Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infectected computer - Rootkit.Oaccess.H


  • This topic is locked This topic is locked
21 replies to this topic

#1 adamsapple

adamsapple

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 05 April 2012 - 10:27 AM

My system is becoming slower and slower. Getting dark screens and freezing. Prior to this a few days ago, started to get random sound tracks of people talking come up in the background.

Always running malwarebytes and never had a problem till know and sometimes run TFC if things get a little slow. Rootkit.Oaccess.H is the Trojan that Malwarebytes keeps trying to destroy with no success.

After this scan I will try not to use this computer because it looks like it will go down for good.

The GEMR file stopped working so I posted what I could save. I will try it again and if it works I will attach that file again.

Please help ASAP

Thank you


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by George Malz at 8:19:44 on 2012-04-05
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Users\George Malz\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.ca/
uInternet Settings,ProxyOverride = *.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: {00000000-0000-0000-0000-000000000000} - No File
uRun: [Google Update] "c:\users\george malz\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Tunebite] c:\program files\rapidsolution\tunebite\Tunebite.exe -tray
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/TrueInstall.exe
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{333FDF29-BDF6-4E3D-883C-298B87260CEB} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {621FCD24-4498-4324-A81E-07D331376EDF} - c:\program files\pixiepack codec pack\InstallerHelper.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\george malz\appdata\roaming\mozilla\firefox\profiles\kc2cgw2x.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=14597
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60323
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1079\firefoxextension\components\TmFFExt.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\george malz\appdata\roaming\mozilla\firefox\profiles\kc2cgw2x.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\george malz\appdata\roaming\mozilla\firefox\profiles\kc2cgw2x.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashGetXPI.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\george malz\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\george malz\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://fileservehome.com/?prt=fileservetb02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
============= SERVICES / DRIVERS ===============
.
R? avgarcln;SMNDIS5
R? avgtdi;Nmraapache
R? AVP;Kaspersky Anti-Virus Service
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? BrSerIb;Brother MFC Serial Interface Driver(WDM)
R? BrUsbSIb;Brother MFC Serial USB Driver(WDM)
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? MBAMSwissArmy;MBAMSwissArmy
R? mks_scan;S24eventmonitor
R? mksupdateint;Genmcmn
R? nosGetPlusHelper;getPlus® Helper 3004
R? OXSDIDRV_x32;Oxford Semi eSATA Filter (x32)
R? OXUDIDRV;OXUDIDRV
R? SABKUTIL;SABKUTIL
R? StorSvc;Storage Service
R? symantecantibotdriver;Epgspooler
R? TsUsbFlt;TsUsbFlt
R? WatAdminSvc;Windows Activation Technologies Service
R? WsAudio_DeviceS(1);WsAudio_DeviceS(1)
R? WsAudio_DeviceS(2);WsAudio_DeviceS(2)
R? WsAudio_DeviceS(3);WsAudio_DeviceS(3)
R? WsAudio_DeviceS(4);WsAudio_DeviceS(4)
R? WsAudio_DeviceS(5);WsAudio_DeviceS(5)
S? AdobeARMservice;Adobe Acrobat Update Service
S? kl2;kl2
S? KLIM6;Kaspersky Anti-Virus NDIS 6 Filter
S? klmouflt;Kaspersky Lab KLMOUFLT
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
.
=============== Created Last 30 ================
.
2012-04-05 01:24:28 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-03 19:15:54 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-04-03 19:15:54 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-04-03 19:15:50 110992 ----a-w- c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru_bak2\components\abhelperxpcom.dll
2012-04-03 19:15:48 147856 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2\components\kavlinkfilter.dll
2012-04-03 19:15:07 -------- d-----w- c:\program files\Kaspersky Lab
2012-04-03 19:15:06 -------- d-----w- c:\programdata\Kaspersky Lab
2012-04-03 18:21:47 -------- d-----w- c:\program files\common files\Control Panels
2012-04-03 18:20:18 -------- d-----w- c:\programdata\ALM
2012-04-03 17:58:04 95600 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-04-02 22:57:12 126976 ------w- c:\windows\system32\BrfxD05b.dll
2012-04-02 22:57:11 73216 ------w- c:\windows\system32\BrWiaNCp.dll
2012-04-02 22:57:11 72192 ------w- c:\windows\system32\BrNetSti.dll
2012-04-02 22:57:11 46592 ------w- c:\windows\system32\Brnsplg.dll
2012-04-02 22:57:10 5120 ------w- c:\windows\system32\BrDctF2L.dll
2012-04-02 22:57:09 73728 ------w- c:\windows\system32\BrDctF2.dll
2012-04-02 22:57:09 176128 ------w- c:\windows\system32\BroSNMP.dll
2012-04-02 22:57:09 12288 ------w- c:\windows\system32\BrDctF2S.dll
2012-03-29 23:41:42 -------- d-----w- c:\users\george malz\appdata\local\{B863C18F-79F8-11E1-826D-B8AC6F996F26}
2012-03-28 22:37:04 -------- d-----w- c:\users\george malz\appdata\local\{897D5E73-7926-11E1-826D-B8AC6F996F26}
2012-03-28 22:36:38 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-24 16:56:37 -------- d-----w- c:\users\george malz\appdata\roaming\Cocoon Software
2012-03-24 16:56:32 -------- d-----w- c:\program files\QuickMediaConverter
2012-03-24 16:55:35 -------- d-----w- c:\users\george malz\appdata\local\WDSetup
2012-03-24 16:51:13 -------- d-----w- c:\program files\Emicsoft Studio
2012-03-17 23:56:57 -------- d-----w- c:\users\george malz\appdata\roaming\Ymqyuv
2012-03-17 23:56:57 -------- d-----w- c:\users\george malz\appdata\roaming\Gika
2012-03-17 23:56:48 -------- d-----w- c:\users\george malz\appdata\roaming\Qyzei
2012-03-17 23:56:48 -------- d-----w- c:\users\george malz\appdata\roaming\Defyu
2012-03-14 07:00:55 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 07:00:54 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 00:32:12 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 00:32:08 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 00:31:29 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 00:31:29 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 00:31:28 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 00:31:23 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 00:31:23 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 00:31:23 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-01-25 00:44:16 709968 ----a-w- c:\windows\is-AS8K5.exe
.
============= FINISH: 8:23:14.31 ===============

BC AdBot (Login to Remove)

 


#2 adamsapple

adamsapple
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 05 April 2012 - 01:26 PM

I have added the file for GMER that seemed to complete. It did not say finished at the end, but a message did come up that said "rootkit activity during scan"

Thank you,
George

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:49 PM

Posted 05 April 2012 - 01:39 PM

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 adamsapple

adamsapple
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 05 April 2012 - 06:17 PM

All looks good. Combofix had a hardtime removing this Trojan. The only thing I would like to mention is that during the scan Combofix thought I had Titanium Trendmicro Security running. I deleted that program a few days ago but somehow it is still in my computer. Is that a problem?

