44.0624 2172 ProtectedStorage - ok
21:29:44.0655 2172 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:29:44.0655 2172 Psched - ok
21:29:44.0827 2172 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:29:44.0858 2172 ql2300 - ok
21:29:44.0999 2172 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:29:45.0014 2172 ql40xx - ok
21:29:45.0077 2172 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:29:45.0077 2172 QWAVE - ok
21:29:45.0170 2172 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:29:45.0170 2172 QWAVEdrv - ok
21:29:45.0186 2172 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:29:45.0186 2172 RasAcd - ok
21:29:45.0264 2172 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:29:45.0264 2172 RasAgileVpn - ok
21:29:45.0279 2172 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:29:45.0279 2172 RasAuto - ok
21:29:45.0311 2172 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:29:45.0311 2172 Rasl2tp - ok
21:29:45.0513 2172 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
21:29:45.0513 2172 RasMan - ok
21:29:45.0607 2172 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:29:45.0607 2172 RasPppoe - ok
21:29:45.0685 2172 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:29:45.0701 2172 RasSstp - ok
21:29:45.0763 2172 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
21:29:45.0779 2172 rdbss - ok
21:29:45.0794 2172 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:29:45.0794 2172 rdpbus - ok
21:29:45.0935 2172 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:29:45.0935 2172 RDPCDD - ok
21:29:46.0013 2172 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
21:29:46.0013 2172 RDPDR - ok
21:29:46.0059 2172 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:29:46.0059 2172 RDPENCDD - ok
21:29:46.0137 2172 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:29:46.0137 2172 RDPREFMP - ok
21:29:46.0200 2172 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
21:29:46.0215 2172 RDPWD - ok
21:29:46.0434 2172 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
21:29:46.0434 2172 rdyboost - ok
21:29:46.0496 2172 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:29:46.0512 2172 RemoteAccess - ok
21:29:46.0574 2172 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:29:46.0574 2172 RemoteRegistry - ok
21:29:46.0590 2172 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:29:46.0590 2172 RpcEptMapper - ok
21:29:46.0652 2172 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:29:46.0668 2172 RpcLocator - ok
21:29:46.0699 2172 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
21:29:46.0715 2172 RpcSs - ok
21:29:46.0902 2172 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:29:46.0902 2172 rspndr - ok
21:29:46.0949 2172 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
21:29:46.0949 2172 s3cap - ok
21:29:47.0027 2172 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:29:47.0027 2172 SamSs - ok
21:29:47.0073 2172 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
21:29:47.0120 2172 sbp2port - ok
21:29:47.0183 2172 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:29:47.0198 2172 SCardSvr - ok
21:29:47.0401 2172 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
21:29:47.0401 2172 scfilter - ok
21:29:47.0495 2172 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
21:29:47.0510 2172 Schedule - ok
21:29:47.0573 2172 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
21:29:47.0573 2172 SCPolicySvc - ok
21:29:47.0635 2172 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
21:29:47.0635 2172 sdbus - ok
21:29:47.0838 2172 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
21:29:47.0853 2172 SDRSVC - ok
21:29:47.0931 2172 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:29:48.0009 2172 secdrv - ok
21:29:48.0041 2172 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:29:48.0041 2172 seclogon - ok
21:29:48.0259 2172 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
21:29:48.0259 2172 SENS - ok
21:29:48.0321 2172 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:29:48.0321 2172 SensrSvc - ok
21:29:48.0415 2172 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:29:48.0462 2172 Serenum - ok
21:29:48.0509 2172 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:29:48.0509 2172 Serial - ok
21:29:48.0540 2172 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:29:48.0540 2172 sermouse - ok
21:29:48.0743 2172 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
21:29:48.0743 2172 SessionEnv - ok
21:29:48.0774 2172 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
