Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Invalid Certificate Trojan/Redirection


  • This topic is locked This topic is locked
21 replies to this topic

#1 Cyferz

Cyferz

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 06 April 2012 - 06:11 AM

Google chrome shows the red warning page and restricts access due to an invalid certificate. I cannot access www.google.com via google chrome, but I managed to access google through firefox.

My google search lead to this thread:
http://www.bleepingcomputer.com/forums/topic317513.html

His problem was identical to mine, so I followed the instructions given to him. I installed ComboFix and paused Avast! the only online security software I use. I apologize as I did not know the forum rules before I did this, however, ComboFix ran, scanned, deleted malicious files, restarted the computer. I am now apparantly able to access www.google.com through chrome; it no longer gives me an Invalid Certificate warning. However, Avast! has now disappeared from the system tray.

Although the problem seems to have disappeared, there are some side effects that I am ignorant of, I am posting my combofix log on these forums just to be sure.

Ps. I did not go past the 4th post of the thread I posted above. Any further instructions from the old thread I did not do.

EDIT:
Ten minutes after posting this using google chrome, the problem has re-appeared. I apologize again for jumping the gun and promise I will take no further action until instructed.


DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by iaj at 7:34:37 on 2012-04-06
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.2811.1727 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>?r?r?r?r?r?r?r?r?r?r?r?r??? ??;<local>†††??
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
StartupFolder: C:\Users\iaj\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SYNTPE~1.LNK - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\iaj\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.16.0.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8156BA70-EA4C-4C53-B99C-3C586F125E48} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8156BA70-EA4C-4C53-B99C-3C586F125E48}\146594 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8156BA70-EA4C-4C53-B99C-3C586F125E48}\2454C4C4038323 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8156BA70-EA4C-4C53-B99C-3C586F125E48}\443374E4F53535944403 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8156BA70-EA4C-4C53-B99C-3C586F125E48}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8156BA70-EA4C-4C53-B99C-3C586F125E48}\659414 : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{8156BA70-EA4C-4C53-B99C-3C586F125E48}\659414D27657563747 : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{8156BA70-EA4C-4C53-B99C-3C586F125E48}\D6166756279636B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B1B50379-4991-4736-9F9C-5DD8DD8551A5} : DhcpNameServer = 207.219.69.11 216.218.29.11
TCP: Interfaces\{E38CE15D-CC62-41B6-955B-C54C4622D671} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\iaj\AppData\Roaming\Mozilla\Firefox\Profiles\xe517z8g.default\
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\iaj\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\system32\npmproxy.dll
FF - plugin: C:\Windows\system32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-3-31 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-3-30 42184]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-9 136176]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-9 136176]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;C:\Windows\system32\DRIVERS\btblan.sys --> C:\Windows\system32\DRIVERS\btblan.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-7-23 92216]
S4 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-12 19968]
S4 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-4-19 315392]
.
=============== Created Last 30 ================
.
2012-04-06 10:49:08 -------- d-----w- C:\$RECYCLE.BIN
2012-04-06 10:33:31 98816 ----a-w- C:\Windows\sed.exe
2012-04-06 10:33:31 518144 ----a-w- C:\Windows\SWREG.exe
2012-04-06 10:33:31 256000 ----a-w- C:\Windows\PEV.exe
2012-04-06 10:33:31 208896 ----a-w- C:\Windows\MBR.exe
2012-04-06 10:33:22 -------- d-----w- C:\comfix.exe
2012-04-06 10:32:42 -------- d-----w- C:\ComboFix
2012-03-18 00:25:52 -------- d-----w- C:\Program Files\Ventrilo
2012-03-12 02:40:02 -------- d-----w- C:\Program Files (x86)\NCSoft
2012-03-07 12:36:26 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
.
==================== Find3M ====================
.
2012-03-14 00:25:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 7:37:24.79 ===============

Attached Files


Edited by Cyferz, 06 April 2012 - 07:12 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:12 AM

Posted 07 April 2012 - 05:06 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Cyferz

Cyferz
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 07 April 2012 - 02:35 PM

After running combofix with zero problems and the computer reboot, my avast! anti-virus has failed to start up. When using Google Chrome, the www.google.com certificate is still marked as invalid. Also, Google Chrome takes a longer time than usual to start up.

Other than that the computer is running as usual. There are no certificate or re-directions on Firefox, which is the browser I am currently using.

Combofix Log:

ComboFix 12-04-06.02 - iaj 07/04/2012 15:09:21.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.2811.2000 [GMT -4:00]
Running from: c:\users\iaj\Desktop\comfix.exe.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-07 19:21 . 2012-04-07 19:21 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-07 19:21 . 2012-04-07 19:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-07 19:21 . 2012-04-07 19:21 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-04-06 10:33 . 2012-04-06 10:54 -------- d-----w- C:\comfix.exe
2012-04-06 10:32 . 2012-04-07 19:07 -------- d-----w- C:\ComboFix
2012-03-18 00:25 . 2012-03-18 00:25 -------- d-----w- c:\program files\Ventrilo
2012-03-14 00:26 . 2012-03-14 00:26 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-12 02:40 . 2012-03-12 02:41 -------- d-----w- c:\program files (x86)\NCSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 00:25 . 2010-07-22 08:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-06_10.49.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-04-07 19:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-06 10:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-07 19:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-06 10:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-06 10:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-07 19:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-04-06 10:50 32234 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-30 13:39 . 2012-04-06 10:50 10970 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1855026067-3726738363-2009836115-1000_UserData.bin
- 2010-06-30 13:37 . 2012-04-05 17:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-30 13:37 . 2012-04-07 19:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-30 13:37 . 2012-04-05 17:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-30 13:37 . 2012-04-07 19:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-06 10:48 . 2012-04-06 10:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-07 19:22 . 2012-04-07 19:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-06 10:48 . 2012-04-06 10:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-07 19:22 . 2012-04-07 19:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-05 02:57 667004 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 10:55 667004 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-05 02:57 125648 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-06 10:55 125648 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-06 10:47 396524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-07 19:22 396524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-04-06 05:07 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-04-07 17:30 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-07-18 22:23 . 2012-04-07 19:22 1070172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1855026067-3726738363-2009836115-1000-12288.dat
- 2011-07-18 22:23 . 2012-04-06 10:47 1070172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1855026067-3726738363-2009836115-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\users\iaj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SynTPEnh - Shortcut.lnk - c:\program files\Synaptics\SynTP\SynTPEnh.exe [2010-10-15 2097960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 ntiomin;ntiomin; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 136176]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato\IrisOnline\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 136176]
R3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va001;X6va001;c:\users\iaj\AppData\Local\Temp\0011CFD.tmp [x]
R3 X6va002;X6va002;c:\users\iaj\AppData\Local\Temp\002D307.tmp [x]
R3 X6va003;X6va003;c:\users\iaj\AppData\Local\Temp\0035941.tmp [x]
R3 X6va005;X6va005;c:\users\iaj\AppData\Local\Temp\00586FF.tmp [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-07-23 92216]
R4 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-12 19968]
R4 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-19 315392]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-02-05 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 10:17]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 10:17]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1855026067-3726738363-2009836115-1000Core.job
- c:\users\iaj\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-22 13:25]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1855026067-3726738363-2009836115-1000UA.job
- c:\users\iaj\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-22 13:25]
.
2012-04-06 c:\windows\Tasks\HPCeeScheduleForiaj.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-12 451072]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>?r?r?r?r?r?r?r?r?r?r?r?r??? ??;<local>†††??
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\iaj\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\iaj\AppData\Roaming\Mozilla\Firefox\Profiles\xe517z8g.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\iaj\AppData\Local\Temp\0011CFD.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va002]
"ImagePath"="\??\c:\users\iaj\AppData\Local\Temp\002D307.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\iaj\AppData\Local\Temp\0035941.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\iaj\AppData\Local\Temp\00586FF.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1855026067-3726738363-2009836115-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:5a,ac,47,a1,5d,19,06,60,75,a4,0f,d2,0c,8d,ab,ab,37,b2,e5,98,1b,bc,5d,
4d,d3,7d,eb,64,3b,c8,89,be,b5,de,da,36,73,39,fb,35,61,67,31,71,20,03,8c,8d,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1855026067-3726738363-2009836115-1000\Software\SecuROM\License information*]
"datasecu"=hex:0f,50,bc,39,5c,bd,8f,68,5a,65,e2,37,bb,30,ca,58,4b,89,88,9e,72,
24,6d,8b,94,6e,46,32,bb,d3,aa,8e,a6,83,d0,2d,bf,00,28,d6,0d,f2,0d,d6,dc,f2,\
"rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-04-07 15:28:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-07 19:28
ComboFix2.txt 2012-04-06 10:54
.
Pre-Run: 105,494,413,312 bytes free
Post-Run: 105,619,746,816 bytes free
.
- - End Of File - - BC6FBB38E88FCBC7372BAFE0F690F1C6