ComboFix 12-04-05.08 - George Malz 05/04/2012 18:43:18.13.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.1022.377 [GMT -4:00]
Running from: c:\users\George Malz\Desktop\ComboFix.exe
AV: Titanium Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Titanium Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\program files\LP\92C6\792E.tmp
c:\program files\LP\92C6\96D5.tmp
c:\program files\LP\92C6\D734.tmp
c:\program files\LP\92C6\EB5A.tmp
c:\users\George Malz\AppData\Roaming\Gika
c:\users\George Malz\AppData\Roaming\Gika\xami.cey
c:\windows\$NtUninstallKB26479$\1875730254
c:\windows\$NtUninstallKB26479$\2421421884\@
c:\windows\$NtUninstallKB26479$\2421421884\cfg.ini
c:\windows\$NtUninstallKB26479$\2421421884\Desktop.ini
c:\windows\$NtUninstallKB26479$\2421421884\L\xadqgnnk
c:\windows\$NtUninstallKB26479$\2421421884\oemid
c:\windows\$NtUninstallKB26479$\2421421884\U\00000001.@
c:\windows\$NtUninstallKB26479$\2421421884\U\00000002.@
c:\windows\$NtUninstallKB26479$\2421421884\U\00000004.@
c:\windows\$NtUninstallKB26479$\2421421884\U\80000000.@
c:\windows\$NtUninstallKB26479$\2421421884\U\80000004.@
c:\windows\$NtUninstallKB26479$\2421421884\U\80000032.@
c:\windows\$NtUninstallKB26479$\2421421884\version
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\elnkservice.dll
c:\windows\system32\firesvc.dll
c:\windows\system32\http.dll
c:\windows\system32\nwrdr.dll
c:\windows\system32\sgeclient.dll
c:\windows\system32\vvdsvc.dll
c:\windows\$NtUninstallKB26479$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))
.
.
2012-04-05 23:02 . 2012-04-05 23:05 -------- d-----w- c:\users\George Malz\AppData\Local\temp
2012-04-05 23:02 . 2012-04-05 23:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-05 23:02 . 2012-04-05 23:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-05 23:02 . 2012-04-05 23:02 -------- d-----w- c:\users\AlexanderNatalia\AppData\Local\temp
2012-04-05 22:43 . 2012-04-05 22:43 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2012-04-03 19:15 . 2012-04-03 19:24 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-04-03 19:15 . 2012-04-03 19:24 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-04-03 19:15 . 2011-04-25 03:13 110992 ----a-w- c:\program files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2\components\abhelperxpcom.dll
2012-04-03 19:15 . 2011-04-25 03:13 147856 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2\components\kavlinkfilter.dll
2012-04-03 19:15 . 2012-04-03 19:15 -------- d-----w- c:\program files\Kaspersky Lab
2012-04-03 19:15 . 2012-04-05 23:05 -------- d-----w- c:\programdata\Kaspersky Lab
2012-04-03 18:21 . 2012-04-03 18:21 -------- d-----w- c:\program files\Common Files\Control Panels
2012-04-03 18:20 . 2012-04-03 18:20 -------- d-----w- c:\programdata\ALM
2012-04-03 17:58 . 2008-10-15 01:33 95600 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-04-02 22:57 . 2008-10-18 00:02 126976 ------w- c:\windows\system32\BrfxD05b.dll
2012-04-02 22:57 . 2009-02-24 17:59 72192 ------w- c:\windows\system32\BrNetSti.dll
2012-04-02 22:57 . 2009-02-24 16:51 73216 ------w- c:\windows\system32\BrWiaNCp.dll
2012-04-02 22:57 . 2009-02-24 16:51 46592 ------w- c:\windows\system32\Brnsplg.dll
2012-04-02 22:57 . 2007-12-14 02:16 5120 ------w- c:\windows\system32\BrDctF2L.dll
2012-04-02 22:57 . 2007-12-14 02:16 73728 ------w- c:\windows\system32\BrDctF2.dll
2012-04-02 22:57 . 2007-01-16 01:54 12288 ------w- c:\windows\system32\BrDctF2S.dll
2012-04-02 22:57 . 2006-12-28 17:39 176128 ------w- c:\windows\system32\BroSNMP.dll
2012-04-02 22:56 . 2012-04-02 22:56 -------- d-----w- c:\users\George Malz\AppData\Roaming\InstallShield
2012-03-29 23:41 . 2012-03-29 23:41 -------- d-----w- c:\users\George Malz\AppData\Local\{B863C18F-79F8-11E1-826D-B8AC6F996F26}
2012-03-28 22:37 . 2012-03-28 22:37 -------- d-----w- c:\users\George Malz\AppData\Local\{897D5E73-7926-11E1-826D-B8AC6F996F26}
2012-03-24 16:56 . 2012-03-24 16:56 -------- d-----w- c:\users\George Malz\AppData\Roaming\Cocoon Software
2012-03-24 16:56 . 2012-03-24 16:59 -------- d-----w- c:\program files\QuickMediaConverter
2012-03-24 16:55 . 2012-03-24 16:55 -------- d-----w- c:\users\George Malz\AppData\Local\WDSetup
2012-03-24 16:51 . 2012-03-24 16:51 -------- d-----w- c:\program files\Emicsoft Studio
2012-03-17 23:56 . 2012-04-03 21:04 -------- d-----w- c:\users\George Malz\AppData\Roaming\Ymqyuv
2012-03-17 23:56 . 2012-03-18 13:27 -------- d-----w- c:\users\George Malz\AppData\Roaming\Qyzei
2012-03-17 23:56 . 2012-03-18 06:56 -------- d-----w- c:\users\George Malz\AppData\Roaming\Defyu
2012-03-14 07:00 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 07:00 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 00:32 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 00:32 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 00:31 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 00:31 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 00:31 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 00:31 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 00:31 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 00:31 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-25 00:44 . 2012-01-25 00:44 709968 ----a-w- c:\windows\is-AS8K5.exe
2011-06-16 04:17 . 2011-07-10 02:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-05-07 210216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-10-18 273528]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Users^George Malz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\George Malz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-03-30 02:14 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 23:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-09 02:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-15 01:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SABKUTIL;SABKUTIL;c:\users\George Malz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O0A3FDPT\SASKUTIL.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 135664]
R2 pcouffin;Exportit;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 265088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-07-13 11904]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 135664]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [2009-09-28 52656]
R3 OXUDIDRV;OXUDIDRV;c:\windows\system32\Drivers\OXUDIDRV_X32.sys [2010-05-25 24880]
R3 PROCEXP113;PROCEXP113; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-03 1343400]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-12-09 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-12-09 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-12-09 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-12-09 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-12-09 25704]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
kbfiltr
FlexBios
rpcsvr4x
vzcdbsvc
oracle_load_balancer_60_client-forms6ip14
MTC0001_ESB
cmdmon
epoxusdm
ptilink
atdisk
ntrtscan
Ndisipo
ALABULK
cwcwdm
scramby
ixiaendpoint
iam
prtg4service
mssql$sqlexpress
mbackmonitor
bwmservice
avsvcmonitor
rtl8139
WINIO
vmusb
pavfnsvr
s117bus
cdrbsdrv
vsapint
AlteraByteBlaster
avgcoresvc
pcdrndisuio
VAIOMediaPlatform-MusicServer-HTTP
ltmodem5
RapiMgr
advantage
syntp
Xyz777b
dsproct
st330service
LMouFilt
winpowermanager
iPassPeriodicUpdateService
ggsemc
AppnApi
tiumfwl
TClass2k
pcradminserver
deltafw
LUsbFilt
NetMsmqActivator
ARSVC
ispwdsvc
kraidsvc
IntelC52
AMDPCI
changer
jsdaemon
spmd
cebdaldr
hpzius12
msftpsvc
toddsrv
bthidmgr
IBM_LLC2
SNC
cyberpowerups
pmshellsrv
iaimfp2
lxbt_device
papyjoy
dphost
avgarcln
mindrepair
trlokom_rmhsvc
avgtdi
s217unic
vpn5000service
RadProbe
pdlnacom
xpagentserver
avsinc
avgems
enxpsvc
avg7rsxp
pdlnecfg
SNPSTD3
mctaskmanager
k750obex
WmaCVideo32
WmaCDriverV32
db2jds
oracleservicesecinst
vmount2
Airgo
PTDCMdm
RMSvc
c-dillasrv
mgabgexe
vaiomediaplatform-integratedserver-upnp
CoachUsb
ha10kx2k
eloggersvc6
iaimfp3
usb_rndisx
VIAPFD
hpgate
netw4x32
vcommmgr
oracleorahomepagingserver
bdss
GVCplDrv
pinnaclesys.mediaserver
utilman
WmVirHid
sbpci
TPM
amoagent
pwkntmon
se2Cnd5
co_mon
msmframework
EUSBMSD
k750mgmt
tsscoreservice
SSHDRV61
nsengine
UlSata
tmlisten
rkhdrv31
alcxwdm
PGPwded
cachemanxp
rppkt
ddxgb
wtwservice
thinkpadmodemservice
bdselfpr
thpsrv
hnmsvc
cmdagent
lxcj_device
iaimtv0
se44mgmt
bh611
LEX_AS_NIC_SERVICE_YNOS
DSI_SiUSBXp_3_1
jobserver_report
s616mgmt
Via4in1
W700mdfl
As6frin
sandboxu
ntsyslog
nwlnkfwd
eelsservice
ZDPSp50
transcode360
CADlink
LoopBeMidi1
ARPolicy
mksvirmonsvc
pcouffin
susbser
sparrow
SaiNtHid
downloadmanagerlite
wandrv
PCDCODEC
nvnforce
iPassPeriodicUpdateApp
GoProto
riomsc
EL2000
mksupdateint
mapserver6.3
isamsmt
LC7981
spbbcdrv
vxsvc
ltxred
VRFIL
kservice
rca
mxserver
neokdss
pinger
HPSLPSVC
BcmSqlStartupSvc
BCMModem
vpnva
qhwscsvc
KR3NPXP
SQLAgent$MICROSOFTBCM
CVPNDRVA
lxbs_device
rnadirectory
ROCKEYNT
odclientservice
om518p
dot4scan
CoachAud
s117mdfl
_iomega_active_disk_service_
S7oppilx
TPECioCtl
U2SP
RIOXDRV
pmem
MobilePreInstallerService
websensecamreportserver
w810mdfl
aolservice
icm10blk
screadspool
dmadmin
pcidrv
entertainment
backupclientsvc
pserve
LUsbKbd
VHidMinidrv
noipducservice
dsunidrv
CrystalSysInfo
mwssched
cfsvcs
U3sHlpDr
pavdrv
Appn
pktfilter
incdfs
hpdj
TIEHDUSB
ma_cmidi_installerservice
aolavupd
cdudf_xp
npapimon
rnadirmultiplexor
slapd-data52
atirage3
s24eventmonitor
sf
s116bus
fa_scheduler
JiaoCap
USRpdA
PcdrNt
ccproxy
LVBulk
scsk4
SndTDriverV32
mdmxsdk
AYDrvNT_ALYAC
telnet
vserial
fsssvc
NxFsMon
nhcDriverDevice
k750mdfl
zebrmdm
bwsvc
mcvsrte
tng-dts
mks_scan
rismxdp
mraid35x
WinFl32
sonywbms
mnmsrvc
cfosspeeds
WscNetDr
ftpds
VirtualCam
pcnet
ATIVTUTW
firelm01
proxyhostmirrordisplay
MS1000
axsnmsvc
dlcc_device
NMSCFG
ATIVXSTW
FINEPIX_PCC
ersvc
snpstd2
lhidflt2
KMWDFilter
mwstick
acrsch2svc
nmindexingservice
mldserv
appnnode
bglivesvc
BUFADPT
se58mdfl
RIOUNIV
ql2100
STV680
nbf
wmconnectcds
roxliveshare
ozoneinstallerservice
symmpi
oraclemtsrecoveryservice
tifsfilter
DM9102
rupsmon
PSSdk23
s125bus
bcftdi
ctprxy2k
mssql$sony_mediamgr
EagleNT
GoBack2K
zpjava
iPassP
pdlnemap
sndsrvc
UimBus
icdsptsv
nicser_wmp11
protectionservice
tfsndres
axsaki
symantecantibotdriver
fireport
driverhardwarev2
outpostfirewall
w300bus
AffinegyService
symantecantibotfilter
ser2pl
ati2mpaa
FileDisk
qbposdbextservices
WUSB54GPV4SRV
elockservice
sqlagent$sony_mediamgr
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
2007-09-19 15:32 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 02:19]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 02:19]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-147283149-2975313931-1160438742-1000Core.job
- c:\users\George Malz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-15 14:24]
.
2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-147283149-2975313931-1160438742-1000UA.job
- c:\users\George Malz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-15 14:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.ca/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\George Malz\AppData\Roaming\Mozilla\Firefox\Profiles\kc2cgw2x.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=14597
FF - prefs.js: keyword.URL - hxxp://fileservehome.com/?prt=fileservetb02ff&Keywords=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60323
FF - prefs.js: network.proxy.type - 1
FF - user.js: keyword.URL - hxxp://fileservehome.com/?prt=fileservetb02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Tunebite - c:\program files\RapidSolution\Tunebite\Tunebite.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MpsSvc]
"ImagePath"="."
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,
18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,38,12,93,b9,bf,
bf,6c,b4,17,05,f4,25,43,ab,9a,4d,90,b8
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{182EC0BE-5110-49C8-A062-BEB1D02A220B}"=hex:51,66,7a,6c,4c,1d,38,12,d0,c3,3d,
1c,22,1f,a6,0c,df,74,fd,f1,d5,74,66,1f
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{929801A8-4AEF-4D12-BE31-D85BF666452B}"=hex:51,66,7a,6c,4c,1d,38,12,c6,02,8b,
96,dd,04,7c,08,c1,27,9b,1b,f3,38,01,3f
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:88,72,70,5d,3d,0d,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,be,18,2c,fd,73,d6,4a,a7,c9,fc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,be,18,2c,fd,73,d6,4a,a7,c9,fc,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-04-05 19:10:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-05 23:10
ComboFix2.txt 2011-07-05 03:03
.
Pre-Run: 136,612,700,160 bytes free
Post-Run: 139,869,601,792 bytes free
.
- - End Of File - - 88C535A6E37A5726BB82F240DFD50080

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:49 PM

Posted 05 April 2012 - 06:51 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 adamsapple

adamsapple
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 06 April 2012 - 08:50 AM

The computer seemed to be running better after combofix. FYI I ran Malwarebytes after the combofix scan and the Root.Oaccess.H virus showed up 5 times.




