Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Google Redirect


  • This topic is locked This topic is locked
12 replies to this topic

#1 prometheusandbob

prometheusandbob

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 01 April 2012 - 11:57 PM

Hello all at bleeping computer. I just discovered this painfully annoying virus/malware today shortly after attempting to troubleshoot recent performance issues via Google. I was redirected to places like "happili" when I first discovered it. I then stumbled upon one of the numerous redirect topics here, and read about Java security issues. Updated Java, but in the process of searching for the update, I was redirected to a phony search engine site boasting Java updates, rather than getting to Java's page. I would appreciate any and all help that can be given. I'll be around to check this at least three times a day so that we can get through this B.S. as fast as possible.

Oh, and in case you don't see it in the log, I'm running Windows 7 x64 and using Firefox. I did not have this issue when using Chrome, but I didn't use it for anything other than that Java update.

I also ran a full scan with AVG and Spybot S&D with no improvement.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Griff at 0:41:51 on 2012-04-02
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6135.4354 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Mouse\Amoumain.exe
C:\Users\Griff\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\System32\rundll32.exe
C:\Users\Griff\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Users\Griff\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\msiexec.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Griff\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Update] rundll32.exe "C:\Users\Griff\AppData\Roaming\AnvSoft\AnvSoft\vmvsz.dll",DllRegisterServer
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Microsoft Works Portfolio] C:\Program Files (x86)\Microsoft Works\WksSb.exe /AllUsers
mRun: [Microsoft Works Update Detection] C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~2.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AED4EF0E-461A-4CB0-BE44-E17BAF01CAE7} : DhcpNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Microsoft Works Portfolio] C:\Program Files (x86)\Microsoft Works\WksSb.exe /AllUsers
mRun-x64: [Microsoft Works Update Detection] C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Griff\AppData\Roaming\Mozilla\Firefox\Profiles\0puci2si.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff7.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Users\Griff\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-6-24 91456]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-23 2348352]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-10 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-02 03:17:49 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-02 03:09:15 -------- d-----w- C:\Program Files (x86)\ESET
2012-04-02 02:42:50 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-04-02 02:42:50 660368 ----a-w- C:\Windows\System32\deployJava1.dll
2012-03-28 03:24:39 -------- d-sh--w- C:\ProgramData\DSS
2012-03-28 03:07:27 19087360 ----a-w- C:\Windows\SysWow64\mkl_blueripple.dll
2012-03-28 03:07:19 809496 ----a-r- C:\Windows\SysWow64\tmp9F9C.tmp
2012-03-15 04:24:15 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-15 04:24:14 3957616 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-15 04:24:14 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-10 14:01:54 -------- d-----w- C:\Program Files\iTunes
2012-03-10 14:01:54 -------- d-----w- C:\Program Files\iPod
.
==================== Find3M ====================
.
2012-04-02 03:17:49 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-02 02:51:46 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-02 00:19:03 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-04-02 00:19:03 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-04-02 00:18:45 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-03-28 03:07:19 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-03-28 03:07:19 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-03-01 00:02:00 9717568 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-29 20:59:29 2515790 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-02-29 17:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-14 20:24:59 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:27:11 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:27:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:20:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-01-17 12:46:01 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-01-17 12:45:56 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-01-17 12:45:55 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-01-08 16:47:27 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-01-08 16:47:27 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
.
============= FINISH: 0:44:46.47 ===============

Attached Files


Edited by prometheusandbob, 02 April 2012 - 12:15 AM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:01 AM

Posted 02 April 2012 - 06:42 PM

Hi,

Please do the following


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 prometheusandbob

prometheusandbob
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 02 April 2012 - 07:05 PM

Thanks for the reply! The logs you need will be below. As an update, I have uninstalled Chrome and Firefox, and did a clean install of Firefox 10.

TDSSKiller Log:

19:59:51.0505 6064 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
19:59:52.0218 6064 ============================================================
19:59:52.0218 6064 Current date / time: 2012/04/02 19:59:52.0218
19:59:52.0218 6064 SystemInfo:
19:59:52.0218 6064
19:59:52.0218 6064 OS Version: 6.1.7600 ServicePack: 0.0
19:59:52.0218 6064 Product type: Workstation
19:59:52.0219 6064 ComputerName: EPIMETHEUS
19:59:52.0219 6064 UserName: Griff
19:59:52.0219 6064 Windows directory: C:\Windows
19:59:52.0219 6064 System windows directory: C:\Windows
19:59:52.0219 6064 Running under WOW64
19:59:52.0219 6064 Processor architecture: Intel x64
19:59:52.0219 6064 Number of processors: 8
19:59:52.0219 6064 Page size: 0x1000
19:59:52.0219 6064 Boot type: Normal boot
19:59:52.0219 6064 ============================================================
19:59:53.0214 6064 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
19:59:53.0221 6064 \Device\Harddisk0\DR0:
19:59:53.0221 6064 MBR used
19:59:53.0221 6064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:59:53.0221 6064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
19:59:53.0239 6064 Initialize success
19:59:53.0239 6064 ============================================================
20:00:34.0758 6028 ============================================================
20:00:34.0758 6028 Scan started
20:00:34.0758 6028 Mode: Manual; TDLFS;
20:00:34.0758 6028 ============================================================
20:00:35.0599 6028 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:00:35.0603 6028 1394ohci - ok
20:00:35.0614 6028 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:00:35.0619 6028 ACPI - ok
20:00:35.0632 6028 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:00:35.0633 6028 AcpiPmi - ok
20:00:35.0720 6028 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:00:35.0721 6028 AdobeARMservice - ok
20:00:35.0807 6028 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:00:35.0810 6028 AdobeFlashPlayerUpdateSvc - ok
20:00:35.0835 6028 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:00:35.0841 6028 adp94xx - ok
20:00:35.0862 6028 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:00:35.0877 6028 adpahci - ok
20:00:35.0896 6028 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:00:35.0898 6028 adpu320 - ok
20:00:35.0913 6028 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:00:35.0914 6028 AeLookupSvc - ok
20:00:35.0950 6028 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
20:00:35.0977 6028 AFD - ok
20:00:35.0998 6028 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:00:36.0000 6028 agp440 - ok
20:00:36.0014 6028 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:00:36.0016 6028 ALG - ok
20:00:36.0027 6028 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:00:36.0029 6028 aliide - ok
20:00:36.0039 6028 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:00:36.0040 6028 amdide - ok
20:00:36.0054 6028 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:00:36.0055 6028 AmdK8 - ok
20:00:36.0069 6028 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:00:36.0071 6028 AmdPPM - ok
20:00:36.0103 6028 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
20:00:36.0111 6028 amdsata - ok
20:00:36.0118 6028 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:00:36.0121 6028 amdsbs - ok
20:00:36.0153 6028 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
20:00:36.0155 6028 amdxata - ok
20:00:36.0186 6028 Amfilter (71aff825b960731e2ae366467bc0d1f3) C:\Windows\system32\DRIVERS\Amfltx64.sys
20:00:36.0187 6028 Amfilter - ok
20:00:36.0204 6028 Amusbprt (8f1db3d133197affa3a721953eb0988c) C:\Windows\system32\DRIVERS\Amusbx64.sys
20:00:36.0206 6028 Amusbprt - ok
20:00:36.0226 6028 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:00:36.0227 6028 AppID - ok
20:00:36.0242 6028 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:00:36.0244 6028 AppIDSvc - ok
20:00:36.0259 6028 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
20:00:36.0261 6028 Appinfo - ok
20:00:36.0321 6028 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:00:36.0322 6028 Apple Mobile Device - ok
20:00:36.0341 6028 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:00:36.0344 6028 AppMgmt - ok
20:00:36.0362 6028 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:00:36.0364 6028 arc - ok
20:00:36.0380 6028 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:00:36.0382 6028 arcsas - ok
20:00:36.0393 6028 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:00:36.0395 6028 AsyncMac - ok
20:00:36.0411 6028 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:00:36.0412 6028 atapi - ok
20:00:36.0442 6028 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:00:36.0449 6028 AudioEndpointBuilder - ok
20:00:36.0458 6028 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:00:36.0463 6028 AudioSrv - ok
20:00:36.0612 6028 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
20:00:36.0733 6028 AVGIDSAgent - ok
20:00:36.0764 6028 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
20:00:36.0766 6028 AVGIDSDriver - ok
20:00:36.0790 6028 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
20:00:36.0792 6028 AVGIDSEH - ok
20:00:36.0821 6028 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
20:00:36.0830 6028 AVGIDSFilter - ok
20:00:36.0860 6028 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
20:00:36.0877 6028 Avgldx64 - ok
20:00:36.0891 6028 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
20:00:36.0921 6028 Avgmfx64 - ok
20:00:36.0966 6028 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
20:00:36.0967 6028 Avgrkx64 - ok
20:00:36.0986 6028 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
20:00:36.0991 6028 Avgtdia - ok
20:00:37.0003 6028 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
20:00:37.0005 6028 avgwd - ok
20:00:37.0013 6028 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
20:00:37.0015 6028 AxInstSV - ok
20:00:37.0032 6028 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:00:37.0036 6028 b06bdrv - ok
20:00:37.0070 6028 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:00:37.0073 6028 b57nd60a - ok
20:00:37.0086 6028 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:00:37.0088 6028 BDESVC - ok
20:00:37.0100 6028 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:00:37.0101 6028 Beep - ok
20:00:37.0142 6028 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
20:00:37.0148 6028 BFE - ok
20:00:37.0177 6028 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
20:00:37.0195 6028 BITS - ok
20:00:37.0201 6028 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:00:37.0202 6028 blbdrive - ok
20:00:37.0246 6028 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:00:37.0250 6028 Bonjour Service - ok
20:00:37.0281 6028 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
20:00:37.0282 6028 bowser - ok
20:00:37.0291 6028 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:00:37.0292 6028 BrFiltLo - ok
20:00:37.0315 6028 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:00:37.0316 6028 BrFiltUp - ok
20:00:37.0360 6028 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
20:00:37.0362 6028 Browser - ok
20:00:37.0382 6028 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:00:37.0389 6028 Brserid - ok
20:00:37.0405 6028 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:00:37.0406 6028 BrSerWdm - ok
20:00:37.0422 6028 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:00:37.0423 6028 BrUsbMdm - ok
20:00:37.0432 6028 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:00:37.0433 6028 BrUsbSer - ok