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:12 AM

Posted 07 April 2012 - 05:47 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Cyferz

Cyferz
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 08 April 2012 - 12:19 PM

TDSKiller Report:

03:15:40.0594 3324 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
03:15:40.0907 3324 ============================================================
03:15:40.0907 3324 Current date / time: 2012/04/08 03:15:40.0907
03:15:40.0907 3324 SystemInfo:
03:15:40.0907 3324
03:15:40.0908 3324 OS Version: 6.1.7600 ServicePack: 0.0
03:15:40.0908 3324 Product type: Workstation
03:15:40.0908 3324 ComputerName: IAJ-PC
03:15:40.0909 3324 UserName: iaj
03:15:40.0909 3324 Windows directory: C:\Windows
03:15:40.0909 3324 System windows directory: C:\Windows
03:15:40.0909 3324 Running under WOW64
03:15:40.0909 3324 Processor architecture: Intel x64
03:15:40.0909 3324 Number of processors: 2
03:15:40.0909 3324 Page size: 0x1000
03:15:40.0909 3324 Boot type: Normal boot
03:15:40.0909 3324 ============================================================
03:15:42.0062 3324 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:15:42.0073 3324 \Device\Harddisk0\DR0:
03:15:42.0073 3324 MBR used
03:15:42.0073 3324 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
03:15:42.0073 3324 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23889000
03:15:42.0073 3324 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x238ED000, BlocksNum 0x1B0D800
03:15:42.0073 3324 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
03:15:42.0142 3324 Initialize success
03:15:42.0142 3324 ============================================================
03:15:44.0102 2112 ============================================================
03:15:44.0102 2112 Scan started
03:15:44.0102 2112 Mode: Manual;
03:15:44.0102 2112 ============================================================
03:15:45.0125 2112 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
03:15:45.0131 2112 1394ohci - ok
03:15:45.0179 2112 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
03:15:45.0187 2112 ACPI - ok
03:15:45.0214 2112 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
03:15:45.0216 2112 AcpiPmi - ok
03:15:45.0267 2112 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
03:15:45.0281 2112 adp94xx - ok
03:15:45.0323 2112 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
03:15:45.0327 2112 adpahci - ok
03:15:45.0361 2112 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
03:15:45.0364 2112 adpu320 - ok
03:15:45.0391 2112 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
03:15:45.0393 2112 AeLookupSvc - ok
03:15:45.0456 2112 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
03:15:45.0459 2112 AERTFilters - ok
03:15:45.0505 2112 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
03:15:45.0522 2112 AFD - ok
03:15:45.0563 2112 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
03:15:45.0564 2112 AgereModemAudio - ok
03:15:45.0630 2112 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys
03:15:45.0663 2112 AgereSoftModem - ok
03:15:45.0702 2112 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
03:15:45.0703 2112 agp440 - ok
03:15:45.0746 2112 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
03:15:45.0750 2112 ALG - ok
03:15:45.0772 2112 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
03:15:45.0774 2112 aliide - ok
03:15:45.0830 2112 AMD External Events Utility (0de7bf2a2e64a841f9abf9558870d9c4) C:\Windows\system32\atiesrxx.exe
03:15:45.0836 2112 AMD External Events Utility - ok
03:15:45.0860 2112 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
03:15:45.0862 2112 amdide - ok
03:15:45.0896 2112 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
03:15:45.0899 2112 AmdK8 - ok
03:15:46.0057 2112 amdkmdag (f284da3156166b45d02acc3c228ade1e) C:\Windows\system32\DRIVERS\atipmdag.sys
03:15:46.0194 2112 amdkmdag - ok
03:15:46.0219 2112 amdkmdap (91e1daf0193bd2ab90b1b35c987237fe) C:\Windows\system32\DRIVERS\atikmpag.sys
03:15:46.0221 2112 amdkmdap - ok
03:15:46.0252 2112 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
03:15:46.0253 2112 AmdPPM - ok
03:15:46.0272 2112 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
03:15:46.0274 2112 amdsata - ok
03:15:46.0318 2112 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
03:15:46.0323 2112 amdsbs - ok
03:15:46.0347 2112 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
03:15:46.0349 2112 amdxata - ok
03:15:46.0388 2112 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
03:15:46.0390 2112 AppID - ok
03:15:46.0420 2112 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
03:15:46.0423 2112 AppIDSvc - ok
03:15:46.0440 2112 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
03:15:46.0443 2112 Appinfo - ok
03:15:46.0539 2112 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
03:15:46.0543 2112 Apple Mobile Device - ok
03:15:46.0610 2112 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
03:15:46.0614 2112 arc - ok
03:15:46.0643 2112 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
03:15:46.0647 2112 arcsas - ok
03:15:46.0745 2112 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
03:15:46.0748 2112 aspnet_state - ok
03:15:46.0791 2112 aswFsBlk (f810e3ea3d1f3c3ba26f2f4719bdca4f) C:\Windows\system32\drivers\aswFsBlk.sys
03:15:46.0793 2112 aswFsBlk - ok
03:15:46.0845 2112 aswMonFlt (3687fd9cedf56d3b9f18923f4e14f3f9) C:\Windows\system32\drivers\aswMonFlt.sys
03:15:46.0847 2112 aswMonFlt - ok
03:15:46.0883 2112 aswRdr (e99e48596b35e5d5240104bcd61b3471) C:\Windows\system32\drivers\aswRdr.sys
03:15:46.0884 2112 aswRdr - ok
03:15:46.0963 2112 aswSnx (84ad8fb3fd2efa52d8599a0028bbb6fe) C:\Windows\system32\drivers\aswSnx.sys
03:15:46.0971 2112 aswSnx - ok
03:15:47.0001 2112 aswSP (8cba6cc5dca9e3829f1792bf98f06901) C:\Windows\system32\drivers\aswSP.sys
03:15:47.0006 2112 aswSP - ok
03:15:47.0028 2112 aswTdi (184248f2ded7b1641c7f3b30381baa2a) C:\Windows\system32\drivers\aswTdi.sys
03:15:47.0029 2112 aswTdi - ok
03:15:47.0062 2112 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
03:15:47.0064 2112 AsyncMac - ok
03:15:47.0096 2112 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
03:15:47.0098 2112 atapi - ok
03:15:47.0145 2112 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
03:15:47.0149 2112 AtiHdmiService - ok
03:15:47.0185 2112 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
03:15:47.0187 2112 AtiPcie - ok
03:15:47.0239 2112 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
03:15:47.0265 2112 AudioEndpointBuilder - ok
03:15:47.0285 2112 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
03:15:47.0297 2112 AudioSrv - ok
03:15:47.0384 2112 avast! Antivirus (2695e3e9497bf72abb44b5010ec5da16) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
03:15:47.0386 2112 avast! Antivirus - ok
03:15:47.0422 2112 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
03:15:47.0427 2112 AxInstSV - ok
03:15:47.0474 2112 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
03:15:47.0492 2112 b06bdrv - ok
03:15:47.0535 2112 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
03:15:47.0542 2112 b57nd60a - ok
03:15:47.0680 2112 BCM43XX (6c95dd14cfd30b0617b91dc6a0b1a1fb) C:\Windows\system32\DRIVERS\bcmwl664.sys
03:15:47.0710 2112 BCM43XX - ok