09:05:51.0466 3732 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
09:05:51.0763 3732 ============================================================
09:05:51.0763 3732 Current date / time: 2012/04/06 09:05:51.0763
09:05:51.0763 3732 SystemInfo:
09:05:51.0763 3732
09:05:51.0763 3732 OS Version: 6.1.7601 ServicePack: 1.0
09:05:51.0763 3732 Product type: Workstation
09:05:51.0763 3732 ComputerName: GEORGEMALZ-PC
09:05:51.0763 3732 UserName: George Malz
09:05:51.0763 3732 Windows directory: C:\Windows
09:05:51.0763 3732 System windows directory: C:\Windows
09:05:51.0763 3732 Processor architecture: Intel x86
09:05:51.0763 3732 Number of processors: 4
09:05:51.0763 3732 Page size: 0x1000
09:05:51.0763 3732 Boot type: Normal boot
09:05:51.0763 3732 ============================================================
09:05:52.0636 3732 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
09:05:52.0652 3732 Drive \Device\Harddisk1\DR1 - Size: 0xF22800000 (60.54 Gb), SectorSize: 0x200, Cylinders: 0x1EDE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:05:52.0652 3732 \Device\Harddisk0\DR0:
09:05:52.0652 3732 MBR used
09:05:52.0652 3732 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:05:52.0652 3732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
09:05:52.0652 3732 \Device\Harddisk1\DR1:
09:05:52.0652 3732 MBR used
09:05:52.0652 3732 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x1F80, BlocksNum 0x7912080
09:05:52.0746 3732 Initialize success
09:05:52.0746 3732 ============================================================
09:06:00.0764 2664 ============================================================
09:06:00.0764 2664 Scan started
09:06:00.0764 2664 Mode: Manual;
09:06:00.0764 2664 ============================================================
09:06:00.0998 2664 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
09:06:00.0998 2664 1394ohci - ok
09:06:01.0060 2664 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
09:06:01.0060 2664 ACPI - ok
09:06:01.0107 2664 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
09:06:01.0107 2664 AcpiPmi - ok
09:06:01.0154 2664 acrsch2svc - ok
09:06:01.0263 2664 Adobe Version Cue CS3 (14c23516c990dcd6052152cf034dde40) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
09:06:01.0263 2664 Adobe Version Cue CS3 - ok
09:06:01.0341 2664 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:06:01.0341 2664 AdobeARMservice - ok
09:06:01.0388 2664 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
09:06:01.0404 2664 adp94xx - ok
09:06:01.0435 2664 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
09:06:01.0435 2664 adpahci - ok
09:06:01.0482 2664 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
09:06:01.0482 2664 adpu320 - ok
09:06:01.0528 2664 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
09:06:01.0544 2664 AeLookupSvc - ok
09:06:01.0606 2664 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
09:06:01.0606 2664 AFD - ok
09:06:01.0653 2664 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
09:06:01.0653 2664 agp440 - ok
09:06:01.0731 2664 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
09:06:01.0747 2664 aic78xx - ok
09:06:01.0794 2664 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
09:06:01.0794 2664 ALG - ok
09:06:01.0840 2664 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
09:06:01.0840 2664 aliide - ok
09:06:01.0887 2664 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
09:06:01.0887 2664 amdagp - ok
09:06:01.0918 2664 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
09:06:01.0918 2664 amdide - ok
09:06:01.0934 2664 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
09:06:01.0934 2664 AmdK8 - ok
09:06:01.0981 2664 AMDPCI - ok
09:06:01.0996 2664 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:06:01.0996 2664 AmdPPM - ok
09:06:02.0043 2664 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
09:06:02.0043 2664 amdsata - ok
09:06:02.0074 2664 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
09:06:02.0074 2664 amdsbs - ok
09:06:02.0106 2664 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
09:06:02.0106 2664 amdxata - ok
09:06:02.0152 2664 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
09:06:02.0152 2664 AppID - ok
09:06:02.0184 2664 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
09:06:02.0184 2664 AppIDSvc - ok
09:06:02.0230 2664 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
09:06:02.0230 2664 Appinfo - ok
09:06:02.0293 2664 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:06:02.0293 2664 Apple Mobile Device - ok
09:06:02.0324 2664 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
09:06:02.0324 2664 AppMgmt - ok
09:06:02.0340 2664 AppnApi - ok
09:06:02.0355 2664 appnnode - ok
09:06:02.0386 2664 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
09:06:02.0386 2664 arc - ok
09:06:02.0402 2664 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
09:06:02.0402 2664 arcsas - ok
09:06:02.0433 2664 ARPolicy - ok
09:06:02.0449 2664 ARSVC - ok
09:06:02.0480 2664 As6frin - ok
09:06:02.0496 2664 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:06:02.0496 2664 AsyncMac - ok
09:06:02.0527 2664 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
09:06:02.0527 2664 atapi - ok
09:06:02.0542 2664 ati2mpaa - ok
09:06:02.0558 2664 atirage3 - ok
09:06:02.0589 2664 ATIVXSTW - ok
09:06:02.0636 2664 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
09:06:02.0636 2664 AudioEndpointBuilder - ok
09:06:02.0667 2664 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
09:06:02.0667 2664 Audiosrv - ok
09:06:02.0698 2664 avgarcln - ok
09:06:02.0745 2664 avgtdi - ok
09:06:02.0761 2664 avsvcmonitor - ok
09:06:02.0792 2664 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
09:06:02.0792 2664 AxInstSV - ok
09:06:02.0808 2664 axsnmsvc - ok
09:06:02.0839 2664 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
09:06:02.0854 2664 b06bdrv - ok
09:06:02.0870 2664 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:06:02.0886 2664 b57nd60x - ok
09:06:02.0901 2664 BCMModem - ok
09:06:02.0917 2664 BcmSqlStartupSvc - ok
09:06:02.0948 2664 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
09:06:02.0948 2664 BDESVC - ok
09:06:02.0979 2664 bdselfpr - ok
09:06:03.0010 2664 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:06:03.0010 2664 Beep - ok
09:06:03.0010 2664 BFE - ok
09:06:03.0026 2664 bh611 - ok
09:06:03.0073 2664 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
09:06:03.0088 2664 BITS - ok
09:06:03.0104 2664 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
09:06:03.0104 2664 blbdrive - ok
09:06:03.0166 2664 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
09:06:03.0166 2664 Bonjour Service - ok
09:06:03.0182 2664 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
09:06:03.0198 2664 bowser - ok
09:06:03.0213 2664 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:06:03.0213 2664 BrFiltLo - ok
09:06:03.0244 2664 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:06:03.0244 2664 BrFiltUp - ok
09:06:03.0276 2664 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
09:06:03.0276 2664 BridgeMP - ok
09:06:03.0307 2664 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
09:06:03.0307 2664 Browser - ok
09:06:03.0338 2664 BrSerIb (08c7e41ff10f56e83b4f10b5e8b1e8b6) C:\Windows\system32\DRIVERS\BrSerIb.sys
09:06:03.0338 2664 BrSerIb - ok
09:06:03.0369 2664 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:06:03.0369 2664 Brserid - ok
09:06:03.0385 2664 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:06:03.0385 2664 BrSerWdm - ok
09:06:03.0416 2664 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:06:03.0416 2664 BrUsbMdm - ok
09:06:03.0432 2664 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:06:03.0432 2664 BrUsbSer - ok
09:06:03.0447 2664 BrUsbSIb (2132a117160f2a96a13c044ae9bced91) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
09:06:03.0447 2664 BrUsbSIb - ok
09:06:03.0463 2664 bthidmgr - ok
09:06:03.0525 2664 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
09:06:03.0525 2664 BTHMODEM - ok
09:06:03.0556 2664 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
09:06:03.0556 2664 bthserv - ok
09:06:03.0572 2664 bwsvc - ok
09:06:03.0588 2664 CADlink - ok
09:06:03.0634 2664 catchme - ok
09:06:03.0650 2664 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:06:03.0666 2664 cdfs - ok
09:06:03.0728 2664 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
09:06:03.0775 2664 cdrom - ok
09:06:03.0822 2664 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
09:06:03.0822 2664 CertPropSvc - ok
09:06:03.0837 2664 changer - ok
09:06:03.0853 2664 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
09:06:03.0868 2664 circlass - ok
09:06:03.0900 2664 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:06:03.0900 2664 CLFS - ok
09:06:03.0946 2664 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:06:03.0946 2664 clr_optimization_v2.0.50727_32 - ok
09:06:03.0978 2664 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:06:03.0993 2664 clr_optimization_v4.0.30319_32 - ok
09:06:04.0024 2664 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:06:04.0024 2664 CmBatt - ok
09:06:04.0040 2664 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
09:06:04.0056 2664 cmdide - ok
09:06:04.0087 2664 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
09:06:04.0087 2664 CNG - ok
09:06:04.0118 2664 CoachAud - ok
09:06:04.0134 2664 CoachUsb - ok
09:06:04.0149 2664 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:06:04.0165 2664 Compbatt - ok
09:06:04.0196 2664 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
09:06:04.0196 2664 CompositeBus - ok
09:06:04.0212 2664 COMSysApp - ok
09:06:04.0243 2664 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
09:06:04.0243 2664 crcdisk - ok
09:06:04.0274 2664 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
09:06:04.0274 2664 CryptSvc - ok
09:06:04.0305 2664 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
09:06:04.0321 2664 CSC - ok
09:06:04.0368 2664 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
09:06:04.0368 2664 CscService - ok
09:06:04.0383 2664 CVPNDRVA - ok
09:06:04.0414 2664 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
09:06:04.0414 2664 DcomLaunch - ok
09:06:04.0446 2664 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
09:06:04.0461 2664 defragsvc - ok
09:06:04.0492 2664 DfsC (be619740208f3ee7e0a851ded38cd209) C:\Windows\system32\Drivers\dfsc.sys
09:06:04.0492 2664 DfsC - ok
09:06:04.0524 2664 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
09:06:04.0539 2664 Dhcp - ok
09:06:04.0555 2664 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:06:04.0555 2664 discache - ok
09:06:04.0586 2664 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
09:06:04.0586 2664 Disk - ok
09:06:04.0602 2664 dlcc_device - ok
09:06:04.0617 2664 DM9102 - ok
09:06:04.0648 2664 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
09:06:04.0648 2664 Dnscache - ok
09:06:04.0726 2664 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
09:06:04.0726 2664 dot3svc - ok
09:06:04.0742 2664 downloadmanagerlite - ok
09:06:04.0773 2664 dphost - ok
09:06:04.0820 2664 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
09:06:04.0820 2664 DPS - ok
09:06:04.0851 2664 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:06:04.0851 2664 drmkaud - ok
09:06:04.0898 2664 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
09:06:04.0914 2664 DXGKrnl - ok
09:06:04.0945 2664 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
09:06:04.0945 2664 EapHost - ok
09:06:05.0007 2664 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
09:06:05.0070 2664 ebdrv - ok
09:06:05.0085 2664 eelsservice - ok
09:06:05.0132 2664 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
09:06:05.0132 2664 EFS - ok
09:06:05.0179 2664 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
09:06:05.0194 2664 ehRecvr - ok
09:06:05.0210 2664 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
09:06:05.0210 2664 ehSched - ok
09:06:05.0241 2664 EL2000 - ok
09:06:05.0257 2664 eloggersvc6 - ok
09:06:05.0288 2664 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
09:06:05.0304 2664 elxstor - ok
09:06:05.0319 2664 epoxusdm - ok
09:06:05.0350 2664 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
09:06:05.0350 2664 ErrDev - ok
09:06:05.0382 2664 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
09:06:05.0382 2664 EventSystem - ok
09:06:05.0397 2664 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:06:05.0413 2664 exfat - ok
09:06:05.0428 2664 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:06:05.0428 2664 fastfat - ok
09:06:05.0522 2664 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
09:06:05.0538 2664 Fax - ok
09:06:05.0553 2664 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
09:06:05.0553 2664 fdc - ok
09:06:05.0584 2664 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
09:06:05.0584 2664 fdPHost - ok
09:06:05.0600 2664 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
09:06:05.0600 2664 FDResPub - ok
09:06:05.0616 2664 FileDisk - ok
09:06:05.0647 2664 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:06:05.0647 2664 FileInfo - ok
09:06:05.0678 2664 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:06:05.0678 2664 Filetrace - ok
09:06:05.0740 2664 FINEPIX_PCC - ok