20:00:37.0445 6028 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:00:37.0447 6028 BTHMODEM - ok
20:00:37.0463 6028 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:00:37.0464 6028 bthserv - ok
20:00:37.0475 6028 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:00:37.0477 6028 cdfs - ok
20:00:37.0492 6028 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:00:37.0494 6028 cdrom - ok
20:00:37.0511 6028 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:00:37.0513 6028 CertPropSvc - ok
20:00:37.0525 6028 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:00:37.0526 6028 circlass - ok
20:00:37.0542 6028 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:00:37.0545 6028 CLFS - ok
20:00:37.0571 6028 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:00:37.0579 6028 clr_optimization_v2.0.50727_32 - ok
20:00:37.0593 6028 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:00:37.0594 6028 clr_optimization_v2.0.50727_64 - ok
20:00:37.0628 6028 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:00:37.0633 6028 clr_optimization_v4.0.30319_32 - ok
20:00:37.0650 6028 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:00:37.0652 6028 clr_optimization_v4.0.30319_64 - ok
20:00:37.0661 6028 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:00:37.0662 6028 CmBatt - ok
20:00:37.0667 6028 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:00:37.0668 6028 cmdide - ok
20:00:37.0706 6028 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
20:00:37.0720 6028 CNG - ok
20:00:37.0738 6028 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:00:37.0739 6028 Compbatt - ok
20:00:37.0753 6028 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:00:37.0755 6028 CompositeBus - ok
20:00:37.0759 6028 COMSysApp - ok
20:00:37.0767 6028 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:00:37.0769 6028 crcdisk - ok
20:00:37.0783 6028 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
20:00:37.0785 6028 CryptSvc - ok
20:00:37.0812 6028 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
20:00:37.0832 6028 CSC - ok
20:00:37.0853 6028 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
20:00:37.0858 6028 CscService - ok
20:00:37.0890 6028 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:00:37.0894 6028 DcomLaunch - ok
20:00:37.0917 6028 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:00:37.0921 6028 defragsvc - ok
20:00:37.0953 6028 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
20:00:37.0973 6028 DfsC - ok
20:00:37.0980 6028 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
20:00:37.0983 6028 Dhcp - ok
20:00:37.0989 6028 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:00:37.0990 6028 discache - ok
20:00:38.0006 6028 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:00:38.0008 6028 Disk - ok
20:00:38.0017 6028 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
20:00:38.0020 6028 Dnscache - ok
20:00:38.0031 6028 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
20:00:38.0034 6028 dot3svc - ok
20:00:38.0043 6028 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
20:00:38.0045 6028 DPS - ok
20:00:38.0076 6028 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:00:38.0077 6028 drmkaud - ok
20:00:38.0144 6028 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
20:00:38.0155 6028 DXGKrnl - ok
20:00:38.0166 6028 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:00:38.0169 6028 EapHost - ok
20:00:38.0228 6028 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:00:38.0279 6028 ebdrv - ok
20:00:38.0314 6028 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
20:00:38.0315 6028 EFS - ok
20:00:38.0350 6028 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
20:00:38.0358 6028 ehRecvr - ok
20:00:38.0388 6028 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:00:38.0390 6028 ehSched - ok
20:00:38.0407 6028 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:00:38.0411 6028 elxstor - ok
20:00:38.0439 6028 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:00:38.0440 6028 ErrDev - ok
20:00:38.0455 6028 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:00:38.0459 6028 EventSystem - ok
20:00:38.0497 6028 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:00:38.0499 6028 exfat - ok
20:00:38.0511 6028 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:00:38.0513 6028 fastfat - ok
20:00:38.0536 6028 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
20:00:38.0542 6028 Fax - ok
20:00:38.0549 6028 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:00:38.0550 6028 fdc - ok
20:00:38.0572 6028 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:00:38.0573 6028 fdPHost - ok
20:00:38.0578 6028 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:00:38.0579 6028 FDResPub - ok
20:00:38.0593 6028 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:00:38.0594 6028 FileInfo - ok
20:00:38.0603 6028 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:00:38.0604 6028 Filetrace - ok
20:00:38.0612 6028 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:00:38.0613 6028 flpydisk - ok
20:00:38.0633 6028 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:00:38.0636 6028 FltMgr - ok
20:00:38.0702 6028 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
20:00:38.0713 6028 FontCache - ok
20:00:38.0745 6028 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:00:38.0747 6028 FontCache3.0.0.0 - ok
20:00:38.0753 6028 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:00:38.0755 6028 FsDepends - ok
20:00:38.0765 6028 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:00:38.0767 6028 Fs_Rec - ok
20:00:38.0798 6028 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:00:38.0801 6028 fvevol - ok
20:00:38.0814 6028 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:00:38.0816 6028 gagp30kx - ok
20:00:38.0860 6028 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:00:38.0862 6028 GEARAspiWDM - ok
20:00:38.0883 6028 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
20:00:38.0891 6028 gpsvc - ok
20:00:38.0899 6028 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:00:38.0900 6028 hcw85cir - ok
20:00:38.0933 6028 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:00:38.0938 6028 HdAudAddService - ok
20:00:38.0955 6028 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:00:38.0957 6028 HDAudBus - ok
20:00:38.0980 6028 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:00:38.0981 6028 HidBatt - ok
20:00:38.0991 6028 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:00:38.0993 6028 HidBth - ok
20:00:39.0010 6028 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:00:39.0011 6028 HidIr - ok
20:00:39.0022 6028 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:00:39.0024 6028 hidserv - ok
20:00:39.0050 6028 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:00:39.0052 6028 HidUsb - ok
20:00:39.0067 6028 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
20:00:39.0070 6028 hkmsvc - ok
20:00:39.0088 6028 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
20:00:39.0092 6028 HomeGroupListener - ok
20:00:39.0109 6028 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
20:00:39.0113 6028 HomeGroupProvider - ok
20:00:39.0131 6028 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:00:39.0133 6028 HpSAMD - ok
20:00:39.0168 6028 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:00:39.0176 6028 HTTP - ok
20:00:39.0188 6028 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:00:39.0189 6028 hwpolicy - ok
20:00:39.0206 6028 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:00:39.0208 6028 i8042prt - ok
20:00:39.0247 6028 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
20:00:39.0252 6028 iaStorV - ok