21:29:48.0774 2172 sffdisk - ok
21:29:48.0789 2172 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:29:48.0821 2172 sffp_mmc - ok
21:29:48.0914 2172 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:29:48.0930 2172 sffp_sd - ok
21:29:48.0945 2172 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:29:48.0977 2172 sfloppy - ok
21:29:49.0055 2172 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:29:49.0055 2172 SharedAccess - ok
21:29:49.0257 2172 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
21:29:49.0257 2172 ShellHWDetection - ok
21:29:49.0289 2172 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
21:29:49.0289 2172 sisagp - ok
21:29:49.0367 2172 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:29:49.0398 2172 SiSRaid2 - ok
21:29:49.0429 2172 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:29:49.0460 2172 SiSRaid4 - ok
21:29:49.0507 2172 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:29:49.0507 2172 Smb - ok
21:29:49.0710 2172 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:29:49.0710 2172 SNMPTRAP - ok
21:29:49.0741 2172 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:29:49.0741 2172 spldr - ok
21:29:49.0788 2172 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
21:29:49.0803 2172 Spooler - ok
21:29:49.0991 2172 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
21:29:50.0037 2172 sppsvc - ok
21:29:50.0225 2172 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
21:29:50.0225 2172 sppuinotify - ok
21:29:50.0334 2172 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
21:29:50.0412 2172 sptd - ok
21:29:50.0615 2172 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
21:29:50.0615 2172 srv - ok
21:29:50.0661 2172 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
21:29:50.0677 2172 srv2 - ok
21:29:50.0739 2172 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:29:50.0739 2172 SrvHsfHDA - ok
21:29:50.0802 2172 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:29:50.0817 2172 SrvHsfV92 - ok
21:29:51.0051 2172 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:29:51.0067 2172 SrvHsfWinac - ok
21:29:51.0129 2172 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
21:29:51.0129 2172 srvnet - ok
21:29:51.0207 2172 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:29:51.0207 2172 SSDPSRV - ok
21:29:51.0254 2172 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:29:51.0254 2172 ssmdrv - ok
21:29:51.0457 2172 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:29:51.0457 2172 SstpSvc - ok
21:29:51.0566 2172 Steam Client Service - ok
21:29:51.0660 2172 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:29:51.0691 2172 stexstor - ok
21:29:51.0769 2172 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
21:29:51.0785 2172 StiSvc - ok
21:29:51.0987 2172 StMp3Rec (833ac40f6e7be17951d6d9a956829547) C:\Windows\system32\Drivers\StMp3Rec.sys
21:29:52.0034 2172 StMp3Rec - ok
21:29:52.0081 2172 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
21:29:52.0081 2172 storflt - ok
21:29:52.0143 2172 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
21:29:52.0143 2172 StorSvc - ok
21:29:52.0175 2172 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
21:29:52.0175 2172 storvsc - ok
21:29:52.0253 2172 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
21:29:52.0299 2172 swenum - ok
21:29:52.0487 2172 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:29:52.0502 2172 swprv - ok
21:29:52.0565 2172 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
21:29:52.0580 2172 SysMain - ok
21:29:52.0611 2172 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
21:29:52.0627 2172 TabletInputService - ok
21:29:52.0643 2172 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
21:29:52.0658 2172 TapiSrv - ok
21:29:52.0845 2172 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:29:52.0861 2172 TBS - ok
21:29:53.0001 2172 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
21:29:53.0033 2172 Tcpip - ok
21:29:53.0204 2172 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
21:29:53.0220 2172 TCPIP6 - ok
21:29:53.0282 2172 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
21:29:53.0282 2172 tcpipreg - ok
21:29:53.0313 2172 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
21:29:53.0313 2172 TDPIPE - ok
21:29:53.0391 2172 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
21:29:53.0391 2172 TDTCP - ok
21:29:53.0485 2172 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:29:53.0485 2172 tdx - ok
21:29:53.0547 2172 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
21:29:53.0547 2172 TermDD - ok