09:06:05.0803 2664 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:06:05.0818 2664 FLEXnet Licensing Service - ok
09:06:05.0834 2664 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
09:06:05.0834 2664 flpydisk - ok
09:06:05.0865 2664 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:06:05.0865 2664 FltMgr - ok
09:06:05.0912 2664 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
09:06:05.0928 2664 FontCache - ok
09:06:05.0959 2664 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:06:05.0959 2664 FontCache3.0.0.0 - ok
09:06:05.0990 2664 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:06:05.0990 2664 FsDepends - ok
09:06:06.0006 2664 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
09:06:06.0006 2664 Fs_Rec - ok
09:06:06.0021 2664 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
09:06:06.0037 2664 fvevol - ok
09:06:06.0052 2664 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:06:06.0052 2664 gagp30kx - ok
09:06:06.0130 2664 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:06:06.0130 2664 GEARAspiWDM - ok
09:06:06.0162 2664 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
09:06:06.0162 2664 gpsvc - ok
09:06:06.0208 2664 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
09:06:06.0208 2664 gupdate - ok
09:06:06.0224 2664 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
09:06:06.0224 2664 gupdatem - ok
09:06:06.0255 2664 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:06:06.0271 2664 gusvc - ok
09:06:06.0286 2664 GVCplDrv - ok
09:06:06.0302 2664 ha10kx2k - ok
09:06:06.0318 2664 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:06:06.0318 2664 hcw85cir - ok
09:06:06.0364 2664 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
09:06:06.0380 2664 HdAudAddService - ok
09:06:06.0411 2664 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
09:06:06.0411 2664 HDAudBus - ok
09:06:06.0442 2664 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
09:06:06.0442 2664 HidBatt - ok
09:06:06.0458 2664 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
09:06:06.0458 2664 HidBth - ok
09:06:06.0489 2664 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
09:06:06.0489 2664 HidIr - ok
09:06:06.0505 2664 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
09:06:06.0505 2664 hidserv - ok
09:06:06.0552 2664 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
09:06:06.0552 2664 HidUsb - ok
09:06:06.0583 2664 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
09:06:06.0583 2664 hkmsvc - ok
09:06:06.0614 2664 hnmsvc - ok
09:06:06.0645 2664 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
09:06:06.0645 2664 HomeGroupListener - ok
09:06:06.0739 2664 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
09:06:06.0739 2664 HomeGroupProvider - ok
09:06:06.0786 2664 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
09:06:06.0786 2664 HpSAMD - ok
09:06:06.0832 2664 HPSLPSVC - ok
09:06:06.0832 2664 hpzius12 - ok
09:06:06.0864 2664 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
09:06:06.0879 2664 HTTP - ok
09:06:06.0895 2664 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
09:06:06.0895 2664 hwpolicy - ok
09:06:06.0942 2664 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
09:06:06.0942 2664 i8042prt - ok
09:06:06.0973 2664 iaimfp2 - ok
09:06:07.0020 2664 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
09:06:07.0020 2664 iaStorV - ok
09:06:07.0082 2664 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:06:07.0098 2664 idsvc - ok
09:06:07.0129 2664 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
09:06:07.0129 2664 iirsp - ok
09:06:07.0160 2664 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
09:06:07.0176 2664 IKEEXT - ok
09:06:07.0191 2664 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
09:06:07.0191 2664 intelide - ok
09:06:07.0222 2664 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
09:06:07.0222 2664 intelppm - ok
09:06:07.0254 2664 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
09:06:07.0254 2664 IPBusEnum - ok
09:06:07.0285 2664 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:06:07.0285 2664 IpFilterDriver - ok
09:06:07.0316 2664 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
09:06:07.0316 2664 iphlpsvc - ok
09:06:07.0363 2664 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
09:06:07.0363 2664 IPMIDRV - ok
09:06:07.0378 2664 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:06:07.0378 2664 IPNAT - ok
09:06:07.0441 2664 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe
09:06:07.0456 2664 iPod Service - ok
09:06:07.0519 2664 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:06:07.0519 2664 IRENUM - ok
09:06:07.0550 2664 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
09:06:07.0550 2664 isapnp - ok
09:06:07.0581 2664 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
09:06:07.0597 2664 iScsiPrt - ok
09:06:07.0597 2664 ispwdsvc - ok
09:06:07.0612 2664 jobserver_report - ok
09:06:07.0659 2664 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:06:07.0722 2664 kbdclass - ok
09:06:07.0753 2664 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
09:06:07.0753 2664 kbdhid - ok
09:06:07.0768 2664 kbfiltr - ok
09:06:07.0800 2664 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:06:07.0800 2664 KeyIso - ok
09:06:07.0815 2664 KMWDFilter - ok
09:06:07.0831 2664 KR3NPXP - ok
09:06:07.0831 2664 kraidsvc - ok
09:06:07.0878 2664 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
09:06:07.0878 2664 KSecDD - ok
09:06:07.0924 2664 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
09:06:07.0924 2664 KSecPkg - ok
09:06:07.0940 2664 kservice - ok
09:06:07.0971 2664 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
09:06:07.0971 2664 KtmRm - ok
09:06:08.0002 2664 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
09:06:08.0018 2664 LanmanServer - ok
09:06:08.0049 2664 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
09:06:08.0049 2664 LanmanWorkstation - ok
09:06:08.0065 2664 LC7981 - ok
09:06:08.0080 2664 LEX_AS_NIC_SERVICE_YNOS - ok
09:06:08.0096 2664 lhidflt2 - ok
09:06:08.0127 2664 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:06:08.0127 2664 lltdio - ok
09:06:08.0158 2664 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
09:06:08.0158 2664 lltdsvc - ok
09:06:08.0174 2664 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
09:06:08.0174 2664 lmhosts - ok
09:06:08.0190 2664 LMouFilt - ok
09:06:08.0205 2664 LoopBeMidi1 - ok
09:06:08.0252 2664 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:06:08.0252 2664 LSI_FC - ok
09:06:08.0268 2664 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:06:08.0268 2664 LSI_SAS - ok
09:06:08.0299 2664 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:06:08.0299 2664 LSI_SAS2 - ok
09:06:08.0314 2664 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:06:08.0314 2664 LSI_SCSI - ok
09:06:08.0314 2664 ltxred - ok
09:06:08.0346 2664 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:06:08.0346 2664 luafv - ok
09:06:08.0346 2664 lxbs_device - ok
09:06:08.0361 2664 mapserver6.3 - ok
09:06:08.0408 2664 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
09:06:08.0408 2664 MBAMProtector - ok
09:06:08.0470 2664 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:06:08.0486 2664 MBAMService - ok
09:06:08.0502 2664 mcvsrte - ok
09:06:08.0548 2664 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
09:06:08.0548 2664 Mcx2Svc - ok
09:06:08.0564 2664 mdmxsdk - ok
09:06:08.0580 2664 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
09:06:08.0580 2664 megasas - ok
09:06:08.0595 2664 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
09:06:08.0611 2664 MegaSR - ok
09:06:08.0611 2664 mgabgexe - ok
09:06:08.0658 2664 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:06:08.0736 2664 Microsoft Office Groove Audit Service - ok
09:06:08.0751 2664 mindrepair - ok
09:06:08.0767 2664 mksupdateint - ok
09:06:08.0782 2664 mks_scan - ok
09:06:08.0798 2664 mldserv - ok
09:06:08.0814 2664 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:06:08.0814 2664 MMCSS - ok
09:06:08.0845 2664 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:06:08.0845 2664 Modem - ok
09:06:08.0860 2664 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:06:08.0860 2664 monitor - ok
09:06:08.0907 2664 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
09:06:08.0907 2664 mouclass - ok
09:06:08.0923 2664 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:06:08.0938 2664 mouhid - ok
09:06:08.0970 2664 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
09:06:08.0970 2664 mountmgr - ok
09:06:09.0001 2664 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
09:06:09.0001 2664 mpio - ok
09:06:09.0016 2664 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:06:09.0032 2664 mpsdrv - ok
09:06:09.0032 2664 MpsSvc - ok
09:06:09.0048 2664 mraid35x - ok
09:06:09.0079 2664 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
09:06:09.0079 2664 MRxDAV - ok
09:06:09.0126 2664 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:06:09.0126 2664 mrxsmb - ok
09:06:09.0172 2664 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:06:09.0172 2664 mrxsmb10 - ok
09:06:09.0204 2664 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:06:09.0204 2664 mrxsmb20 - ok
09:06:09.0219 2664 MS1000 - ok
09:06:09.0235 2664 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
09:06:09.0235 2664 msahci - ok
09:06:09.0282 2664 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
09:06:09.0282 2664 msdsm - ok
09:06:09.0313 2664 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
09:06:09.0313 2664 MSDTC - ok
09:06:09.0344 2664 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:06:09.0344 2664 Msfs - ok
09:06:09.0344 2664 msftpsvc - ok
09:06:09.0375 2664 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:06:09.0375 2664 mshidkmdf - ok
09:06:09.0406 2664 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
09:06:09.0406 2664 msisadrv - ok
09:06:09.0531 2664 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
09:06:09.0562 2664 MSiSCSI - ok
09:06:09.0594 2664 msiserver - ok
09:06:09.0625 2664 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:06:09.0625 2664 MSKSSRV - ok
09:06:09.0656 2664 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:06:09.0703 2664 MSPCLOCK - ok
09:06:09.0734 2664 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:06:09.0734 2664 MSPQM - ok
09:06:09.0750 2664 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:06:09.0765 2664 MsRPC - ok
09:06:09.0781 2664 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
09:06:09.0781 2664 mssmbios - ok
09:06:09.0796 2664 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:06:09.0796 2664 MSTEE - ok
09:06:09.0812 2664 MTC0001_ESB - ok
09:06:09.0828 2664 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
09:06:09.0828 2664 MTConfig - ok
09:06:09.0843 2664 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:06:09.0859 2664 Mup - ok
09:06:09.0859 2664 mwssched - ok
09:06:09.0890 2664 mwstick - ok
09:06:09.0906 2664 mxserver - ok
09:06:09.0937 2664 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
09:06:09.0952 2664 napagent - ok
09:06:09.0968 2664 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:06:09.0984 2664 NativeWifiP - ok
09:06:10.0015 2664 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
09:06:10.0030 2664 NDIS - ok
09:06:10.0046 2664 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:06:10.0046 2664 NdisCap - ok
09:06:10.0062 2664 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:06:10.0062 2664 NdisTapi - ok
09:06:10.0108 2664 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
09:06:10.0108 2664 Ndisuio - ok
09:06:10.0155 2664 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
09:06:10.0155 2664 NdisWan - ok
09:06:10.0186 2664 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
09:06:10.0186 2664 NDProxy - ok
09:06:10.0202 2664 neokdss - ok
09:06:10.0218 2664 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:06:10.0218 2664 NetBIOS - ok
09:06:10.0249 2664 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
09:06:10.0249 2664 NetBT - ok
09:06:10.0296 2664 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:06:10.0296 2664 Netlogon - ok
09:06:10.0327 2664 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
09:06:10.0342 2664 Netman - ok
09:06:10.0358 2664 NetMsmqActivator - ok
09:06:10.0389 2664 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
09:06:10.0389 2664 netprofm - ok
09:06:10.0452 2664 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:06:10.0452 2664 NetTcpPortSharing - ok
09:06:10.0467 2664 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
09:06:10.0467 2664 nfrd960 - ok
09:06:10.0498 2664 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
09:06:10.0498 2664 NlaSvc - ok
09:06:10.0545 2664 nosGetPlusHelper (0e58f99692802c501454eac3d2ac3394) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
09:06:10.0545 2664 nosGetPlusHelper - ok
09:06:10.0545 2664 npapimon - ok
09:06:10.0576 2664 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:06:10.0576 2664 Npfs - ok
09:06:10.0608 2664 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
09:06:10.0608 2664 nsi - ok
09:06:10.0623 2664 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:06:10.0623 2664 nsiproxy - ok
09:06:10.0701 2664 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
09:06:10.0748 2664 Ntfs - ok