20:00:39.0326 6028 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:00:39.0329 6028 IDriverT - ok
20:00:39.0355 6028 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:00:39.0364 6028 idsvc - ok
20:00:39.0403 6028 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:00:39.0439 6028 iirsp - ok
20:00:39.0482 6028 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
20:00:39.0489 6028 IKEEXT - ok
20:00:39.0560 6028 IntcAzAudAddService (a3bcbd0f710580a07d1b929d787d36ce) C:\Windows\system32\drivers\RTKVHD64.sys
20:00:39.0592 6028 IntcAzAudAddService - ok
20:00:39.0602 6028 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:00:39.0603 6028 intelide - ok
20:00:39.0623 6028 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:00:39.0624 6028 intelppm - ok
20:00:39.0629 6028 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:00:39.0631 6028 IPBusEnum - ok
20:00:39.0640 6028 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:00:39.0641 6028 IpFilterDriver - ok
20:00:39.0658 6028 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
20:00:39.0662 6028 iphlpsvc - ok
20:00:39.0674 6028 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:00:39.0675 6028 IPMIDRV - ok
20:00:39.0689 6028 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:00:39.0691 6028 IPNAT - ok
20:00:39.0760 6028 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
20:00:39.0767 6028 iPod Service - ok
20:00:39.0791 6028 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:00:39.0792 6028 IRENUM - ok
20:00:39.0805 6028 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:00:39.0806 6028 isapnp - ok
20:00:39.0824 6028 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:00:39.0826 6028 iScsiPrt - ok
20:00:39.0838 6028 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:00:39.0839 6028 kbdclass - ok
20:00:39.0845 6028 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:00:39.0845 6028 kbdhid - ok
20:00:39.0872 6028 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:00:39.0873 6028 KeyIso - ok
20:00:39.0895 6028 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
20:00:39.0897 6028 KSecDD - ok
20:00:39.0913 6028 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
20:00:39.0916 6028 KSecPkg - ok
20:00:39.0930 6028 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:00:39.0932 6028 ksthunk - ok
20:00:39.0963 6028 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:00:39.0969 6028 KtmRm - ok
20:00:40.0005 6028 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
20:00:40.0010 6028 LanmanServer - ok
20:00:40.0040 6028 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
20:00:40.0044 6028 LanmanWorkstation - ok
20:00:40.0172 6028 LBTServ (19eff704cd16dd0429e128431f1dd631) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
20:00:40.0191 6028 LBTServ - ok
20:00:40.0234 6028 LHidFilt (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:00:40.0236 6028 LHidFilt - ok
20:00:40.0242 6028 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:00:40.0244 6028 lltdio - ok
20:00:40.0259 6028 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:00:40.0263 6028 lltdsvc - ok
20:00:40.0274 6028 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:00:40.0275 6028 lmhosts - ok
20:00:40.0312 6028 LMouFilt (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:00:40.0325 6028 LMouFilt - ok
20:00:40.0354 6028 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:00:40.0356 6028 LSI_FC - ok
20:00:40.0364 6028 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:00:40.0367 6028 LSI_SAS - ok
20:00:40.0377 6028 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:00:40.0378 6028 LSI_SAS2 - ok
20:00:40.0392 6028 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:00:40.0395 6028 LSI_SCSI - ok
20:00:40.0416 6028 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:00:40.0419 6028 luafv - ok
20:00:40.0442 6028 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
20:00:40.0445 6028 Mcx2Svc - ok
20:00:40.0460 6028 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:00:40.0461 6028 megasas - ok
20:00:40.0474 6028 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:00:40.0478 6028 MegaSR - ok
20:00:40.0498 6028 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:00:40.0499 6028 MMCSS - ok
20:00:40.0509 6028 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:00:40.0511 6028 Modem - ok
20:00:40.0540 6028 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:00:40.0541 6028 monitor - ok
20:00:40.0615 6028 MotoConnect Service (9b2923c59d49672d1205c391a1296525) C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
20:00:40.0617 6028 MotoConnect Service - ok
20:00:40.0623 6028 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:00:40.0625 6028 mouclass - ok
20:00:40.0646 6028 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:00:40.0648 6028 mouhid - ok
20:00:40.0663 6028 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:00:40.0665 6028 mountmgr - ok
20:00:40.0679 6028 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:00:40.0682 6028 mpio - ok
20:00:40.0693 6028 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:00:40.0695 6028 mpsdrv - ok
20:00:40.0722 6028 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
20:00:40.0731 6028 MpsSvc - ok
20:00:40.0802 6028 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:00:40.0804 6028 MRxDAV - ok
20:00:40.0838 6028 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:00:40.0841 6028 mrxsmb - ok
20:00:40.0871 6028 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:00:40.0875 6028 mrxsmb10 - ok
20:00:40.0890 6028 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:00:40.0892 6028 mrxsmb20 - ok
20:00:40.0911 6028 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
20:00:40.0912 6028 msahci - ok
20:00:40.0926 6028 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:00:40.0928 6028 msdsm - ok
20:00:40.0943 6028 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:00:40.0947 6028 MSDTC - ok
20:00:40.0972 6028 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:00:40.0973 6028 Msfs - ok
20:00:40.0982 6028 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:00:40.0983 6028 mshidkmdf - ok
20:00:40.0991 6028 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:00:40.0992 6028 msisadrv - ok
20:00:41.0005 6028 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:00:41.0008 6028 MSiSCSI - ok
20:00:41.0014 6028 msiserver - ok
20:00:41.0032 6028 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:00:41.0033 6028 MSKSSRV - ok
20:00:41.0048 6028 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:00:41.0050 6028 MSPCLOCK - ok
20:00:41.0084 6028 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:00:41.0085 6028 MSPQM - ok
20:00:41.0106 6028 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:00:41.0110 6028 MsRPC - ok
20:00:41.0122 6028 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:00:41.0124 6028 mssmbios - ok
20:00:41.0142 6028 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:00:41.0143 6028 MSTEE - ok
20:00:41.0158 6028 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:00:41.0159 6028 MTConfig - ok
20:00:41.0191 6028 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
20:00:41.0193 6028 MTsensor - ok
20:00:41.0218 6028 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:00:41.0220 6028 Mup - ok
20:00:41.0256 6028 mv91xx (77073c1af9c0921ff18ee628049bb1a9) C:\Windows\system32\DRIVERS\mv91xx.sys
20:00:41.0258 6028 mv91xx - ok
20:00:41.0288 6028 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
20:00:41.0294 6028 napagent - ok
20:00:41.0311 6028 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:00:41.0315 6028 NativeWifiP - ok