21:29:53.0750 2172 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
21:29:53.0766 2172 TermService - ok
21:29:53.0797 2172 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:29:53.0797 2172 Themes - ok
21:29:53.0859 2172 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:29:53.0859 2172 THREADORDER - ok
21:29:53.0969 2172 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\Windows\system32\drivers\tifm21.sys
21:29:53.0969 2172 tifm21 - ok
21:29:54.0156 2172 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:29:54.0156 2172 TrkWks - ok
21:29:54.0265 2172 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
21:29:54.0265 2172 TrustedInstaller - ok
21:29:54.0343 2172 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:29:54.0343 2172 tssecsrv - ok
21:29:54.0405 2172 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
21:29:54.0405 2172 tunnel - ok
21:29:54.0546 2172 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
21:29:54.0546 2172 TVALZ - ok
21:29:54.0593 2172 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:29:54.0593 2172 uagp35 - ok
21:29:54.0639 2172 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
21:29:54.0639 2172 udfs - ok
21:29:54.0702 2172 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:29:54.0717 2172 UI0Detect - ok
21:29:54.0795 2172 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:29:54.0795 2172 uliagpkx - ok
21:29:54.0827 2172 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
21:29:54.0827 2172 umbus - ok
21:29:54.0983 2172 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:29:54.0983 2172 UmPass - ok
21:29:55.0076 2172 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
21:29:55.0076 2172 UmRdpService - ok
21:29:55.0123 2172 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:29:55.0123 2172 upnphost - ok
21:29:55.0232 2172 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
21:29:55.0232 2172 usbaudio - ok
21:29:55.0295 2172 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
21:29:55.0295 2172 usbccgp - ok
21:29:55.0513 2172 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
21:29:55.0544 2172 usbcir - ok
21:29:55.0591 2172 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
21:29:55.0591 2172 usbehci - ok
21:29:55.0685 2172 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
21:29:55.0700 2172 usbhub - ok
21:29:55.0763 2172 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
21:29:55.0763 2172 usbohci - ok
21:29:55.0903 2172 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:29:55.0903 2172 usbprint - ok
21:29:55.0997 2172 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:29:55.0997 2172 usbscan - ok
21:29:56.0059 2172 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:29:56.0059 2172 USBSTOR - ok
21:29:56.0137 2172 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
21:29:56.0137 2172 usbuhci - ok
21:29:56.0184 2172 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:29:56.0184 2172 UxSms - ok
21:29:56.0231 2172 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
21:29:56.0231 2172 VaultSvc - ok
21:29:56.0324 2172 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:29:56.0324 2172 vdrvroot - ok
21:29:56.0465 2172 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
21:29:56.0480 2172 vds - ok
21:29:56.0558 2172 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:29:56.0558 2172 vga - ok
21:29:56.0589 2172 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:29:56.0589 2172 VgaSave - ok
21:29:56.0621 2172 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
21:29:56.0621 2172 vhdmp - ok
21:29:56.0699 2172 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
21:29:56.0699 2172 viaagp - ok
21:29:56.0823 2172 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:29:56.0823 2172 ViaC7 - ok
21:29:56.0855 2172 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
21:29:56.0886 2172 viaide - ok
21:29:57.0011 2172 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
21:29:57.0011 2172 vmbus - ok
21:29:57.0057 2172 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
21:29:57.0073 2172 VMBusHID - ok
21:29:57.0135 2172 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
21:29:57.0135 2172 volmgr - ok
21:29:57.0182 2172 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:29:57.0182 2172 volmgrx - ok
21:29:57.0338 2172 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
21:29:57.0354 2172 volsnap - ok
21:29:57.0432 2172 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:29:57.0447 2172 vsmraid - ok
21:29:57.0557 2172 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