03:15:47.0730 2112 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
03:15:47.0734 2112 BDESVC - ok
03:15:47.0755 2112 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
03:15:47.0757 2112 Beep - ok
03:15:47.0804 2112 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
03:15:47.0830 2112 BFE - ok
03:15:47.0874 2112 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
03:15:47.0909 2112 BITS - ok
03:15:47.0952 2112 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
03:15:47.0954 2112 blbdrive - ok
03:15:48.0054 2112 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
03:15:48.0071 2112 Bonjour Service - ok
03:15:48.0105 2112 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
03:15:48.0113 2112 bowser - ok
03:15:48.0157 2112 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
03:15:48.0159 2112 BrFiltLo - ok
03:15:48.0176 2112 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
03:15:48.0178 2112 BrFiltUp - ok
03:15:48.0213 2112 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
03:15:48.0217 2112 BridgeMP - ok
03:15:48.0249 2112 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
03:15:48.0254 2112 Browser - ok
03:15:48.0298 2112 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys
03:15:48.0314 2112 BrSerIb - ok
03:15:48.0345 2112 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
03:15:48.0360 2112 Brserid - ok
03:15:48.0380 2112 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
03:15:48.0383 2112 BrSerWdm - ok
03:15:48.0405 2112 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
03:15:48.0407 2112 BrUsbMdm - ok
03:15:48.0440 2112 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
03:15:48.0442 2112 BrUsbSer - ok
03:15:48.0491 2112 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
03:15:48.0493 2112 BrUsbSIb - ok
03:15:48.0525 2112 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
03:15:48.0529 2112 BTHMODEM - ok
03:15:48.0580 2112 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
03:15:48.0584 2112 bthserv - ok
03:15:48.0615 2112 catchme - ok
03:15:48.0675 2112 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
03:15:48.0678 2112 cdfs - ok
03:15:48.0748 2112 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
03:15:48.0753 2112 cdrom - ok
03:15:48.0783 2112 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
03:15:48.0787 2112 CertPropSvc - ok
03:15:48.0811 2112 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
03:15:48.0813 2112 circlass - ok
03:15:48.0847 2112 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
03:15:48.0864 2112 CLFS - ok
03:15:48.0915 2112 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:15:48.0919 2112 clr_optimization_v2.0.50727_32 - ok
03:15:48.0969 2112 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:15:48.0973 2112 clr_optimization_v2.0.50727_64 - ok
03:15:49.0072 2112 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:15:49.0078 2112 clr_optimization_v4.0.30319_32 - ok
03:15:49.0099 2112 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:15:49.0104 2112 clr_optimization_v4.0.30319_64 - ok
03:15:49.0135 2112 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
03:15:49.0137 2112 CmBatt - ok
03:15:49.0162 2112 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
03:15:49.0164 2112 cmdide - ok
03:15:49.0199 2112 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
03:15:49.0216 2112 CNG - ok
03:15:49.0248 2112 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
03:15:49.0250 2112 Compbatt - ok
03:15:49.0278 2112 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
03:15:49.0280 2112 CompositeBus - ok
03:15:49.0304 2112 COMSysApp - ok
03:15:49.0339 2112 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
03:15:49.0341 2112 crcdisk - ok
03:15:49.0386 2112 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
03:15:49.0392 2112 CryptSvc - ok
03:15:49.0433 2112 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
03:15:49.0460 2112 DcomLaunch - ok
03:15:49.0495 2112 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
03:15:49.0512 2112 defragsvc - ok
03:15:49.0548 2112 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
03:15:49.0552 2112 DfsC - ok
03:15:49.0575 2112 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
03:15:49.0591 2112 Dhcp - ok
03:15:49.0612 2112 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
03:15:49.0615 2112 discache - ok
03:15:49.0656 2112 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
03:15:49.0658 2112 Disk - ok
03:15:49.0677 2112 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
03:15:49.0682 2112 Dnscache - ok
03:15:49.0701 2112 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
03:15:49.0707 2112 dot3svc - ok
03:15:49.0727 2112 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
03:15:49.0731 2112 DPS - ok
03:15:49.0763 2112 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
03:15:49.0764 2112 drmkaud - ok
03:15:49.0854 2112 dump_wmimmc - ok
03:15:49.0916 2112 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
03:15:49.0932 2112 DXGKrnl - ok
03:15:49.0963 2112 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
03:15:49.0967 2112 EapHost - ok
03:15:50.0072 2112 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
03:15:50.0140 2112 ebdrv - ok
03:15:50.0165 2112 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
03:15:50.0168 2112 EFS - ok
03:15:50.0237 2112 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
03:15:50.0264 2112 ehRecvr - ok
03:15:50.0286 2112 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
03:15:50.0290 2112 ehSched - ok
03:15:50.0349 2112 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
03:15:50.0365 2112 elxstor - ok
03:15:50.0398 2112 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
03:15:50.0400 2112 ErrDev - ok
03:15:50.0469 2112 EuMusDesignVirtualAudioCableWdm (932c05033053ada2404fd836c9ab2c70) C:\Windows\system32\DRIVERS\vrtaucbl.sys
03:15:50.0472 2112 EuMusDesignVirtualAudioCableWdm - ok
03:15:50.0523 2112 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
03:15:50.0540 2112 EventSystem - ok
03:15:50.0590 2112 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
03:15:50.0596 2112 exfat - ok
03:15:50.0642 2112 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
03:15:50.0648 2112 fastfat - ok
03:15:50.0717 2112 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
03:15:50.0745 2112 Fax - ok
03:15:50.0799 2112 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
03:15:50.0801 2112 fdc - ok
03:15:50.0853 2112 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
03:15:50.0876 2112 fdPHost - ok
03:15:50.0996 2112 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
03:15:51.0001 2112 FDResPub - ok
03:15:51.0021 2112 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
03:15:51.0025 2112 FileInfo - ok
03:15:51.0048 2112 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
03:15:51.0051 2112 Filetrace - ok
03:15:51.0075 2112 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
03:15:51.0077 2112 flpydisk - ok
03:15:51.0117 2112 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
03:15:51.0133 2112 FltMgr - ok
03:15:51.0203 2112 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
03:15:51.0248 2112 FontCache - ok
03:15:51.0291 2112 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:15:51.0295 2112 FontCache3.0.0.0 - ok