20:00:41.0338 6028 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:00:41.0345 6028 NDIS - ok
20:00:41.0356 6028 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:00:41.0357 6028 NdisCap - ok
20:00:41.0371 6028 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:00:41.0372 6028 NdisTapi - ok
20:00:41.0385 6028 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:00:41.0387 6028 Ndisuio - ok
20:00:41.0399 6028 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:00:41.0401 6028 NdisWan - ok
20:00:41.0414 6028 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:00:41.0415 6028 NDProxy - ok
20:00:41.0420 6028 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:00:41.0421 6028 NetBIOS - ok
20:00:41.0435 6028 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:00:41.0437 6028 NetBT - ok
20:00:41.0464 6028 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:00:41.0465 6028 Netlogon - ok
20:00:41.0501 6028 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:00:41.0506 6028 Netman - ok
20:00:41.0525 6028 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:00:41.0531 6028 netprofm - ok
20:00:41.0573 6028 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:00:41.0575 6028 NetTcpPortSharing - ok
20:00:41.0590 6028 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:00:41.0592 6028 nfrd960 - ok
20:00:41.0609 6028 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
20:00:41.0614 6028 NlaSvc - ok
20:00:41.0624 6028 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:00:41.0626 6028 Npfs - ok
20:00:41.0637 6028 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:00:41.0639 6028 nsi - ok
20:00:41.0654 6028 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:00:41.0656 6028 nsiproxy - ok
20:00:41.0703 6028 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
20:00:41.0750 6028 Ntfs - ok
20:00:41.0763 6028 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:00:41.0764 6028 Null - ok
20:00:41.0785 6028 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
20:00:41.0787 6028 nusb3hub - ok
20:00:41.0807 6028 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:00:41.0810 6028 nusb3xhc - ok
20:00:41.0857 6028 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
20:00:41.0859 6028 NVHDA - ok
20:00:42.0087 6028 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:00:42.0278 6028 nvlddmkm - ok
20:00:42.0324 6028 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
20:00:42.0327 6028 nvraid - ok
20:00:42.0352 6028 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
20:00:42.0355 6028 nvstor - ok
20:00:42.0386 6028 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
20:00:42.0396 6028 nvsvc - ok
20:00:42.0496 6028 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:00:42.0539 6028 nvUpdatusService - ok
20:00:42.0554 6028 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:00:42.0557 6028 nv_agp - ok
20:00:42.0565 6028 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:00:42.0566 6028 ohci1394 - ok
20:00:42.0598 6028 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:00:42.0603 6028 p2pimsvc - ok
20:00:42.0623 6028 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:00:42.0630 6028 p2psvc - ok
20:00:42.0645 6028 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:00:42.0648 6028 Parport - ok
20:00:42.0668 6028 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
20:00:42.0670 6028 partmgr - ok
20:00:42.0682 6028 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:00:42.0687 6028 PcaSvc - ok
20:00:42.0697 6028 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:00:42.0700 6028 pci - ok
20:00:42.0712 6028 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:00:42.0714 6028 pciide - ok
20:00:42.0733 6028 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:00:42.0736 6028 pcmcia - ok
20:00:42.0775 6028 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
20:00:42.0777 6028 pcouffin - ok
20:00:42.0784 6028 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:00:42.0785 6028 pcw - ok
20:00:42.0802 6028 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:00:42.0809 6028 PEAUTH - ok
20:00:42.0850 6028 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:00:42.0871 6028 PeerDistSvc - ok
20:00:42.0906 6028 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:00:42.0908 6028 PerfHost - ok
20:00:42.0950 6028 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
20:00:42.0973 6028 pla - ok
20:00:43.0010 6028 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
20:00:43.0017 6028 PlugPlay - ok
20:00:43.0030 6028 PnkBstrA - ok
20:00:43.0037 6028 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:00:43.0040 6028 PNRPAutoReg - ok
20:00:43.0048 6028 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:00:43.0052 6028 PNRPsvc - ok
20:00:43.0077 6028 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
20:00:43.0084 6028 PolicyAgent - ok
20:00:43.0108 6028 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:00:43.0112 6028 Power - ok
20:00:43.0140 6028 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:00:43.0142 6028 PptpMiniport - ok
20:00:43.0157 6028 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:00:43.0159 6028 Processor - ok
20:00:43.0186 6028 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
20:00:43.0191 6028 ProfSvc - ok
20:00:43.0222 6028 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:00:43.0223 6028 ProtectedStorage - ok
20:00:43.0231 6028 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:00:43.0234 6028 Psched - ok
20:00:43.0271 6028 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:00:43.0294 6028 ql2300 - ok
20:00:43.0307 6028 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:00:43.0310 6028 ql40xx - ok
20:00:43.0329 6028 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:00:43.0333 6028 QWAVE - ok
20:00:43.0348 6028 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:00:43.0349 6028 QWAVEdrv - ok
20:00:43.0363 6028 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:00:43.0364 6028 RasAcd - ok
20:00:43.0381 6028 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:00:43.0383 6028 RasAgileVpn - ok
20:00:43.0394 6028 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:00:43.0398 6028 RasAuto - ok
20:00:43.0414 6028 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:00:43.0416 6028 Rasl2tp - ok
20:00:43.0432 6028 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
20:00:43.0438 6028 RasMan - ok
20:00:43.0455 6028 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:00:43.0457 6028 RasPppoe - ok
20:00:43.0471 6028 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:00:43.0473 6028 RasSstp - ok
20:00:43.0489 6028 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:00:43.0493 6028 rdbss - ok
20:00:43.0506 6028 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:00:43.0508 6028 rdpbus - ok
20:00:43.0517 6028 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:00:43.0518 6028 RDPCDD - ok
20:00:43.0532 6028 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
20:00:43.0535 6028 RDPDR - ok
20:00:43.0541 6028 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:00:43.0543 6028 RDPENCDD - ok
20:00:43.0551 6028 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:00:43.0552 6028 RDPREFMP - ok
20:00:43.0590 6028 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
20:00:43.0594 6028 RDPWD - ok
20:00:43.0611 6028 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
20:00:43.0614 6028 rdyboost - ok
20:00:43.0633 6028 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:00:43.0636 6028 RemoteAccess - ok