09:06:10.0779 2664 ntsyslog - ok
09:06:10.0810 2664 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:06:10.0810 2664 Null - ok
09:06:10.0842 2664 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
09:06:10.0842 2664 NVENETFD - ok
09:06:11.0044 2664 nvlddmkm (b0881dda5a8160422561ffab7f0008b1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:06:11.0200 2664 nvlddmkm - ok
09:06:11.0247 2664 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
09:06:11.0247 2664 nvraid - ok
09:06:11.0294 2664 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
09:06:11.0294 2664 nvstor - ok
09:06:11.0341 2664 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
09:06:11.0341 2664 nv_agp - ok
09:06:11.0341 2664 nwlnkfwd - ok
09:06:11.0403 2664 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:06:11.0419 2664 odserv - ok
09:06:11.0450 2664 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
09:06:11.0450 2664 ohci1394 - ok
09:06:11.0466 2664 om518p - ok
09:06:11.0481 2664 oraclemtsrecoveryservice - ok
09:06:11.0528 2664 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:06:11.0528 2664 ose - ok
09:06:11.0590 2664 OXSDIDRV_x32 (257190d58444732b68919c573368b64d) C:\Windows\system32\DRIVERS\OXSDIDRV_x32.sys
09:06:11.0590 2664 OXSDIDRV_x32 - ok
09:06:11.0637 2664 OXUDIDRV (8f534a8630f6baba92e14531f96906cd) C:\Windows\system32\Drivers\OXUDIDRV_X32.sys
09:06:11.0653 2664 OXUDIDRV - ok
09:06:11.0684 2664 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:06:11.0746 2664 p2pimsvc - ok
09:06:11.0778 2664 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
09:06:11.0778 2664 p2psvc - ok
09:06:11.0793 2664 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
09:06:11.0809 2664 Parport - ok
09:06:11.0840 2664 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
09:06:11.0840 2664 partmgr - ok
09:06:11.0856 2664 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
09:06:11.0856 2664 Parvdm - ok
09:06:11.0887 2664 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
09:06:11.0887 2664 PcaSvc - ok
09:06:11.0902 2664 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
09:06:11.0902 2664 pci - ok
09:06:11.0934 2664 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
09:06:11.0934 2664 pciide - ok
09:06:11.0949 2664 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
09:06:11.0965 2664 pcmcia - ok
09:06:11.0965 2664 pcouffin - ok
09:06:11.0980 2664 pcradminserver - ok
09:06:12.0012 2664 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:06:12.0012 2664 pcw - ok
09:06:12.0027 2664 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:06:12.0043 2664 PEAUTH - ok
09:06:12.0090 2664 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
09:06:12.0121 2664 PeerDistSvc - ok
09:06:12.0152 2664 pinger - ok
09:06:12.0214 2664 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
09:06:12.0246 2664 pla - ok
09:06:12.0292 2664 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
09:06:12.0292 2664 PlugPlay - ok
09:06:12.0324 2664 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
09:06:12.0324 2664 PNRPAutoReg - ok
09:06:12.0355 2664 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:06:12.0355 2664 PNRPsvc - ok
09:06:12.0386 2664 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
09:06:12.0402 2664 PolicyAgent - ok
09:06:12.0433 2664 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
09:06:12.0433 2664 Power - ok
09:06:12.0464 2664 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:06:12.0464 2664 PptpMiniport - ok
09:06:12.0480 2664 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
09:06:12.0480 2664 Processor - ok
09:06:12.0542 2664 PROCEXP113 (36c46561fdc566fd4943216aba090343) C:\Windows\system32\drivers\PROCEXP113.sys
09:06:12.0542 2664 PROCEXP113 - ok
09:06:12.0573 2664 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
09:06:12.0589 2664 ProfSvc - ok
09:06:12.0620 2664 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:06:12.0620 2664 ProtectedStorage - ok
09:06:12.0636 2664 proxyhostmirrordisplay - ok
09:06:12.0682 2664 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:06:12.0698 2664 Psched - ok
09:06:12.0745 2664 qhwscsvc - ok
09:06:12.0792 2664 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
09:06:12.0823 2664 ql2300 - ok
09:06:12.0838 2664 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
09:06:12.0838 2664 ql40xx - ok
09:06:12.0870 2664 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
09:06:12.0870 2664 QWAVE - ok
09:06:12.0901 2664 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:06:12.0901 2664 QWAVEdrv - ok
09:06:12.0916 2664 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:06:12.0916 2664 RasAcd - ok
09:06:12.0932 2664 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:06:12.0932 2664 RasAgileVpn - ok
09:06:12.0963 2664 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
09:06:12.0963 2664 RasAuto - ok
09:06:12.0979 2664 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:06:12.0979 2664 Rasl2tp - ok
09:06:13.0010 2664 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
09:06:13.0010 2664 RasMan - ok
09:06:13.0041 2664 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:06:13.0041 2664 RasPppoe - ok
09:06:13.0057 2664 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:06:13.0057 2664 RasSstp - ok
09:06:13.0072 2664 rca - ok
09:06:13.0104 2664 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
09:06:13.0104 2664 rdbss - ok
09:06:13.0135 2664 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
09:06:13.0135 2664 rdpbus - ok
09:06:13.0166 2664 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:06:13.0166 2664 RDPCDD - ok
09:06:13.0197 2664 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
09:06:13.0197 2664 RDPDR - ok
09:06:13.0228 2664 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:06:13.0228 2664 RDPENCDD - ok
09:06:13.0244 2664 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:06:13.0244 2664 RDPREFMP - ok
09:06:13.0275 2664 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
09:06:13.0291 2664 RDPWD - ok
09:06:13.0353 2664 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
09:06:13.0353 2664 rdyboost - ok
09:06:13.0384 2664 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
09:06:13.0384 2664 RemoteAccess - ok
09:06:13.0416 2664 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
09:06:13.0416 2664 RemoteRegistry - ok
09:06:13.0494 2664 RichVideo (06a49b7bdc36cfbf97dd90804f833369) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
09:06:13.0494 2664 RichVideo - ok
09:06:13.0540 2664 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
09:06:13.0540 2664 RimUsb - ok
09:06:13.0587 2664 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
09:06:13.0587 2664 RimVSerPort - ok
09:06:13.0603 2664 riomsc - ok
09:06:13.0618 2664 rismxdp - ok
09:06:13.0650 2664 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
09:06:13.0650 2664 ROOTMODEM - ok
09:06:13.0681 2664 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
09:06:13.0696 2664 RpcEptMapper - ok
09:06:13.0743 2664 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
09:06:13.0743 2664 RpcLocator - ok
09:06:13.0774 2664 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
09:06:13.0774 2664 RpcSs - ok
09:06:13.0806 2664 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:06:13.0806 2664 rspndr - ok
09:06:13.0821 2664 rupsmon - ok
09:06:13.0837 2664 s117mdfl - ok
09:06:13.0837 2664 s125bus - ok
09:06:13.0868 2664 s217unic - ok
09:06:13.0899 2664 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
09:06:13.0899 2664 s3cap - ok
09:06:13.0930 2664 s616mgmt - ok
09:06:13.0993 2664 SABKUTIL - ok
09:06:14.0008 2664 SaiNtHid - ok
09:06:14.0040 2664 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:06:14.0040 2664 SamSs - ok
09:06:14.0071 2664 sandboxu - ok
09:06:14.0118 2664 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
09:06:14.0118 2664 sbp2port - ok
09:06:14.0149 2664 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
09:06:14.0149 2664 SCardSvr - ok
09:06:14.0164 2664 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
09:06:14.0164 2664 scfilter - ok
09:06:14.0227 2664 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
09:06:14.0242 2664 Schedule - ok
09:06:14.0274 2664 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
09:06:14.0274 2664 SCPolicySvc - ok
09:06:14.0320 2664 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
09:06:14.0320 2664 SDRSVC - ok
09:06:14.0336 2664 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:06:14.0336 2664 secdrv - ok
09:06:14.0367 2664 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
09:06:14.0367 2664 seclogon - ok
09:06:14.0383 2664 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
09:06:14.0383 2664 SENS - ok
09:06:14.0414 2664 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
09:06:14.0414 2664 SensrSvc - ok
09:06:14.0445 2664 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
09:06:14.0445 2664 Serenum - ok
09:06:14.0461 2664 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
09:06:14.0461 2664 Serial - ok
09:06:14.0492 2664 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
09:06:14.0492 2664 sermouse - ok
09:06:14.0539 2664 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
09:06:14.0539 2664 SessionEnv - ok
09:06:14.0586 2664 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
09:06:14.0586 2664 sffdisk - ok
09:06:14.0601 2664 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
09:06:14.0601 2664 sffp_mmc - ok
09:06:14.0617 2664 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
09:06:14.0632 2664 sffp_sd - ok
09:06:14.0648 2664 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
09:06:14.0648 2664 sfloppy - ok
09:06:14.0679 2664 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
09:06:14.0679 2664 SharedAccess - ok
09:06:14.0742 2664 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
09:06:14.0757 2664 ShellHWDetection - ok
09:06:14.0788 2664 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
09:06:14.0788 2664 sisagp - ok
09:06:14.0820 2664 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:06:14.0835 2664 SiSRaid2 - ok
09:06:14.0851 2664 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
09:06:14.0851 2664 SiSRaid4 - ok
09:06:14.0882 2664 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:06:14.0882 2664 Smb - ok
09:06:14.0929 2664 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
09:06:14.0929 2664 SNMPTRAP - ok
09:06:14.0944 2664 sonywbms - ok
09:06:14.0944 2664 sparrow - ok
09:06:14.0960 2664 spbbcdrv - ok
09:06:14.0991 2664 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:06:14.0991 2664 spldr - ok
09:06:15.0007 2664 spmd - ok
09:06:15.0054 2664 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
09:06:15.0069 2664 Spooler - ok
09:06:15.0147 2664 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
09:06:15.0210 2664 sppsvc - ok
09:06:15.0241 2664 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
09:06:15.0241 2664 sppuinotify - ok
09:06:15.0256 2664 SQLAgent$MICROSOFTBCM - ok
09:06:15.0288 2664 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
09:06:15.0303 2664 srv - ok
09:06:15.0350 2664 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
09:06:15.0350 2664 srv2 - ok
09:06:15.0381 2664 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
09:06:15.0381 2664 srvnet - ok
09:06:15.0412 2664 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
09:06:15.0412 2664 SSDPSRV - ok
09:06:15.0444 2664 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
09:06:15.0444 2664 SstpSvc - ok
09:06:15.0459 2664 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
09:06:15.0475 2664 stexstor - ok
09:06:15.0522 2664 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
09:06:15.0522 2664 StillCam - ok
09:06:15.0568 2664 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
09:06:15.0584 2664 StiSvc - ok
09:06:15.0615 2664 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
09:06:15.0615 2664 storflt - ok
09:06:15.0646 2664 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
09:06:15.0646 2664 StorSvc - ok
09:06:15.0693 2664 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
09:06:15.0693 2664 storvsc - ok
09:06:15.0709 2664 susbser - ok
09:06:15.0740 2664 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
09:06:15.0740 2664 swenum - ok
09:06:15.0756 2664 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
09:06:15.0771 2664 swprv - ok
09:06:15.0771 2664 symantecantibotdriver - ok
09:06:15.0818 2664 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
09:06:15.0849 2664 SysMain - ok
09:06:15.0865 2664 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
09:06:15.0865 2664 TabletInputService - ok
09:06:15.0912 2664 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
09:06:15.0912 2664 TapiSrv - ok
09:06:15.0943 2664 tbhsd (5d8c820e2d885c25ffc6bbc5d4fe073c) C:\Windows\system32\drivers\tbhsd.sys
09:06:15.0958 2664 tbhsd - ok
09:06:15.0974 2664 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
09:06:15.0990 2664 TBS - ok
09:06:16.0005 2664 TClass2k - ok
09:06:16.0052 2664 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
09:06:16.0083 2664 Tcpip - ok
09:06:16.0130 2664 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
09:06:16.0146 2664 TCPIP6 - ok
09:06:16.0177 2664 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