03:15:51.0319 2112 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
03:15:51.0323 2112 FsDepends - ok
03:15:51.0344 2112 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
03:15:51.0346 2112 Fs_Rec - ok
03:15:51.0399 2112 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
03:15:51.0406 2112 fvevol - ok
03:15:51.0446 2112 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
03:15:51.0449 2112 gagp30kx - ok
03:15:51.0507 2112 GameConsoleService (e53ee18a21c025deabcfe0f72fc481bb) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
03:15:51.0515 2112 GameConsoleService - ok
03:15:51.0552 2112 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
03:15:51.0554 2112 GEARAspiWDM - ok
03:15:51.0601 2112 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
03:15:51.0628 2112 gpsvc - ok
03:15:51.0685 2112 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:15:51.0689 2112 gupdate - ok
03:15:51.0726 2112 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:15:51.0729 2112 gupdatem - ok
03:15:51.0780 2112 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
03:15:51.0782 2112 hamachi - ok
03:15:51.0897 2112 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
03:15:51.0935 2112 Hamachi2Svc - ok
03:15:51.0961 2112 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
03:15:51.0962 2112 hcw85cir - ok
03:15:51.0999 2112 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
03:15:52.0015 2112 HdAudAddService - ok
03:15:52.0040 2112 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
03:15:52.0045 2112 HDAudBus - ok
03:15:52.0064 2112 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
03:15:52.0066 2112 HidBatt - ok
03:15:52.0088 2112 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
03:15:52.0092 2112 HidBth - ok
03:15:52.0108 2112 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
03:15:52.0111 2112 HidIr - ok
03:15:52.0148 2112 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
03:15:52.0153 2112 hidserv - ok
03:15:52.0180 2112 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
03:15:52.0182 2112 HidUsb - ok
03:15:52.0210 2112 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
03:15:52.0218 2112 hkmsvc - ok
03:15:52.0243 2112 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
03:15:52.0250 2112 HomeGroupListener - ok
03:15:52.0284 2112 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
03:15:52.0301 2112 HomeGroupProvider - ok
03:15:52.0380 2112 HP Health Check Service (c84bcc03858daeac4db1e95efcce1934) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
03:15:52.0385 2112 HP Health Check Service - ok
03:15:52.0453 2112 HP Wireless Assistant Service (9abd12fce4a62905731c286bb1d66789) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
03:15:52.0460 2112 HP Wireless Assistant Service - ok
03:15:52.0497 2112 HPDrvMntSvc.exe (bc5f7ec2100e5f6a57df6ea1b08d8d7f) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
03:15:52.0501 2112 HPDrvMntSvc.exe - ok
03:15:52.0548 2112 hpqwmiex (d1a45a5ff3b4cd53909b55eef35c374b) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
03:15:52.0575 2112 hpqwmiex - ok
03:15:52.0682 2112 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
03:15:52.0685 2112 HpSAMD - ok
03:15:52.0723 2112 HPWMISVC (ddd6eb8c32aaf5797d71413f2fc7a00f) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
03:15:52.0726 2112 HPWMISVC - ok
03:15:52.0790 2112 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
03:15:52.0817 2112 HTTP - ok
03:15:52.0831 2112 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
03:15:52.0833 2112 hwpolicy - ok
03:15:52.0890 2112 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
03:15:52.0894 2112 i8042prt - ok
03:15:52.0947 2112 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
03:15:52.0964 2112 iaStorV - ok
03:15:53.0028 2112 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:15:53.0054 2112 idsvc - ok
03:15:53.0216 2112 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
03:15:53.0379 2112 igfx - ok
03:15:53.0417 2112 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
03:15:53.0419 2112 iirsp - ok
03:15:53.0471 2112 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
03:15:53.0505 2112 IKEEXT - ok
03:15:53.0614 2112 IntcAzAudAddService (b88e24bd77a0ce2cffee2facf1151be0) C:\Windows\system32\drivers\RTKVHD64.sys
03:15:53.0644 2112 IntcAzAudAddService - ok
03:15:53.0660 2112 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
03:15:53.0661 2112 intelide - ok
03:15:53.0692 2112 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
03:15:53.0693 2112 intelppm - ok
03:15:53.0709 2112 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
03:15:53.0713 2112 IPBusEnum - ok
03:15:53.0723 2112 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:15:53.0725 2112 IpFilterDriver - ok
03:15:53.0748 2112 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
03:15:53.0764 2112 iphlpsvc - ok
03:15:53.0786 2112 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
03:15:53.0787 2112 IPMIDRV - ok
03:15:53.0805 2112 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
03:15:53.0807 2112 IPNAT - ok
03:15:53.0912 2112 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
03:15:53.0947 2112 iPod Service - ok
03:15:53.0978 2112 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
03:15:53.0980 2112 IRENUM - ok
03:15:53.0996 2112 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
03:15:53.0997 2112 isapnp - ok
03:15:54.0032 2112 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
03:15:54.0039 2112 iScsiPrt - ok
03:15:54.0074 2112 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
03:15:54.0077 2112 kbdclass - ok
03:15:54.0124 2112 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
03:15:54.0126 2112 kbdhid - ok
03:15:54.0159 2112 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:15:54.0165 2112 KeyIso - ok
03:15:54.0185 2112 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
03:15:54.0188 2112 KSecDD - ok
03:15:54.0225 2112 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
03:15:54.0230 2112 KSecPkg - ok
03:15:54.0255 2112 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
03:15:54.0257 2112 ksthunk - ok
03:15:54.0284 2112 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
03:15:54.0302 2112 KtmRm - ok
03:15:54.0373 2112 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
03:15:54.0399 2112 LanmanServer - ok
03:15:54.0432 2112 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
03:15:54.0445 2112 LanmanWorkstation - ok
03:15:54.0536 2112 LeapFrog-USBLAN (797289607a5ebf31353aa5ead141f872) C:\Windows\system32\DRIVERS\btblan.sys
03:15:54.0539 2112 LeapFrog-USBLAN - ok
03:15:54.0576 2112 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
03:15:54.0579 2112 lltdio - ok
03:15:54.0616 2112 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
03:15:54.0633 2112 lltdsvc - ok
03:15:54.0655 2112 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
03:15:54.0661 2112 lmhosts - ok
03:15:54.0690 2112 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
03:15:54.0695 2112 LSI_FC - ok
03:15:54.0729 2112 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
03:15:54.0733 2112 LSI_SAS - ok
03:15:54.0766 2112 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
03:15:54.0770 2112 LSI_SAS2 - ok
03:15:54.0788 2112 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