20:00:43.0646 6028 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:00:43.0650 6028 RemoteRegistry - ok
20:00:43.0662 6028 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:00:43.0665 6028 RpcEptMapper - ok
20:00:43.0678 6028 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:00:43.0680 6028 RpcLocator - ok
20:00:43.0706 6028 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:00:43.0711 6028 RpcSs - ok
20:00:43.0729 6028 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:00:43.0731 6028 rspndr - ok
20:00:43.0755 6028 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
20:00:43.0757 6028 s3cap - ok
20:00:43.0763 6028 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:00:43.0764 6028 SamSs - ok
20:00:43.0782 6028 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:00:43.0784 6028 sbp2port - ok
20:00:43.0870 6028 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:00:43.0881 6028 SBSDWSCService - ok
20:00:43.0899 6028 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:00:43.0903 6028 SCardSvr - ok
20:00:43.0910 6028 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:00:43.0911 6028 scfilter - ok
20:00:43.0954 6028 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
20:00:43.0968 6028 Schedule - ok
20:00:44.0003 6028 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:00:44.0004 6028 SCPolicySvc - ok
20:00:44.0020 6028 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
20:00:44.0023 6028 SDRSVC - ok
20:00:44.0035 6028 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:00:44.0037 6028 secdrv - ok
20:00:44.0048 6028 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
20:00:44.0051 6028 seclogon - ok
20:00:44.0057 6028 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:00:44.0060 6028 SENS - ok
20:00:44.0070 6028 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:00:44.0073 6028 SensrSvc - ok
20:00:44.0090 6028 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:00:44.0092 6028 Serenum - ok
20:00:44.0099 6028 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:00:44.0101 6028 Serial - ok
20:00:44.0111 6028 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:00:44.0113 6028 sermouse - ok
20:00:44.0130 6028 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
20:00:44.0133 6028 SessionEnv - ok
20:00:44.0165 6028 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:00:44.0166 6028 sffdisk - ok
20:00:44.0176 6028 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:00:44.0177 6028 sffp_mmc - ok
20:00:44.0186 6028 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:00:44.0188 6028 sffp_sd - ok
20:00:44.0204 6028 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:00:44.0205 6028 sfloppy - ok
20:00:44.0242 6028 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:00:44.0247 6028 SharedAccess - ok
20:00:44.0275 6028 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
20:00:44.0281 6028 ShellHWDetection - ok
20:00:44.0293 6028 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:00:44.0294 6028 SiSRaid2 - ok
20:00:44.0309 6028 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:00:44.0311 6028 SiSRaid4 - ok
20:00:44.0324 6028 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:00:44.0326 6028 Smb - ok
20:00:44.0336 6028 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:00:44.0338 6028 SNMPTRAP - ok
20:00:44.0355 6028 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:00:44.0356 6028 spldr - ok
20:00:44.0397 6028 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
20:00:44.0405 6028 Spooler - ok
20:00:44.0468 6028 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
20:00:44.0528 6028 sppsvc - ok
20:00:44.0544 6028 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:00:44.0546 6028 sppuinotify - ok
20:00:44.0604 6028 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
20:00:44.0613 6028 sptd - ok
20:00:44.0649 6028 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
20:00:44.0655 6028 srv - ok
20:00:44.0678 6028 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
20:00:44.0683 6028 srv2 - ok
20:00:44.0721 6028 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
20:00:44.0724 6028 srvnet - ok
20:00:44.0750 6028 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:00:44.0754 6028 SSDPSRV - ok
20:00:44.0768 6028 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:00:44.0771 6028 SstpSvc - ok
20:00:44.0818 6028 Steam Client Service - ok
20:00:44.0883 6028 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:00:44.0887 6028 Stereo Service - ok
20:00:44.0898 6028 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:00:44.0900 6028 stexstor - ok
20:00:44.0930 6028 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
20:00:44.0938 6028 stisvc - ok
20:00:44.0958 6028 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
20:00:44.0960 6028 storflt - ok
20:00:44.0974 6028 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
20:00:44.0975 6028 storvsc - ok
20:00:44.0982 6028 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:00:44.0983 6028 swenum - ok
20:00:45.0077 6028 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:00:45.0092 6028 SwitchBoard - ok
20:00:45.0108 6028 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:00:45.0116 6028 swprv - ok
20:00:45.0151 6028 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
20:00:45.0185 6028 SysMain - ok
20:00:45.0198 6028 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
20:00:45.0202 6028 TabletInputService - ok
20:00:45.0218 6028 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
20:00:45.0224 6028 TapiSrv - ok
20:00:45.0240 6028 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:00:45.0243 6028 TBS - ok
20:00:45.0306 6028 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
20:00:45.0355 6028 Tcpip - ok
20:00:45.0385 6028 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
20:00:45.0398 6028 TCPIP6 - ok
20:00:45.0415 6028 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:00:45.0416 6028 tcpipreg - ok
20:00:45.0432 6028 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:00:45.0433 6028 TDPIPE - ok
20:00:45.0457 6028 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
20:00:45.0458 6028 TDTCP - ok
20:00:45.0473 6028 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:00:45.0476 6028 tdx - ok
20:00:45.0489 6028 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:00:45.0491 6028 TermDD - ok
20:00:45.0512 6028 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
20:00:45.0521 6028 TermService - ok
20:00:45.0537 6028 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:00:45.0540 6028 Themes - ok
20:00:45.0564 6028 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:00:45.0566 6028 THREADORDER - ok
20:00:45.0580 6028 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:00:45.0584 6028 TrkWks - ok
20:00:45.0600 6028 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
20:00:45.0603 6028 TrustedInstaller - ok
20:00:45.0617 6028 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:00:45.0619 6028 tssecsrv - ok
20:00:45.0645 6028 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:00:45.0647 6028 tunnel - ok
20:00:45.0659 6028 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:00:45.0660 6028 uagp35 - ok
20:00:45.0675 6028 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
20:00:45.0679 6028 udfs - ok
20:00:45.0702 6028 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:00:45.0706 6028 UI0Detect - ok
20:00:45.0718 6028 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:00:45.0720 6028 uliagpkx - ok
20:00:45.0733 6028 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:00:45.0734 6028 umbus - ok