21:29:57.0572 2172 VSS - ok
21:29:57.0697 2172 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:29:57.0697 2172 vwifibus - ok
21:29:57.0759 2172 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:29:57.0775 2172 W32Time - ok
21:29:57.0822 2172 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:29:57.0822 2172 WacomPen - ok
21:29:57.0869 2172 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:57.0869 2172 WANARP - ok
21:29:57.0869 2172 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:57.0869 2172 Wanarpv6 - ok
21:29:57.0993 2172 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
21:29:58.0337 2172 WatAdminSvc - ok
21:29:58.0586 2172 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
21:29:58.0602 2172 wbengine - ok
21:29:58.0633 2172 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:29:58.0649 2172 WbioSrvc - ok
21:29:58.0711 2172 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
21:29:58.0727 2172 wcncsvc - ok
21:29:58.0914 2172 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:29:58.0914 2172 WcsPlugInService - ok
21:29:58.0992 2172 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:29:59.0023 2172 Wd - ok
21:29:59.0101 2172 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:29:59.0117 2172 Wdf01000 - ok
21:29:59.0210 2172 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:29:59.0226 2172 WdiServiceHost - ok
21:29:59.0241 2172 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:29:59.0241 2172 WdiSystemHost - ok
21:29:59.0335 2172 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
21:29:59.0351 2172 WebClient - ok
21:29:59.0522 2172 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:29:59.0522 2172 Wecsvc - ok
21:29:59.0600 2172 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:29:59.0600 2172 wercplsupport - ok
21:29:59.0647 2172 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:29:59.0647 2172 WerSvc - ok
21:29:59.0741 2172 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:29:59.0756 2172 WfpLwf - ok
21:29:59.0819 2172 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:29:59.0834 2172 WIMMount - ok
21:29:59.0990 2172 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:30:00.0006 2172 WinDefend - ok
21:30:00.0006 2172 WinHttpAutoProxySvc - ok
21:30:00.0240 2172 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:30:00.0255 2172 Winmgmt - ok
21:30:00.0365 2172 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
21:30:00.0396 2172 WinRM - ok
21:30:00.0458 2172 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
21:30:00.0458 2172 WinUsb - ok
21:30:00.0692 2172 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:30:00.0723 2172 Wlansvc - ok
21:30:00.0786 2172 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:30:00.0786 2172 WmiAcpi - ok
21:30:00.0911 2172 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:30:00.0911 2172 wmiApSrv - ok
21:30:01.0067 2172 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:30:01.0082 2172 WMPNetworkSvc - ok
21:30:01.0285 2172 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:30:01.0285 2172 WPCSvc - ok
21:30:01.0316 2172 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
21:30:01.0316 2172 WPDBusEnum - ok
21:30:01.0394 2172 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:30:01.0394 2172 ws2ifsl - ok
21:30:01.0519 2172 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
21:30:01.0519 2172 wscsvc - ok
21:30:01.0659 2172 WSearch - ok
21:30:01.0800 2172 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
21:30:01.0831 2172 wuauserv - ok
21:30:01.0909 2172 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
21:30:01.0925 2172 WudfPf - ok
21:30:02.0361 2172 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:30:02.0361 2172 WUDFRd - ok
21:30:02.0439 2172 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
21:30:02.0439 2172 wudfsvc - ok
21:30:02.0502 2172 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:30:02.0517 2172 WwanSvc - ok
21:30:02.0549 2172 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:30:02.0767 2172 \Device\Harddisk0\DR0 - ok
21:30:02.0767 2172 Boot (0x1200) (b0a68faba98479f51a52cb4fa2e00d3c) \Device\Harddisk0\DR0\Partition0
21:30:02.0767 2172 \Device\Harddisk0\DR0\Partition0 - ok
21:30:02.0783 2172 ============================================================
21:30:02.0783 2172 Scan finished
21:30:02.0783 2172 ============================================================
21:30:02.0829 3424 Detected object count: 0
21:30:02.0829 3424 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:04 AM