03:15:54.0793 2112 LSI_SCSI - ok
03:15:54.0818 2112 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
03:15:54.0823 2112 luafv - ok
03:15:54.0857 2112 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
03:15:54.0865 2112 Mcx2Svc - ok
03:15:54.0892 2112 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
03:15:54.0894 2112 megasas - ok
03:15:54.0921 2112 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
03:15:54.0929 2112 MegaSR - ok
03:15:55.0032 2112 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
03:15:55.0036 2112 Microsoft Office Groove Audit Service - ok
03:15:55.0066 2112 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
03:15:55.0073 2112 MMCSS - ok
03:15:55.0093 2112 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
03:15:55.0096 2112 Modem - ok
03:15:55.0113 2112 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
03:15:55.0115 2112 monitor - ok
03:15:55.0147 2112 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
03:15:55.0149 2112 mouclass - ok
03:15:55.0183 2112 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
03:15:55.0185 2112 mouhid - ok
03:15:55.0205 2112 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
03:15:55.0209 2112 mountmgr - ok
03:15:55.0233 2112 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
03:15:55.0239 2112 mpio - ok
03:15:55.0260 2112 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
03:15:55.0263 2112 mpsdrv - ok
03:15:55.0308 2112 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
03:15:55.0343 2112 MpsSvc - ok
03:15:55.0374 2112 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
03:15:55.0379 2112 MRxDAV - ok
03:15:55.0417 2112 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
03:15:55.0423 2112 mrxsmb - ok
03:15:55.0448 2112 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:15:55.0455 2112 mrxsmb10 - ok
03:15:55.0485 2112 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:15:55.0490 2112 mrxsmb20 - ok
03:15:55.0513 2112 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
03:15:55.0515 2112 msahci - ok
03:15:55.0546 2112 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
03:15:55.0551 2112 msdsm - ok
03:15:55.0581 2112 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
03:15:55.0590 2112 MSDTC - ok
03:15:55.0638 2112 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
03:15:55.0641 2112 Msfs - ok
03:15:55.0681 2112 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
03:15:55.0683 2112 mshidkmdf - ok
03:15:55.0708 2112 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
03:15:55.0710 2112 msisadrv - ok
03:15:55.0741 2112 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
03:15:55.0750 2112 MSiSCSI - ok
03:15:55.0762 2112 msiserver - ok
03:15:55.0804 2112 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
03:15:55.0806 2112 MSKSSRV - ok
03:15:55.0838 2112 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
03:15:55.0840 2112 MSPCLOCK - ok
03:15:55.0861 2112 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
03:15:55.0863 2112 MSPQM - ok
03:15:55.0898 2112 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
03:15:55.0915 2112 MsRPC - ok
03:15:55.0947 2112 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
03:15:55.0949 2112 mssmbios - ok
03:15:55.0974 2112 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
03:15:55.0977 2112 MSTEE - ok
03:15:56.0020 2112 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
03:15:56.0022 2112 MTConfig - ok
03:15:56.0057 2112 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
03:15:56.0060 2112 Mup - ok
03:15:56.0105 2112 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
03:15:56.0131 2112 napagent - ok
03:15:56.0164 2112 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
03:15:56.0172 2112 NativeWifiP - ok
03:15:56.0223 2112 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
03:15:56.0258 2112 NDIS - ok
03:15:56.0285 2112 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
03:15:56.0288 2112 NdisCap - ok
03:15:56.0317 2112 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
03:15:56.0319 2112 NdisTapi - ok
03:15:56.0358 2112 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
03:15:56.0361 2112 Ndisuio - ok
03:15:56.0388 2112 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
03:15:56.0394 2112 NdisWan - ok
03:15:56.0407 2112 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
03:15:56.0411 2112 NDProxy - ok
03:15:56.0494 2112 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
03:15:56.0496 2112 Netaapl - ok
03:15:56.0519 2112 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
03:15:56.0522 2112 NetBIOS - ok
03:15:56.0547 2112 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
03:15:56.0563 2112 NetBT - ok
03:15:56.0598 2112 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:15:56.0604 2112 Netlogon - ok
03:15:56.0639 2112 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
03:15:56.0655 2112 Netman - ok
03:15:56.0775 2112 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:15:56.0781 2112 NetMsmqActivator - ok
03:15:56.0797 2112 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:15:56.0801 2112 NetPipeActivator - ok
03:15:56.0836 2112 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
03:15:56.0856 2112 netprofm - ok
03:15:56.0880 2112 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:15:56.0884 2112 NetTcpActivator - ok
03:15:56.0892 2112 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:15:56.0896 2112 NetTcpPortSharing - ok
03:15:57.0088 2112 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
03:15:57.0223 2112 netw5v64 - ok
03:15:57.0266 2112 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
03:15:57.0270 2112 nfrd960 - ok
03:15:57.0303 2112 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
03:15:57.0320 2112 NlaSvc - ok
03:15:57.0341 2112 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
03:15:57.0344 2112 Npfs - ok
03:15:57.0378 2112 npggsvc - ok
03:15:57.0395 2112 NPPTNT2 - ok
03:15:57.0416 2112 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
03:15:57.0424 2112 nsi - ok
03:15:57.0441 2112 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
03:15:57.0444 2112 nsiproxy - ok
03:15:57.0498 2112 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
03:15:57.0533 2112 Ntfs - ok
03:15:57.0556 2112 ntiomin - ok
03:15:57.0578 2112 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
03:15:57.0580 2112 Null - ok
03:15:57.0614 2112 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
03:15:57.0620 2112 nvraid - ok
03:15:57.0650 2112 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
03:15:57.0655 2112 nvstor - ok
03:15:57.0671 2112 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
03:15:57.0674 2112 nv_agp - ok
03:15:57.0781 2112 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
03:15:57.0799 2112 odserv - ok
03:15:57.0829 2112 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
03:15:57.0832 2112 ohci1394 - ok
03:15:57.0861 2112 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:15:57.0866 2112 ose - ok
03:15:57.0903 2112 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
03:15:57.0921 2112 p2pimsvc - ok
03:15:57.0957 2112 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
03:15:57.0985 2112 p2psvc - ok
03:15:58.0013 2112 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