20:00:45.0745 6028 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:00:45.0747 6028 UmPass - ok
20:00:45.0770 6028 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
20:00:45.0775 6028 UmRdpService - ok
20:00:45.0796 6028 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:00:45.0802 6028 upnphost - ok
20:00:45.0845 6028 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
20:00:45.0847 6028 USBAAPL64 - ok
20:00:45.0875 6028 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
20:00:45.0877 6028 usbccgp - ok
20:00:45.0885 6028 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:00:45.0887 6028 usbcir - ok
20:00:45.0918 6028 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
20:00:45.0919 6028 usbehci - ok
20:00:45.0954 6028 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
20:00:45.0959 6028 usbhub - ok
20:00:45.0982 6028 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
20:00:45.0984 6028 usbohci - ok
20:00:46.0002 6028 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:00:46.0003 6028 usbprint - ok
20:00:46.0028 6028 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:00:46.0030 6028 USBSTOR - ok
20:00:46.0053 6028 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:00:46.0060 6028 usbuhci - ok
20:00:46.0075 6028 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:00:46.0078 6028 UxSms - ok
20:00:46.0093 6028 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:00:46.0095 6028 VaultSvc - ok
20:00:46.0119 6028 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:00:46.0120 6028 vdrvroot - ok
20:00:46.0140 6028 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
20:00:46.0148 6028 vds - ok
20:00:46.0164 6028 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:00:46.0165 6028 vga - ok
20:00:46.0183 6028 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:00:46.0185 6028 VgaSave - ok
20:00:46.0206 6028 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:00:46.0209 6028 vhdmp - ok
20:00:46.0220 6028 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:00:46.0221 6028 viaide - ok
20:00:46.0235 6028 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
20:00:46.0238 6028 vmbus - ok
20:00:46.0252 6028 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
20:00:46.0253 6028 VMBusHID - ok
20:00:46.0262 6028 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:00:46.0264 6028 volmgr - ok
20:00:46.0283 6028 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:00:46.0288 6028 volmgrx - ok
20:00:46.0297 6028 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:00:46.0301 6028 volsnap - ok
20:00:46.0318 6028 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:00:46.0320 6028 vsmraid - ok
20:00:46.0355 6028 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
20:00:46.0389 6028 VSS - ok
20:00:46.0405 6028 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:00:46.0407 6028 vwifibus - ok
20:00:46.0423 6028 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:00:46.0429 6028 W32Time - ok
20:00:46.0440 6028 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:00:46.0442 6028 WacomPen - ok
20:00:46.0465 6028 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:00:46.0467 6028 WANARP - ok
20:00:46.0470 6028 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:00:46.0472 6028 Wanarpv6 - ok
20:00:46.0520 6028 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:00:46.0537 6028 WatAdminSvc - ok
20:00:46.0570 6028 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
20:00:46.0586 6028 wbengine - ok
20:00:46.0608 6028 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:00:46.0612 6028 WbioSrvc - ok
20:00:46.0642 6028 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
20:00:46.0661 6028 wcncsvc - ok
20:00:46.0666 6028 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:00:46.0668 6028 WcsPlugInService - ok
20:00:46.0690 6028 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:00:46.0691 6028 Wd - ok
20:00:46.0715 6028 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:00:46.0721 6028 Wdf01000 - ok
20:00:46.0730 6028 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:00:46.0732 6028 WdiServiceHost - ok
20:00:46.0734 6028 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:00:46.0736 6028 WdiSystemHost - ok
20:00:46.0771 6028 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
20:00:46.0775 6028 WebClient - ok
20:00:46.0788 6028 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:00:46.0794 6028 Wecsvc - ok
20:00:46.0810 6028 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:00:46.0812 6028 wercplsupport - ok
20:00:46.0832 6028 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:00:46.0835 6028 WerSvc - ok
20:00:46.0844 6028 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:00:46.0845 6028 WfpLwf - ok
20:00:46.0860 6028 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:00:46.0861 6028 WIMMount - ok
20:00:46.0887 6028 WinDefend - ok
20:00:46.0891 6028 WinHttpAutoProxySvc - ok
20:00:46.0932 6028 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:00:46.0936 6028 Winmgmt - ok
20:00:46.0980 6028 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
20:00:47.0014 6028 WinRM - ok
20:00:47.0067 6028 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
20:00:47.0069 6028 WinUsb - ok
20:00:47.0098 6028 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:00:47.0109 6028 Wlansvc - ok
20:00:47.0214 6028 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:00:47.0257 6028 wlidsvc - ok
20:00:47.0277 6028 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:00:47.0279 6028 WmiAcpi - ok
20:00:47.0298 6028 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:00:47.0301 6028 wmiApSrv - ok
20:00:47.0305 6028 WMPNetworkSvc - ok
20:00:47.0322 6028 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:00:47.0326 6028 WPCSvc - ok
20:00:47.0339 6028 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
20:00:47.0343 6028 WPDBusEnum - ok
20:00:47.0355 6028 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:00:47.0357 6028 ws2ifsl - ok
20:00:47.0394 6028 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
20:00:47.0398 6028 wscsvc - ok
20:00:47.0403 6028 WSearch - ok
20:00:47.0452 6028 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
20:00:47.0495 6028 wuauserv - ok
20:00:47.0503 6028 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
20:00:47.0506 6028 WudfPf - ok
20:00:47.0531 6028 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:00:47.0534 6028 WUDFRd - ok
20:00:47.0552 6028 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
20:00:47.0556 6028 wudfsvc - ok
20:00:47.0578 6028 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:00:47.0583 6028 WwanSvc - ok
20:00:47.0615 6028 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
20:00:47.0617 6028 xusb21 - ok
20:00:47.0659 6028 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
20:00:47.0664 6028 yukonw7 - ok
20:00:47.0680 6028 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:00:47.0768 6028 \Device\Harddisk0\DR0 - ok
20:00:47.0770 6028 Boot (0x1200) (3785937f17b6ba7225f745d9f7b95399) \Device\Harddisk0\DR0\Partition0
20:00:47.0772 6028 \Device\Harddisk0\DR0\Partition0 - ok
20:00:47.0775 6028 Boot (0x1200) (b683b120c7c8c5c41b62c5407b9e2d87) \Device\Harddisk0\DR0\Partition1
20:00:47.0775 6028 \Device\Harddisk0\DR0\Partition1 - ok
20:00:47.0776 6028 ============================================================
20:00:47.0776 6028 Scan finished
20:00:47.0776 6028 ============================================================
20:00:47.0786 2528 Detected object count: 0
20:00:47.0786 2528 Actual detected object count: 0
20:01:07.0042 3740 Deinitialize success