Posted 06 April 2012 - 08:59 PM

Hello


let me have the aswMBR reort when it is ready



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Gamachii

Gamachii
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 06 April 2012 - 10:00 PM

Here we are!

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-06 22:27:58
-----------------------------
22:27:58.521 OS Version: Windows 6.1.7600
22:27:58.521 Number of processors: 2 586 0xF06
22:27:58.537 ComputerName: AETHERIUS UserName: L
22:27:59.988 Initialize success
22:28:10.206 AVAST engine defs: 12040601
22:29:11.857 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:29:11.857 Disk 0 Vendor: TOSHIBA_MK1234GSX AH001A Size: 114473MB BusType: 3
22:29:11.888 Disk 0 MBR read successfully
22:29:11.888 Disk 0 MBR scan
22:29:11.904 Disk 0 Windows XP default MBR code
22:29:11.919 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:29:12.029 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 112971 MB offset 3074048
22:29:12.029 Disk 0 scanning sectors +234438656
22:29:12.122 Disk 0 scanning C:\Windows\system32\drivers
22:29:30.951 Service scanning
22:30:12.775 Modules scanning
22:30:34.958 Disk 0 trace - called modules:
22:30:34.990 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
22:30:35.504 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85428a40]
22:30:35.504 3 CLASSPNP.SYS[8827059e] -> nt!IofCallDriver -> [0x84fd6890]
22:30:35.504 5 ACPI.sys[87a153b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84f66030]
22:30:36.097 AVAST engine scan C:\Windows
22:30:45.364 AVAST engine scan C:\Windows\system32
22:31:41.118 File: C:\Windows\system32\FastUv32.dll **INFECTED** Win32:Zbot-OEO [Trj]
22:35:33.980 AVAST engine scan C:\Windows\system32\drivers
22:35:58.022 AVAST engine scan C:\Users\L
22:46:56.844 AVAST engine scan C:\ProgramData
22:47:27.326 Scan finished successfully
22:59:42.259 Disk 0 MBR has been saved successfully to "C:\Users\L\Desktop\MBR.dat"
22:59:42.275 The log file has been saved successfully to "C:\Users\L\Desktop\aswMBR8.txt"


Looks like there's still one issue, but not as many as the last scan.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:04 AM

Posted 06 April 2012 - 10:16 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\users\L\AppData\Roaming\Wyiwg
c:\users\L\AppData\Roaming\Qeur
File::
C:\Windows\system32\FastUv32.dll
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\syqi.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Gamachii

Gamachii
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 07 April 2012 - 04:04 PM

Alright, here are the combofix logs from running the script.