03:15:58.0018 2112 Parport - ok
03:15:58.0042 2112 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
03:15:58.0045 2112 partmgr - ok
03:15:58.0068 2112 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
03:15:58.0086 2112 PcaSvc - ok
03:15:58.0108 2112 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
03:15:58.0113 2112 pci - ok
03:15:58.0135 2112 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
03:15:58.0137 2112 pciide - ok
03:15:58.0167 2112 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
03:15:58.0174 2112 pcmcia - ok
03:15:58.0197 2112 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
03:15:58.0201 2112 pcw - ok
03:15:58.0240 2112 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
03:15:58.0267 2112 PEAUTH - ok
03:15:58.0334 2112 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
03:15:58.0341 2112 PerfHost - ok
03:15:58.0407 2112 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
03:15:58.0470 2112 pla - ok
03:15:58.0526 2112 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
03:15:58.0552 2112 PlugPlay - ok
03:15:58.0579 2112 PnkBstrA - ok
03:15:58.0595 2112 PnkBstrB - ok
03:15:58.0622 2112 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
03:15:58.0631 2112 PNRPAutoReg - ok
03:15:58.0661 2112 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
03:15:58.0674 2112 PNRPsvc - ok
03:15:58.0715 2112 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
03:15:58.0742 2112 PolicyAgent - ok
03:15:58.0771 2112 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
03:15:58.0788 2112 Power - ok
03:15:58.0842 2112 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
03:15:58.0846 2112 PptpMiniport - ok
03:15:58.0880 2112 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
03:15:58.0883 2112 Processor - ok
03:15:58.0910 2112 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
03:15:58.0927 2112 ProfSvc - ok
03:15:58.0944 2112 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:15:58.0950 2112 ProtectedStorage - ok
03:15:58.0981 2112 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
03:15:58.0985 2112 Psched - ok
03:15:59.0050 2112 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
03:15:59.0100 2112 ql2300 - ok
03:15:59.0132 2112 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
03:15:59.0136 2112 ql40xx - ok
03:15:59.0161 2112 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
03:15:59.0170 2112 QWAVE - ok
03:15:59.0190 2112 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
03:15:59.0192 2112 QWAVEdrv - ok
03:15:59.0210 2112 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
03:15:59.0211 2112 RasAcd - ok
03:15:59.0241 2112 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
03:15:59.0243 2112 RasAgileVpn - ok
03:15:59.0258 2112 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
03:15:59.0265 2112 RasAuto - ok
03:15:59.0288 2112 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
03:15:59.0291 2112 Rasl2tp - ok
03:15:59.0314 2112 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
03:15:59.0329 2112 RasMan - ok
03:15:59.0348 2112 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
03:15:59.0351 2112 RasPppoe - ok
03:15:59.0367 2112 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
03:15:59.0369 2112 RasSstp - ok
03:15:59.0390 2112 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
03:15:59.0396 2112 rdbss - ok
03:15:59.0413 2112 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
03:15:59.0414 2112 rdpbus - ok
03:15:59.0435 2112 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
03:15:59.0436 2112 RDPCDD - ok
03:15:59.0456 2112 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
03:15:59.0457 2112 RDPENCDD - ok
03:15:59.0478 2112 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
03:15:59.0480 2112 RDPREFMP - ok
03:15:59.0502 2112 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
03:15:59.0507 2112 RDPWD - ok
03:15:59.0525 2112 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
03:15:59.0530 2112 rdyboost - ok
03:15:59.0554 2112 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
03:15:59.0559 2112 RemoteAccess - ok
03:15:59.0576 2112 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
03:15:59.0583 2112 RemoteRegistry - ok
03:15:59.0601 2112 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
03:15:59.0606 2112 RpcEptMapper - ok
03:15:59.0628 2112 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
03:15:59.0632 2112 RpcLocator - ok
03:15:59.0657 2112 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
03:15:59.0666 2112 RpcSs - ok
03:15:59.0684 2112 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
03:15:59.0687 2112 rspndr - ok
03:15:59.0727 2112 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\system32\Drivers\RtsUStor.sys
03:15:59.0733 2112 RSUSBSTOR - ok
03:15:59.0783 2112 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
03:15:59.0799 2112 RTL8167 - ok
03:15:59.0853 2112 RtVOsdService (5fff3e71b4724bb10918fd6dd7413d99) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
03:15:59.0861 2112 RtVOsdService - ok
03:15:59.0884 2112 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:15:59.0890 2112 SamSs - ok
03:15:59.0914 2112 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
03:15:59.0918 2112 sbp2port - ok
03:15:59.0945 2112 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
03:15:59.0962 2112 SCardSvr - ok
03:15:59.0985 2112 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
03:15:59.0988 2112 scfilter - ok
03:16:00.0061 2112 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
03:16:00.0105 2112 Schedule - ok
03:16:00.0140 2112 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
03:16:00.0142 2112 SCPolicySvc - ok
03:16:00.0184 2112 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
03:16:00.0189 2112 sdbus - ok
03:16:00.0221 2112 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
03:16:00.0233 2112 SDRSVC - ok
03:16:00.0247 2112 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
03:16:00.0249 2112 secdrv - ok
03:16:00.0275 2112 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
03:16:00.0284 2112 seclogon - ok
03:16:00.0300 2112 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
03:16:00.0308 2112 SENS - ok
03:16:00.0336 2112 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
03:16:00.0344 2112 SensrSvc - ok
03:16:00.0366 2112 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
03:16:00.0368 2112 Serenum - ok
03:16:00.0387 2112 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
03:16:00.0390 2112 Serial - ok
03:16:00.0452 2112 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
03:16:00.0454 2112 sermouse - ok
03:16:00.0495 2112 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
03:16:00.0502 2112 SessionEnv - ok
03:16:00.0528 2112 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
03:16:00.0529 2112 sffdisk - ok
03:16:00.0563 2112 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
03:16:00.0565 2112 sffp_mmc - ok
03:16:00.0593 2112 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
03:16:00.0596 2112 sffp_sd - ok
03:16:00.0617 2112 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
03:16:00.0619 2112 sfloppy - ok
03:16:00.0657 2112 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
03:16:00.0673 2112 SharedAccess - ok