#4 prometheusandbob

prometheusandbob
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 02 April 2012 - 07:24 PM

"c:\users\Griff\AppData\Roaming\AnvSoft\AnvSoft\vmvsz.dll"

I saw that little bugger in my processes/resource manager and didn't think anything of it :S

Combofix Log

ComboFix 12-04-01.03 - Griff 04/02/2012 20:08:56.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6135.3484 [GMT -4:00]
Running from: c:\users\Griff\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Griff\AppData\Roaming\AnvSoft\AnvSoft\vmvsz.dll
c:\users\Griff\AppData\Roaming\inst.exe
c:\windows\SysWow64\tmp3AC1.tmp
c:\windows\SysWow64\tmp3AF1.tmp
c:\windows\SysWow64\tmp4F22.tmp
c:\windows\SysWow64\tmp4F52.tmp
c:\windows\SysWow64\tmp9F6C.tmp
c:\windows\SysWow64\tmp9F9C.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))
.
.
2012-04-03 00:15 . 2012-04-03 00:15 -------- d-----w- c:\users\Mcx1-EPIMETHEUS\AppData\Local\temp
2012-04-03 00:15 . 2012-04-03 00:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-02 19:45 . 2012-04-02 19:45 -------- d-----w- c:\program files\CCleaner
2012-04-02 19:45 . 2012-04-02 19:45 388096 ----a-r- c:\users\Griff\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-02 19:45 . 2012-04-02 19:45 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-02 03:17 . 2012-04-02 03:17 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-02 02:42 . 2012-04-02 02:42 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-02 02:42 . 2012-04-02 02:42 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-02 02:42 . 2012-04-02 02:42 -------- d-----w- c:\program files\Java
2012-03-28 03:24 . 2012-03-28 03:24 -------- d-sh--w- c:\programdata\DSS
2012-03-28 03:07 . 2010-09-22 17:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
2012-03-23 21:13 . 2012-03-23 21:13 -------- d-----w- c:\users\UpdatusUser
2012-03-15 04:24 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 04:24 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 04:24 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-10 14:01 . 2012-03-10 14:02 -------- d-----w- c:\program files\iTunes
2012-03-10 14:01 . 2012-03-10 14:01 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 03:17 . 2011-11-23 08:41 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-02 02:51 . 2011-04-20 07:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-02 00:19 . 2011-04-25 02:08 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-02 00:19 . 2010-12-02 06:57 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-02 00:18 . 2010-12-02 06:57 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-28 03:07 . 2011-03-06 06:47 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-03-28 03:07 . 2011-03-06 06:47 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-03-01 12:13 . 2012-03-01 12:13 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-01 12:13 . 2012-03-01 12:13 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-01 12:13 . 2012-03-01 12:13 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-01 12:13 . 2012-03-01 12:13 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-01 12:13 . 2012-03-01 12:13 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-01 12:13 . 2012-03-01 12:13 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-01 12:13 . 2012-03-01 12:13 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-01 12:13 . 2012-03-01 12:13 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-01 12:13 . 2012-03-01 12:13 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-03-01 12:13 . 2012-03-01 12:13 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-01 12:13 . 2012-03-01 12:13 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-01 12:13 . 2012-03-01 12:13 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-01 12:13 . 2012-03-01 12:13 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-03-01 12:13 . 2012-03-01 12:13 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-03-01 12:13 . 2012-03-01 12:13 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-01 12:13 . 2012-03-01 12:13 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-01 12:13 . 2012-03-01 12:13 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-01 12:13 . 2012-03-01 12:13 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-01 12:13 . 2012-03-01 12:13 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-01 12:13 . 2012-03-01 12:13 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-01 12:13 . 2012-03-01 12:13 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-01 12:13 . 2012-03-01 12:13 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-01 12:13 . 2012-03-01 12:13 448512 ----a-w- c:\windows\system32\html.iec
2012-03-01 12:13 . 2012-03-01 12:13 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-01 12:13 . 2012-03-01 12:13 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-01 12:13 . 2012-03-01 12:13 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 12:13 . 2012-03-01 12:13 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-03-01 12:13 . 2012-03-01 12:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-01 12:13 . 2012-03-01 12:13 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-03-01 12:13 . 2012-03-01 12:13 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-01 12:13 . 2012-03-01 12:13 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-01 12:13 . 2012-03-01 12:13 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-01 12:13 . 2012-03-01 12:13 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-01 12:13 . 2012-03-01 12:13 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 12:13 . 2012-03-01 12:13 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-01 12:13 . 2012-03-01 12:13 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 12:13 . 2012-03-01 12:13 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-01 12:13 . 2012-03-01 12:13 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-01 12:13 . 2012-03-01 12:13 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-01 12:13 . 2012-03-01 12:13 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-01 12:13 . 2012-03-01 12:13 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-01 12:13 . 2012-03-01 12:13 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-01 00:02 . 2012-01-01 00:11 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-01 00:02 . 2012-01-01 00:11 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2011-09-30 02:35 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2011-09-30 02:35 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-03-01 00:02 . 2011-06-24 19:00 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2010-07-09 22:38 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-29 21:00 . 2010-10-16 18:13 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2010-10-16 18:13 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2010-10-16 18:13 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2010-10-16 18:13 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2010-07-09 21:17 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 17:26 . 2012-02-29 17:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-25 21:48 . 2012-02-25 21:48 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-14 20:24 . 2010-12-02 06:57 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-01-08 16:47 . 2011-03-06 06:47 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-01-08 16:47 . 2011-03-06 06:47 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-01-04 09:58 . 2012-02-15 00:08 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-15 00:08 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"Microsoft Works Portfolio"="c:\program files (x86)\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"Microsoft Works Update Detection"="c:\program files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Microsoft Works Calendar Reminders.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 253600]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 03:17]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2008-03-04 196608]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Griff\AppData\Roaming\Mozilla\Firefox\Profiles\5bzrnqmv.default\
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-{7353BAE6-5E49-46C4-A9B5-8A269A313789} - c:\users\Griff\AppData\Local\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files (x86)\Motorola\MotoConnectService\MotoConnect.exe
.
**************************************************************************
.
Completion time: 2012-04-02 20:23:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-03 00:23
.
Pre-Run: 572,764,303,360 bytes free
Post-Run: 572,343,873,536 bytes free
.
- - End Of File - - 08B580EB33A385549CC9DD023E500FAE

Edited by prometheusandbob, 02 April 2012 - 07:26 PM.


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:01 AM

Posted 02 April 2012 - 07:29 PM

Hi,

Please do the following:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 prometheusandbob

prometheusandbob
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 02 April 2012 - 07:43 PM

After running Malwarebytes I had to restart the computer/reset my router 'cause I lost internet. Not an issue, just a heads up :)

Malwayrebytes Log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.03.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Griff :: EPIMETHEUS [administrator]

4/2/2012 8:34:43 PM
mbam-log-2012-04-02 (20-34-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234946
Time elapsed: 2 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#7 prometheusandbob

prometheusandbob
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 02 April 2012 - 07:52 PM

It worked. It's been almost done for a while now. Will post the log ASAP. So far two trojan threats have been found.

Edited by prometheusandbob, 02 April 2012 - 08:26 PM.


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:01 AM

Posted 02 April 2012 - 07:57 PM

OK, make sure all other windows are closed and your own antivirus is disabled

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 prometheusandbob

prometheusandbob
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 02 April 2012 - 10:14 PM

Finally! Two freakin' hours...

Looks like I should be more careful about P2P usage, thought I was using the "safest" means. Guess not. Oh, and my P2P client is already uninstalled.

Here's the log:

C:\Program Files (x86)\Codemasters\DiRT 3\paul.dll a variant of Win32/Packed.VMProtect.AAA trojan
C:\Program Files (x86)\Codemasters\DiRT 3\SKIDROW.dll a variant of Win32/Packed.VMProtect.AAA trojan
C:\Users\Griff\Downloads\Dirt.3-SKIDROW\sr-dirt3.iso a variant of Win32/Packed.VMProtect.AAA trojan

Progress!

I'd like to do a permanent deletion of these, if you're okay with it. (I have experience with using cmd to permanently delete the files back from the XP MS.Blast worm days)

As far as performance goes, I'll have to run some tests to see if there's an improvement or not, and I'll spam google and other engines to see if I still have my redirect.

**Update**
Those three files have been permanently deleted.

Also, my idle CPU usage is at 0% and my memory usage is at 37%, or 2.27/6 GB. Did some research and found that this is a normal number.
I did not have any link redirects to gimmeanswers or happili so far, but it had been sporadic in the first place, so I'll keep an eye out.
Got on Battlefield 3 to see if I was still having issues with my RAM being eaten alive. The usage dropped considerably, by almost 2GB. My in-game performance is also back to normal.

Let me know if there may be another step for good measure.

Edited by prometheusandbob, 02 April 2012 - 10:57 PM.


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:01 AM

Posted 03 April 2012 - 05:11 PM

Hi,

we just need to clean up our tools

please do the following:


You can delete the DDS and TDSSKiller logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 prometheusandbob

prometheusandbob
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 03 April 2012 - 09:04 PM

Thanks for the help. I'll PM you or start a new thread if I continue to have issues.

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:01 AM

Posted 03 April 2012 - 09:14 PM

you are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:01 AM

Posted 03 April 2012 - 09:16 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users