09:06:16.0177 2664 tcpipreg - ok
09:06:16.0224 2664 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
09:06:16.0224 2664 TDPIPE - ok
09:06:16.0255 2664 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
09:06:16.0255 2664 TDTCP - ok
09:06:16.0302 2664 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
09:06:16.0302 2664 tdx - ok
09:06:16.0317 2664 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
09:06:16.0317 2664 TermDD - ok
09:06:16.0364 2664 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
09:06:16.0380 2664 TermService - ok
09:06:16.0395 2664 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
09:06:16.0395 2664 Themes - ok
09:06:16.0411 2664 thinkpadmodemservice - ok
09:06:16.0442 2664 thpsrv - ok
09:06:16.0458 2664 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:06:16.0473 2664 THREADORDER - ok
09:06:16.0489 2664 tng-dts - ok
09:06:16.0504 2664 toddsrv - ok
09:06:16.0520 2664 transcode360 - ok
09:06:16.0551 2664 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
09:06:16.0567 2664 TrkWks - ok
09:06:16.0567 2664 trlokom_rmhsvc - ok
09:06:16.0614 2664 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
09:06:16.0614 2664 TrustedInstaller - ok
09:06:16.0645 2664 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:06:16.0645 2664 tssecsrv - ok
09:06:16.0738 2664 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
09:06:16.0738 2664 TsUsbFlt - ok
09:06:16.0785 2664 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
09:06:16.0785 2664 tunnel - ok
09:06:16.0801 2664 U2SP - ok
09:06:16.0832 2664 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
09:06:16.0832 2664 uagp35 - ok
09:06:16.0848 2664 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
09:06:16.0848 2664 udfs - ok
09:06:16.0863 2664 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
09:06:16.0879 2664 UI0Detect - ok
09:06:16.0894 2664 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
09:06:16.0894 2664 uliagpkx - ok
09:06:16.0941 2664 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
09:06:16.0941 2664 umbus - ok
09:06:16.0972 2664 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
09:06:16.0972 2664 UmPass - ok
09:06:17.0004 2664 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
09:06:17.0019 2664 UmRdpService - ok
09:06:17.0035 2664 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
09:06:17.0050 2664 upnphost - ok
09:06:17.0082 2664 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
09:06:17.0082 2664 USBAAPL - ok
09:06:17.0128 2664 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
09:06:17.0128 2664 usbaudio - ok
09:06:17.0175 2664 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
09:06:17.0175 2664 usbccgp - ok
09:06:17.0222 2664 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
09:06:17.0222 2664 usbcir - ok
09:06:17.0238 2664 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
09:06:17.0238 2664 usbehci - ok
09:06:17.0253 2664 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
09:06:17.0269 2664 usbhub - ok
09:06:17.0284 2664 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
09:06:17.0284 2664 usbohci - ok
09:06:17.0316 2664 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:06:17.0316 2664 usbprint - ok
09:06:17.0331 2664 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
09:06:17.0347 2664 usbscan - ok
09:06:17.0362 2664 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:06:17.0362 2664 USBSTOR - ok
09:06:17.0378 2664 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
09:06:17.0378 2664 usbuhci - ok
09:06:17.0409 2664 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
09:06:17.0409 2664 UxSms - ok
09:06:17.0425 2664 vaiomediaplatform-integratedserver-upnp - ok
09:06:17.0440 2664 VAIOMediaPlatform-MusicServer-HTTP - ok
09:06:17.0487 2664 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:06:17.0487 2664 VaultSvc - ok
09:06:17.0503 2664 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
09:06:17.0503 2664 vdrvroot - ok
09:06:17.0550 2664 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
09:06:17.0565 2664 vds - ok
09:06:17.0596 2664 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:06:17.0596 2664 vga - ok
09:06:17.0612 2664 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:06:17.0612 2664 VgaSave - ok
09:06:17.0659 2664 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
09:06:17.0690 2664 vhdmp - ok
09:06:17.0721 2664 Via4in1 - ok
09:06:17.0737 2664 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
09:06:17.0737 2664 viaagp - ok
09:06:17.0768 2664 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
09:06:17.0768 2664 ViaC7 - ok
09:06:17.0799 2664 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
09:06:17.0799 2664 viaide - ok
09:06:17.0846 2664 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
09:06:17.0846 2664 vmbus - ok
09:06:17.0877 2664 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
09:06:17.0877 2664 VMBusHID - ok
09:06:17.0908 2664 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
09:06:17.0908 2664 volmgr - ok
09:06:17.0940 2664 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:06:17.0940 2664 volmgrx - ok
09:06:17.0986 2664 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
09:06:17.0986 2664 volsnap - ok
09:06:18.0002 2664 vpn5000service - ok
09:06:18.0018 2664 vpnva - ok
09:06:18.0033 2664 VRFIL - ok
09:06:18.0064 2664 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
09:06:18.0064 2664 vsmraid - ok
09:06:18.0111 2664 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
09:06:18.0142 2664 VSS - ok
09:06:18.0158 2664 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
09:06:18.0158 2664 vwifibus - ok
09:06:18.0174 2664 vxsvc - ok
09:06:18.0189 2664 vzcdbsvc - ok
09:06:18.0220 2664 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
09:06:18.0236 2664 W32Time - ok
09:06:18.0252 2664 W700mdfl - ok
09:06:18.0267 2664 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
09:06:18.0283 2664 WacomPen - ok
09:06:18.0314 2664 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:06:18.0314 2664 WANARP - ok
09:06:18.0314 2664 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:06:18.0314 2664 Wanarpv6 - ok
09:06:18.0330 2664 wandrv - ok
09:06:18.0392 2664 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
09:06:18.0408 2664 WatAdminSvc - ok
09:06:18.0454 2664 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
09:06:18.0486 2664 wbengine - ok
09:06:18.0595 2664 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
09:06:18.0595 2664 WbioSrvc - ok
09:06:18.0673 2664 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
09:06:18.0688 2664 wcncsvc - ok
09:06:18.0735 2664 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
09:06:18.0735 2664 WcsPlugInService - ok
09:06:18.0751 2664 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
09:06:18.0751 2664 Wd - ok
09:06:18.0782 2664 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:06:18.0782 2664 Wdf01000 - ok
09:06:18.0798 2664 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:06:18.0813 2664 WdiServiceHost - ok
09:06:18.0813 2664 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:06:18.0813 2664 WdiSystemHost - ok
09:06:18.0860 2664 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
09:06:18.0860 2664 WebClient - ok
09:06:18.0891 2664 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
09:06:18.0891 2664 Wecsvc - ok
09:06:18.0907 2664 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
09:06:18.0907 2664 wercplsupport - ok
09:06:18.0938 2664 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
09:06:18.0938 2664 WerSvc - ok
09:06:18.0969 2664 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:06:18.0969 2664 WfpLwf - ok
09:06:18.0985 2664 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:06:19.0000 2664 WIMMount - ok
09:06:19.0032 2664 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
09:06:19.0047 2664 WinDefend - ok
09:06:19.0063 2664 WinFl32 - ok
09:06:19.0078 2664 WinHttpAutoProxySvc - ok
09:06:19.0125 2664 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
09:06:19.0125 2664 Winmgmt - ok
09:06:19.0172 2664 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
09:06:19.0203 2664 WinRM - ok
09:06:19.0234 2664 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
09:06:19.0250 2664 WinUsb - ok
09:06:19.0281 2664 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
09:06:19.0312 2664 Wlansvc - ok
09:06:19.0344 2664 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
09:06:19.0344 2664 WmiAcpi - ok
09:06:19.0375 2664 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
09:06:19.0390 2664 wmiApSrv - ok
09:06:19.0437 2664 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:06:19.0468 2664 WMPNetworkSvc - ok
09:06:19.0484 2664 WmVirHid - ok
09:06:19.0500 2664 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
09:06:19.0515 2664 WPCSvc - ok
09:06:19.0546 2664 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
09:06:19.0546 2664 WPDBusEnum - ok
09:06:19.0562 2664 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:06:19.0562 2664 ws2ifsl - ok
09:06:19.0609 2664 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
09:06:19.0609 2664 WsAudio_DeviceS(1) - ok
09:06:19.0640 2664 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
09:06:19.0640 2664 WsAudio_DeviceS(2) - ok
09:06:19.0687 2664 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
09:06:19.0687 2664 WsAudio_DeviceS(3) - ok
09:06:19.0702 2664 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
09:06:19.0702 2664 WsAudio_DeviceS(4) - ok
09:06:19.0765 2664 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
09:06:19.0765 2664 WsAudio_DeviceS(5) - ok
09:06:19.0796 2664 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
09:06:19.0796 2664 wscsvc - ok
09:06:19.0812 2664 WSearch - ok
09:06:19.0827 2664 wtwservice - ok
09:06:19.0890 2664 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
09:06:19.0936 2664 wuauserv - ok
09:06:19.0968 2664 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
09:06:19.0983 2664 WudfPf - ok
09:06:20.0030 2664 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:06:20.0046 2664 WUDFRd - ok
09:06:20.0077 2664 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
09:06:20.0077 2664 wudfsvc - ok
09:06:20.0108 2664 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
09:06:20.0108 2664 WwanSvc - ok
09:06:20.0139 2664 Xyz777b - ok
09:06:20.0139 2664 ZDPSp50 - ok
09:06:20.0155 2664 _iomega_active_disk_service_ - ok
09:06:20.0170 2664 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:06:20.0202 2664 \Device\Harddisk0\DR0 - ok
09:06:20.0217 2664 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
09:06:20.0217 2664 \Device\Harddisk1\DR1 - ok
09:06:20.0217 2664 Boot (0x1200) (d8b6e720b2fa6bb796e01e58f775f07e) \Device\Harddisk0\DR0\Partition0
09:06:20.0233 2664 \Device\Harddisk0\DR0\Partition0 - ok
09:06:20.0233 2664 Boot (0x1200) (e67a7dc82d0dcd752f61c7a7987dc4eb) \Device\Harddisk0\DR0\Partition1
09:06:20.0233 2664 \Device\Harddisk0\DR0\Partition1 - ok
09:06:20.0233 2664 Boot (0x1200) (981f200013b79c09e12e873e42e3c929) \Device\Harddisk1\DR1\Partition0
09:06:20.0233 2664 \Device\Harddisk1\DR1\Partition0 - ok
09:06:20.0233 2664 ============================================================
09:06:20.0233 2664 Scan finished
09:06:20.0233 2664 ============================================================
09:06:20.0248 3084 Detected object count: 0
09:06:20.0248 3084 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-06 09:08:48
-----------------------------
09:08:48.554 OS Version: Windows 6.1.7601 Service Pack 1
09:08:48.554 Number of processors: 4 586 0xF0B
09:08:48.554 ComputerName: GEORGEMALZ-PC UserName: George Malz
09:08:50.598 Initialize success
09:10:25.879 AVAST engine defs: 12040600
09:11:13.607 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
09:11:13.607 Disk 0 Vendor: ST350032 SD15 Size: 476940MB BusType: 3
09:11:13.607 Disk 0 MBR read successfully
09:11:13.623 Disk 0 MBR scan
09:11:13.670 Disk 0 Windows 7 default MBR code
09:11:13.685 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:11:13.701 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
09:11:13.701 Disk 0 scanning sectors +976771072
09:11:13.779 Disk 0 scanning C:\Windows\system32\drivers
09:11:15.464 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Alureon-ASC [Rtk]
09:11:22.889 Disk 0 trace - called modules:
09:11:22.905 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
09:11:22.905 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855ee310]
09:11:23.420 3 CLASSPNP.SYS[8763959e] -> nt!IofCallDriver -> [0x853a1450]
09:11:23.420 5 ACPI.sys[86e973d4] -> nt!IofCallDriver -> \Device\00000062[0x853a1030]
09:11:24.761 AVAST engine scan C:\Windows
09:11:27.866 AVAST engine scan C:\Windows\system32
09:13:52.961 AVAST engine scan C:\Windows\system32\drivers
09:13:54.802 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Alureon-ASC [Rtk]
09:14:04.958 AVAST engine scan C:\Users\George Malz
09:35:03.474 AVAST engine scan C:\ProgramData
09:36:41.426 Scan finished successfully
09:46:53.539 Disk 0 MBR has been saved successfully to "C:\Users\George Malz\Desktop\Bleeping Computer\MBR.dat"
09:46:53.539 The log file has been saved successfully to "C:\Users\George Malz\Desktop\Bleeping Computer\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:49 PM