03:16:00.0700 2112 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
03:16:00.0716 2112 ShellHWDetection - ok
03:16:00.0752 2112 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
03:16:00.0755 2112 SiSRaid2 - ok
03:16:00.0785 2112 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
03:16:00.0789 2112 SiSRaid4 - ok
03:16:00.0828 2112 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
03:16:00.0833 2112 Smb - ok
03:16:00.0868 2112 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
03:16:00.0877 2112 SNMPTRAP - ok
03:16:00.0938 2112 speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\Windows\syswow64\speedfan.sys
03:16:00.0947 2112 speedfan - ok
03:16:00.0977 2112 spfdrv - ok
03:16:01.0002 2112 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
03:16:01.0005 2112 spldr - ok
03:16:01.0066 2112 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
03:16:01.0093 2112 Spooler - ok
03:16:01.0203 2112 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
03:16:01.0297 2112 sppsvc - ok
03:16:01.0317 2112 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
03:16:01.0323 2112 sppuinotify - ok
03:16:01.0390 2112 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
03:16:01.0391 2112 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
03:16:01.0396 2112 sptd ( LockedFile.Multi.Generic ) - warning
03:16:01.0396 2112 sptd - detected LockedFile.Multi.Generic (1)
03:16:01.0450 2112 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
03:16:01.0468 2112 srv - ok
03:16:01.0524 2112 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
03:16:01.0541 2112 srv2 - ok
03:16:01.0586 2112 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
03:16:01.0594 2112 SrvHsfHDA - ok
03:16:01.0653 2112 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
03:16:01.0698 2112 SrvHsfV92 - ok
03:16:01.0734 2112 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
03:16:01.0754 2112 SrvHsfWinac - ok
03:16:01.0798 2112 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
03:16:01.0801 2112 srvnet - ok
03:16:01.0841 2112 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
03:16:01.0848 2112 SSDPSRV - ok
03:16:01.0866 2112 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
03:16:01.0871 2112 SstpSvc - ok
03:16:01.0925 2112 Steam Client Service - ok
03:16:01.0959 2112 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
03:16:01.0960 2112 stexstor - ok
03:16:01.0996 2112 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
03:16:02.0014 2112 stisvc - ok
03:16:02.0042 2112 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
03:16:02.0043 2112 swenum - ok
03:16:02.0062 2112 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
03:16:02.0077 2112 swprv - ok
03:16:02.0124 2112 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
03:16:02.0127 2112 SynTP - ok
03:16:02.0180 2112 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
03:16:02.0238 2112 SysMain - ok
03:16:02.0262 2112 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
03:16:02.0273 2112 TabletInputService - ok
03:16:02.0300 2112 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
03:16:02.0319 2112 TapiSrv - ok
03:16:02.0337 2112 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
03:16:02.0347 2112 TBS - ok
03:16:02.0443 2112 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
03:16:02.0517 2112 Tcpip - ok
03:16:02.0568 2112 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
03:16:02.0582 2112 TCPIP6 - ok
03:16:02.0614 2112 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
03:16:02.0617 2112 tcpipreg - ok
03:16:02.0644 2112 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
03:16:02.0646 2112 TDPIPE - ok
03:16:02.0667 2112 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
03:16:02.0668 2112 TDTCP - ok
03:16:02.0697 2112 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
03:16:02.0701 2112 tdx - ok
03:16:02.0739 2112 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
03:16:02.0742 2112 TermDD - ok
03:16:02.0783 2112 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
03:16:02.0821 2112 TermService - ok
03:16:02.0838 2112 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
03:16:02.0848 2112 Themes - ok
03:16:02.0878 2112 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
03:16:02.0885 2112 THREADORDER - ok
03:16:02.0914 2112 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
03:16:02.0926 2112 TrkWks - ok
03:16:02.0970 2112 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
03:16:02.0976 2112 TrustedInstaller - ok
03:16:02.0998 2112 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
03:16:03.0001 2112 tssecsrv - ok
03:16:03.0029 2112 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
03:16:03.0034 2112 tunnel - ok
03:16:03.0060 2112 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
03:16:03.0063 2112 uagp35 - ok
03:16:03.0102 2112 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
03:16:03.0118 2112 udfs - ok
03:16:03.0154 2112 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
03:16:03.0159 2112 UI0Detect - ok
03:16:03.0177 2112 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
03:16:03.0179 2112 uliagpkx - ok
03:16:03.0211 2112 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
03:16:03.0214 2112 umbus - ok
03:16:03.0234 2112 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
03:16:03.0237 2112 UmPass - ok
03:16:03.0270 2112 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
03:16:03.0296 2112 upnphost - ok
03:16:03.0340 2112 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
03:16:03.0344 2112 USBAAPL64 - ok
03:16:03.0367 2112 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
03:16:03.0372 2112 usbccgp - ok
03:16:03.0409 2112 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
03:16:03.0413 2112 usbcir - ok
03:16:03.0446 2112 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
03:16:03.0448 2112 usbehci - ok
03:16:03.0475 2112 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
03:16:03.0476 2112 usbfilter - ok
03:16:03.0497 2112 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
03:16:03.0502 2112 usbhub - ok
03:16:03.0533 2112 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
03:16:03.0535 2112 usbohci - ok
03:16:03.0559 2112 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
03:16:03.0562 2112 usbprint - ok
03:16:03.0612 2112 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
03:16:03.0615 2112 usbscan - ok
03:16:03.0640 2112 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:16:03.0644 2112 USBSTOR - ok
03:16:03.0665 2112 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
03:16:03.0667 2112 usbuhci - ok
03:16:03.0719 2112 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
03:16:03.0725 2112 usbvideo - ok
03:16:03.0746 2112 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
03:16:03.0757 2112 UxSms - ok
03:16:03.0778 2112 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
03:16:03.0784 2112 VaultSvc - ok
03:16:03.0804 2112 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
03:16:03.0806 2112 vdrvroot - ok
03:16:03.0834 2112 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
03:16:03.0852 2112 vds - ok
03:16:03.0881 2112 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
03:16:03.0883 2112 vga - ok
03:16:03.0903 2112 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
03:16:03.0904 2112 VgaSave - ok