ComboFix 12-04-06.03 - L 04/07/2012 11:43:24.4.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1022.487 [GMT -4:00]
Running from: c:\users\L\Desktop\ComboFix.exe
Command switches used :: c:\users\L\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\syqi.exe"
"c:\windows\system32\FastUv32.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\syqi.exe
c:\users\L\AppData\Roaming\Qeur
c:\users\L\AppData\Roaming\Wyiwg
c:\windows\system32\FastUv32.dll
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-07 15:56 . 2012-04-07 15:58 -------- d-----w- c:\users\L\AppData\Local\temp
2012-04-07 15:56 . 2012-04-07 15:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-07 15:56 . 2012-04-07 15:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 22:16 . 2012-04-06 22:16 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8291B9D3-087E-4BA8-B314-CF95F2EA3FA4}\offreg.dll
2012-04-06 20:59 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8291B9D3-087E-4BA8-B314-CF95F2EA3FA4}\mpengine.dll
2012-04-06 20:31 . 2010-11-20 08:39 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-03-31 20:24 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 20:24 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 00:30 . 2012-03-31 00:30 -------- d-----w- c:\program files\Common Files\Java
2012-03-31 00:25 . 2012-03-31 00:25 -------- d-----w- c:\program files\Java
2012-03-29 19:35 . 2012-03-29 20:24 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-24 21:34 . 2012-03-24 21:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-22 20:39 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 16:06 . 2009-07-13 23:11 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-03-31 00:26 . 2010-08-03 18:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-29 20:24 . 2012-01-11 16:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 14:18 . 2010-07-28 11:00 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 06:59 . 2012-02-16 06:59 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-16 06:59 . 2012-02-16 06:59 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-16 06:59 . 2012-02-16 06:59 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-16 06:59 . 2012-02-16 06:59 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-16 06:59 . 2012-02-16 06:59 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-16 06:59 . 2012-02-16 06:59 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-16 06:59 . 2012-02-16 06:59 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-16 06:59 . 2012-02-16 06:59 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-16 06:59 . 2012-02-16 06:59 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-16 06:59 . 2012-02-16 06:59 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-16 06:59 . 2012-02-16 06:59 367104 ----a-w- c:\windows\system32\html.iec
2012-02-16 06:59 . 2012-02-16 06:59 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-16 06:59 . 2012-02-16 06:59 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-16 06:59 . 2012-02-16 06:59 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-16 06:59 . 2012-02-16 06:59 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-16 06:59 . 2012-02-16 06:59 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-16 06:59 . 2012-02-16 06:59 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-16 06:59 . 2012-02-16 06:59 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-16 06:59 . 2012-02-16 06:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-16 06:59 . 2012-02-16 06:59 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-16 06:59 . 2012-02-16 06:59 101888 ----a-w- c:\windows\system32\admparse.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\L\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\L\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\L\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\L\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^L^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-15 18:27 136176 ----atw- c:\users\L\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01 2634048 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 NecUsb3;USB3 Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
R3 Bicpaif;Bicpaif; [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 BlackBox;BlackBox SR2; [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 25112]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-30 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-03 691696]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-08 136360]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsb3Sevic REG_MULTI_SZ NecUsb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
evteng
tosrfec
alertservice
iap
soma
spbbcdrv
odysseyIM4
mfebopk
hpconfig
se44mdfl
IFPUSB
nnsvc
btaudio
NPDriver
lvhidsvc
bdselfpr
HBtnKey
Slntamr
KMW_SYS
nsm1mdm
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:24]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-920647692-2520404014-687441470-1000Core.job
- c:\users\L\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-15 18:27]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-920647692-2520404014-687441470-1000UA.job
- c:\users\L\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-15 18:27]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\L\AppData\Roaming\Mozilla\Firefox\Profiles\tmnavswn.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: MidnightFox: {66871bd1-5ba2-4739-b485-2a15f5969bd8} - %profile%\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(192)
c:\users\L\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-04-07 12:06:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-07 16:06
ComboFix2.txt 2012-04-06 20:43
ComboFix3.txt 2012-03-22 05:05
ComboFix4.txt 2011-08-10 15:00
.
Pre-Run: 6,720,921,600 bytes free
Post-Run: 6,399,782,912 bytes free
.
- - End Of File - - A50AFF240689971485C47F833FDB9542

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:04 AM

Posted 07 April 2012 - 08:46 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Gamachii

Gamachii
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 08 April 2012 - 09:27 PM

Happy Easter! Here's the report log:

Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS
Adobe Reader 9.5.0
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Avira AntiVir Personal - Free Antivirus
BitComet 1.29
Canon MP Navigator EX 4.0
Canon MP280 series MP Drivers
Canon MP280 series User Registration
Canon My Printer
Conexant HD Audio
Dropbox
FileZilla Client 3.5.1
Google Chrome
Heroes of Might and Magic
HiJackThis
Java Auto Updater
Java™ 6 Update 31
Katawa Shoujo
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.6.27)
Notepad++
NVIDIA Drivers
OpenOffice.org 3.3
Pando Media Booster
PDF Settings
Pidgin
Porta
Portal 2
Realm of the Mad God
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Steam
System Requirements Lab
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Veoh Web Player
VLC media player 0.9.2
Winamp
Winamp Detector Plug-in
WinRAR archiver

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:04 AM

Posted 08 April 2012 - 09:41 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.0
BitComet 1.29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Gamachii

Gamachii
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 09 April 2012 - 12:47 PM

Here's the MBAM log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.09.05

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
L :: AETHERIUS [administrator]

4/9/2012 11:55:56 AM
mbam-log-2012-04-09 (11-55-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187198
Time elapsed: 9 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


When running Hijackthis I got a message: For some reason your system denied write access to the host file. If any hijacked domains are in this file, Hijack this might not be able to fix this. It continues on with how to fix the host files manually.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:46:11 PM, on 4/9/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 3479 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users