Posted 06 April 2012 - 01:52 PM

Hello

FYI I ran Malwarebytes after the combofix scan and the Root.Oaccess.H virus showed up 5 times.

I have not asked you to do this yet

  • Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

from my very first post


SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
dfsc.sys
dfsc.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:49 PM

Posted 09 April 2012 - 12:04 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 adamsapple

adamsapple
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 09 April 2012 - 06:29 PM

Hello Gringo,

Sorry about the malwarebytes, thought it was part of the tools you use and would help. I won't run anymore software unless instructed.

We went away for Easter and just got back. If you celebrate Easter, hope you had a happy Easter. I will need a little more time to run the tools you sent in the last post. I will post reply with scans ASAP, probably shortly.

George

#10 adamsapple

adamsapple
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 09 April 2012 - 06:39 PM

The computer seems to be running better, than when we first started. Here is the latest log:




SystemLook 30.07.11 by jpshortstuff
Log created at 19:31 on 09/04/2012 by George Malz
Administrator - Elevation successful

========== filefind ==========

Searching for "dfsc.sys"
C:\Windows\System32\drivers\dfsc.sys --a---- 78336 bytes [21:57 04/07/2011] [08:42 20/11/2010] BE619740208F3EE7E0A851DED38CD209
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16385_none_87708401476f7a4f\dfsc.sys --a---- 78336 bytes [23:14 13/07/2009] [23:14 13/07/2009] 8E09E52EE2E3CEB199EF3DD99CF9E3FB
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16804_none_87c60c95472f7333\dfsc.sys --a---- 78336 bytes [01:35 16/06/2011] [02:33 27/04/2011] 83D1ECEA8FAAE75604C0FA49AC7AD996
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.20953_none_8818997a6076855b\dfsc.sys --a---- 78336 bytes [01:35 16/06/2011] [02:24 27/04/2011] 886E8C1608146CC355DDD455F5C8DD87

Searching for "dfsc.*"
C:\Windows\System32\drivers\dfsc.sys --a---- 78336 bytes [21:57 04/07/2011] [08:42 20/11/2010] BE619740208F3EE7E0A851DED38CD209
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16385_none_87708401476f7a4f\dfsc.sys --a---- 78336 bytes [23:14 13/07/2009] [23:14 13/07/2009] 8E09E52EE2E3CEB199EF3DD99CF9E3FB
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16804_none_87c60c95472f7333\dfsc.sys --a---- 78336 bytes [01:35 16/06/2011] [02:33 27/04/2011] 83D1ECEA8FAAE75604C0FA49AC7AD996
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.20953_none_8818997a6076855b\dfsc.sys --a---- 78336 bytes [01:35 16/06/2011] [02:24 27/04/2011] 886E8C1608146CC355DDD455F5C8DD87

-= EOF =-

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:49 PM

Posted 09 April 2012 - 07:21 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

FCopy::
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16385_none_87708401476f7a4f\dfsc.sys | C:\Windows\System32\drivers\dfsc.sys

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 adamsapple

adamsapple
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 09 April 2012 - 09:14 PM

The Computer seems to be running fine. There was no problems with Combofix, just restarted the computer a couple of times and then finished with the final report attached:



ComboFix 12-04-05.08 - George Malz 09/04/2012 21:30:13.14.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.1022.460 [GMT -4:00]
Running from: c:\users\George Malz\Desktop\ComboFix.exe
Command switches used :: c:\users\George Malz\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB26479$
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16385_none_87708401476f7a4f\dfsc.sys --> c:\windows\System32\drivers\dfsc.sys
.
((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
.
.
2012-04-10 01:39 . 2012-04-10 01:56 -------- d-----w- c:\users\George Malz\AppData\Local\temp
2012-04-10 01:39 . 2012-04-10 01:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-10 01:39 . 2012-04-10 01:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-10 01:39 . 2012-04-10 01:39 -------- d-----w- c:\users\AlexanderNatalia\AppData\Local\temp
2012-04-10 00:48 . 2012-04-10 01:39 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C15EC8AA-ABBC-466D-B659-35BA81E9ED9B}\offreg.dll
2012-04-06 09:04 . 2012-03-20 07:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C15EC8AA-ABBC-466D-B659-35BA81E9ED9B}\mpengine.dll
2012-04-03 19:15 . 2011-04-25 03:13 110992 ----a-w- c:\program files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2\components\abhelperxpcom.dll
2012-04-03 19:15 . 2011-04-25 03:13 147856 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2\components\kavlinkfilter.dll
2012-04-03 18:21 . 2012-04-03 18:21 -------- d-----w- c:\program files\Common Files\Control Panels
2012-04-03 18:20 . 2012-04-03 18:20 -------- d-----w- c:\programdata\ALM
2012-04-03 17:58 . 2008-10-15 01:33 95600 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-04-02 22:57 . 2008-10-18 00:02 126976 ------w- c:\windows\system32\BrfxD05b.dll
2012-04-02 22:57 . 2009-02-24 17:59 72192 ------w- c:\windows\system32\BrNetSti.dll
2012-04-02 22:57 . 2009-02-24 16:51 73216 ------w- c:\windows\system32\BrWiaNCp.dll
2012-04-02 22:57 . 2009-02-24 16:51 46592 ------w- c:\windows\system32\Brnsplg.dll
2012-04-02 22:57 . 2007-12-14 02:16 5120 ------w- c:\windows\system32\BrDctF2L.dll
2012-04-02 22:57 . 2007-12-14 02:16 73728 ------w- c:\windows\system32\BrDctF2.dll
2012-04-02 22:57 . 2007-01-16 01:54 12288 ------w- c:\windows\system32\BrDctF2S.dll
2012-04-02 22:57 . 2006-12-28 17:39 176128 ------w- c:\windows\system32\BroSNMP.dll
2012-04-02 22:56 . 2012-04-02 22:56 -------- d-----w- c:\users\George Malz\AppData\Roaming\InstallShield
2012-03-29 23:41 . 2012-03-29 23:41 -------- d-----w- c:\users\George Malz\AppData\Local\{B863C18F-79F8-11E1-826D-B8AC6F996F26}
2012-03-28 22:37 . 2012-03-28 22:37 -------- d-----w- c:\users\George Malz\AppData\Local\{897D5E73-7926-11E1-826D-B8AC6F996F26}
2012-03-24 16:56 . 2012-03-24 16:56 -------- d-----w- c:\users\George Malz\AppData\Roaming\Cocoon Software
2012-03-24 16:56 . 2012-03-24 16:59 -------- d-----w- c:\program files\QuickMediaConverter
2012-03-24 16:55 . 2012-03-24 16:55 -------- d-----w- c:\users\George Malz\AppData\Local\WDSetup
2012-03-24 16:51 . 2012-03-24 16:51 -------- d-----w- c:\program files\Emicsoft Studio
2012-03-17 23:56 . 2012-04-03 21:04 -------- d-----w- c:\users\George Malz\AppData\Roaming\Ymqyuv
2012-03-17 23:56 . 2012-03-18 13:27 -------- d-----w- c:\users\George Malz\AppData\Roaming\Qyzei
2012-03-17 23:56 . 2012-03-18 06:56 -------- d-----w- c:\users\George Malz\AppData\Roaming\Defyu
2012-03-14 07:00 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 07:00 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 00:32 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 00:32 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 00:31 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 00:31 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 00:31 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 00:31 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 00:31 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 00:31 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-02-21 20:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-23 14:18 . 2010-10-01 20:51 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 00:44 . 2012-01-25 00:44 709968 ----a-w- c:\windows\is-AS8K5.exe
2011-06-16 04:17 . 2011-07-10 02:01 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-05-07 210216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-10-18 273528]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Users^George Malz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\George Malz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-03-30 02:14 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 23:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-09 02:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-15 01:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
R1 SABKUTIL;SABKUTIL;c:\users\George Malz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O0A3FDPT\SASKUTIL.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 135664]
R2 pcouffin;Exportit;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 265088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-07-13 11904]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 135664]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [2009-09-28 52656]
R3 OXUDIDRV;OXUDIDRV;c:\windows\system32\Drivers\OXUDIDRV_X32.sys [2010-05-25 24880]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-03 1343400]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-12-09 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-12-09 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-12-09 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-12-09 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-12-09 25704]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
kbfiltr
FlexBios
rpcsvr4x
vzcdbsvc
oracle_load_balancer_60_client-forms6ip14
MTC0001_ESB
cmdmon
epoxusdm
ptilink
atdisk
ntrtscan
Ndisipo
ALABULK
cwcwdm
scramby
ixiaendpoint
iam
prtg4service
mssql$sqlexpress
mbackmonitor
bwmservice
avsvcmonitor
rtl8139
WINIO
vmusb
pavfnsvr
s117bus
cdrbsdrv
vsapint
AlteraByteBlaster
avgcoresvc
pcdrndisuio
VAIOMediaPlatform-MusicServer-HTTP
ltmodem5
RapiMgr
advantage
syntp
Xyz777b
dsproct
st330service
LMouFilt
winpowermanager
iPassPeriodicUpdateService
ggsemc
AppnApi
tiumfwl
TClass2k
pcradminserver
deltafw
LUsbFilt
NetMsmqActivator
ARSVC
ispwdsvc
kraidsvc
IntelC52
AMDPCI
changer
jsdaemon
spmd
cebdaldr
hpzius12
msftpsvc
toddsrv
bthidmgr
IBM_LLC2
SNC
cyberpowerups
pmshellsrv
iaimfp2
lxbt_device
papyjoy
dphost
avgarcln
mindrepair
trlokom_rmhsvc
avgtdi
s217unic
vpn5000service
RadProbe
pdlnacom
xpagentserver
avsinc
avgems
enxpsvc
avg7rsxp
pdlnecfg
SNPSTD3
mctaskmanager
k750obex
WmaCVideo32
WmaCDriverV32
db2jds
oracleservicesecinst
vmount2
Airgo
PTDCMdm
RMSvc
c-dillasrv
mgabgexe
vaiomediaplatform-integratedserver-upnp
CoachUsb
ha10kx2k
eloggersvc6
iaimfp3
usb_rndisx
VIAPFD
hpgate
netw4x32
vcommmgr
oracleorahomepagingserver
bdss
GVCplDrv
pinnaclesys.mediaserver
utilman
WmVirHid
sbpci
TPM
amoagent
pwkntmon
se2Cnd5
co_mon
msmframework
EUSBMSD
k750mgmt
tsscoreservice
SSHDRV61
nsengine
UlSata
tmlisten
rkhdrv31
alcxwdm
PGPwded
cachemanxp
rppkt
ddxgb
wtwservice
thinkpadmodemservice
bdselfpr
thpsrv
hnmsvc
cmdagent
lxcj_device
iaimtv0
se44mgmt
bh611
LEX_AS_NIC_SERVICE_YNOS
DSI_SiUSBXp_3_1
jobserver_report
s616mgmt
Via4in1
W700mdfl
As6frin
sandboxu
ntsyslog
nwlnkfwd
eelsservice
ZDPSp50
transcode360
CADlink
LoopBeMidi1
ARPolicy
mksvirmonsvc
pcouffin
susbser
sparrow
SaiNtHid
downloadmanagerlite
wandrv
PCDCODEC
nvnforce
iPassPeriodicUpdateApp
GoProto
riomsc
EL2000
mksupdateint
mapserver6.3
isamsmt
LC7981
spbbcdrv
vxsvc
ltxred
VRFIL
kservice
rca
mxserver
neokdss
pinger
HPSLPSVC
BcmSqlStartupSvc
BCMModem
vpnva
qhwscsvc
KR3NPXP
SQLAgent$MICROSOFTBCM
CVPNDRVA
lxbs_device
rnadirectory
ROCKEYNT
odclientservice
om518p
dot4scan
CoachAud
s117mdfl
_iomega_active_disk_service_
S7oppilx
TPECioCtl
U2SP
RIOXDRV
pmem
MobilePreInstallerService
websensecamreportserver
w810mdfl
aolservice
icm10blk
screadspool
dmadmin
pcidrv
entertainment
backupclientsvc
pserve
LUsbKbd
VHidMinidrv
noipducservice
dsunidrv
CrystalSysInfo
mwssched
cfsvcs
U3sHlpDr
pavdrv
Appn
pktfilter
incdfs
hpdj
TIEHDUSB
ma_cmidi_installerservice
aolavupd
cdudf_xp
npapimon
rnadirmultiplexor
slapd-data52
atirage3
s24eventmonitor
sf
s116bus
fa_scheduler
JiaoCap
USRpdA
PcdrNt
ccproxy
LVBulk
scsk4
SndTDriverV32
mdmxsdk
AYDrvNT_ALYAC
telnet
vserial
fsssvc
NxFsMon
nhcDriverDevice
k750mdfl
zebrmdm
bwsvc
mcvsrte
tng-dts
mks_scan
rismxdp
mraid35x
WinFl32
sonywbms
mnmsrvc
cfosspeeds
WscNetDr
ftpds
VirtualCam
pcnet
ATIVTUTW
firelm01
proxyhostmirrordisplay
MS1000
axsnmsvc
dlcc_device
NMSCFG
ATIVXSTW
FINEPIX_PCC
ersvc
snpstd2
lhidflt2
KMWDFilter
mwstick
acrsch2svc
nmindexingservice
mldserv
appnnode
bglivesvc
BUFADPT
se58mdfl
RIOUNIV
ql2100
STV680
nbf
wmconnectcds
roxliveshare
ozoneinstallerservice
symmpi
oraclemtsrecoveryservice
tifsfilter
DM9102
rupsmon
PSSdk23
s125bus
bcftdi
ctprxy2k
mssql$sony_mediamgr
EagleNT
GoBack2K
zpjava
iPassP
pdlnemap
sndsrvc
UimBus
icdsptsv
nicser_wmp11
protectionservice
tfsndres
axsaki
symantecantibotdriver
fireport
driverhardwarev2
outpostfirewall
w300bus
AffinegyService
symantecantibotfilter
ser2pl
ati2mpaa
FileDisk
qbposdbextservices
WUSB54GPV4SRV
elockservice
sqlagent$sony_mediamgr
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
2007-09-19 15:32 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 02:19]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-02 02:19]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-147283149-2975313931-1160438742-1000Core.job
- c:\users\George Malz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-15 14:24]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-147283149-2975313931-1160438742-1000UA.job
- c:\users\George Malz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-15 14:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.ca/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\George Malz\AppData\Roaming\Mozilla\Firefox\Profiles\kc2cgw2x.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=14597
FF - prefs.js: keyword.URL - hxxp://fileservehome.com/?prt=fileservetb02ff&Keywords=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60323
FF - prefs.js: network.proxy.type - 1
FF - user.js: keyword.URL - hxxp://fileservehome.com/?prt=fileservetb02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,
18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,38,12,93,b9,bf,
bf,6c,b4,17,05,f4,25,43,ab,9a,4d,90,b8
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{182EC0BE-5110-49C8-A062-BEB1D02A220B}"=hex:51,66,7a,6c,4c,1d,38,12,d0,c3,3d,
1c,22,1f,a6,0c,df,74,fd,f1,d5,74,66,1f
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{929801A8-4AEF-4D12-BE31-D85BF666452B}"=hex:51,66,7a,6c,4c,1d,38,12,c6,02,8b,
96,dd,04,7c,08,c1,27,9b,1b,f3,38,01,3f
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:88,72,70,5d,3d,0d,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,be,18,2c,fd,73,d6,4a,a7,c9,fc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,be,18,2c,fd,73,d6,4a,a7,c9,fc,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\WUDFHost.exe
.
**************************************************************************
.
Completion time: 2012-04-09 22:01:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-10 02:01
ComboFix2.txt 2012-04-05 23:10
ComboFix3.txt 2011-07-05 03:03
.
Pre-Run: 139,555,975,168 bytes free
Post-Run: 139,442,348,032 bytes free
.
- - End Of File - - 28F39D9D0AEF2D73E94771374DB384FD

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:49 PM

Posted 09 April 2012 - 09:17 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 adamsapple

adamsapple
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 09 April 2012 - 09:21 PM

Attached is the report your requested.


Update for Microsoft Office 2007 (KB2508958)
3ivX MPEG-4 5.0.1 Video CODEC
7-Zip 4.65
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Template Projects & Footage
Adobe After Effects CS3 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Library
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader X (10.1.2)
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
Brother MFL-Pro Suite MFC-465CN
DivX Author 1.5
DivX Version Checker
EASEUS Data Recovery Wizard Professional 5.5.1
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Image Resizer Powertoy Clone for Windows
iTunes
Java Auto Updater
Java™ 6 Update 26
JDownloader 0.9
K-Lite Codec Pack 6.1.0 (Basic)
LG Burning Tools
LG CyberLink PowerDVD 7.0
LG Power Tools
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliType Pro 8.2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ Run Time Lib Setup
Mozilla Firefox 5.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
PDF Settings
PixiePack Codec Pack
Quick Media Converter
QuickTime
RapidShare Manager 2
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RemoteComms External Disk Access
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Skype Toolbars
Skype™ 5.3
SolveigMM AVI Trimmer
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VCRedistSetup
VLC media player 1.1.7
Yahoo! BrowserPlus 2.9.8
Yahoo! Toolbar

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:49 PM

Posted 09 April 2012 - 09:33 PM

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 26 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users