03:16:03.0935 2112 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
03:16:03.0940 2112 vhdmp - ok
03:16:03.0955 2112 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
03:16:03.0957 2112 viaide - ok
03:16:03.0981 2112 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
03:16:03.0983 2112 volmgr - ok
03:16:04.0010 2112 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
03:16:04.0025 2112 volmgrx - ok
03:16:04.0051 2112 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
03:16:04.0058 2112 volsnap - ok
03:16:04.0086 2112 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
03:16:04.0090 2112 vsmraid - ok
03:16:04.0138 2112 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
03:16:04.0181 2112 VSS - ok
03:16:04.0200 2112 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
03:16:04.0201 2112 vwifibus - ok
03:16:04.0239 2112 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
03:16:04.0243 2112 vwififlt - ok
03:16:04.0276 2112 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
03:16:04.0302 2112 W32Time - ok
03:16:04.0339 2112 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
03:16:04.0342 2112 WacomPen - ok
03:16:04.0383 2112 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
03:16:04.0387 2112 WANARP - ok
03:16:04.0395 2112 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
03:16:04.0398 2112 Wanarpv6 - ok
03:16:04.0477 2112 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
03:16:04.0538 2112 WatAdminSvc - ok
03:16:04.0587 2112 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
03:16:04.0634 2112 wbengine - ok
03:16:04.0662 2112 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
03:16:04.0688 2112 WbioSrvc - ok
03:16:04.0716 2112 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
03:16:04.0742 2112 wcncsvc - ok
03:16:04.0763 2112 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
03:16:04.0774 2112 WcsPlugInService - ok
03:16:04.0810 2112 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
03:16:04.0813 2112 Wd - ok
03:16:04.0852 2112 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
03:16:04.0878 2112 Wdf01000 - ok
03:16:04.0907 2112 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
03:16:04.0919 2112 WdiServiceHost - ok
03:16:04.0927 2112 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
03:16:04.0938 2112 WdiSystemHost - ok
03:16:04.0960 2112 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
03:16:04.0968 2112 WebClient - ok
03:16:04.0989 2112 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
03:16:04.0996 2112 Wecsvc - ok
03:16:05.0010 2112 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
03:16:05.0015 2112 wercplsupport - ok
03:16:05.0046 2112 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
03:16:05.0051 2112 WerSvc - ok
03:16:05.0071 2112 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
03:16:05.0076 2112 WfpLwf - ok
03:16:05.0094 2112 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
03:16:05.0096 2112 WIMMount - ok
03:16:05.0132 2112 WinDefend - ok
03:16:05.0151 2112 WinHttpAutoProxySvc - ok
03:16:05.0206 2112 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
03:16:05.0214 2112 Winmgmt - ok
03:16:05.0286 2112 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
03:16:05.0344 2112 WinRM - ok
03:16:05.0398 2112 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
03:16:05.0401 2112 WinUsb - ok
03:16:05.0448 2112 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
03:16:05.0483 2112 Wlansvc - ok
03:16:05.0619 2112 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:16:05.0690 2112 wlidsvc - ok
03:16:05.0728 2112 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
03:16:05.0731 2112 WmiAcpi - ok
03:16:05.0789 2112 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
03:16:05.0796 2112 wmiApSrv - ok
03:16:05.0838 2112 WMPNetworkSvc - ok
03:16:05.0870 2112 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
03:16:05.0881 2112 WPCSvc - ok
03:16:05.0901 2112 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
03:16:05.0915 2112 WPDBusEnum - ok
03:16:05.0931 2112 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
03:16:05.0934 2112 ws2ifsl - ok
03:16:05.0951 2112 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
03:16:05.0958 2112 wscsvc - ok
03:16:05.0967 2112 WSearch - ok
03:16:06.0057 2112 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
03:16:06.0125 2112 wuauserv - ok
03:16:06.0144 2112 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
03:16:06.0147 2112 WudfPf - ok
03:16:06.0171 2112 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
03:16:06.0174 2112 WUDFRd - ok
03:16:06.0205 2112 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
03:16:06.0214 2112 wudfsvc - ok
03:16:06.0245 2112 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
03:16:06.0271 2112 WwanSvc - ok
03:16:06.0338 2112 X6va001 - ok
03:16:06.0363 2112 X6va002 - ok
03:16:06.0377 2112 X6va003 - ok
03:16:06.0400 2112 X6va005 - ok
03:16:06.0448 2112 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
03:16:06.0465 2112 yukonw7 - ok
03:16:06.0532 2112 MBR (0x1B8) (8d75a3a0f5ce9892be3b0e149f873e14) \Device\Harddisk0\DR0
03:16:06.0567 2112 \Device\Harddisk0\DR0 - ok
03:16:06.0602 2112 Boot (0x1200) (0750a18622301b486952801389223a98) \Device\Harddisk0\DR0\Partition0
03:16:06.0605 2112 \Device\Harddisk0\DR0\Partition0 - ok
03:16:06.0618 2112 Boot (0x1200) (64a9624f0689dcf3825d76a85ec94cf5) \Device\Harddisk0\DR0\Partition1
03:16:06.0620 2112 \Device\Harddisk0\DR0\Partition1 - ok
03:16:06.0651 2112 Boot (0x1200) (3430da0fab0cdfe19a143de35bdbd0ed) \Device\Harddisk0\DR0\Partition2
03:16:06.0654 2112 \Device\Harddisk0\DR0\Partition2 - ok
03:16:06.0670 2112 Boot (0x1200) (c3154b5afefaca67de778899b15a3a45) \Device\Harddisk0\DR0\Partition3
03:16:06.0671 2112 \Device\Harddisk0\DR0\Partition3 - ok
03:16:06.0672 2112 ============================================================
03:16:06.0672 2112 Scan finished
03:16:06.0672 2112 ============================================================
03:16:06.0696 3524 Detected object count: 1
03:16:06.0696 3524 Actual detected object count: 1
03:17:29.0878 3524 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
03:17:29.0885 3524 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
03:17:29.0917 3524 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot
03:17:30.0093 3524 C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot
03:17:30.0093 3524 sptd ( LockedFile.Multi.Generic ) - User select action: Delete
03:17:36.0981 3612 Deinitialize success

aswMBR report: ****Note did not ask me to download extra definitions**

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-08 03:20:31
-----------------------------
03:20:31.999 OS Version: Windows x64 6.1.7600
03:20:31.999 Number of processors: 2 586 0x603
03:20:31.999 ComputerName: IAJ-PC UserName: iaj
03:20:33.731 Initialize success
03:20:34.136 AVAST engine defs: 12040800
03:20:58.862 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
03:20:58.862 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 11
03:20:58.878 Disk 0 MBR read successfully
03:20:58.878 Disk 0 MBR scan
03:20:58.878 Disk 0 unknown MBR code
03:20:58.894 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
03:20:58.909 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 291090 MB offset 409600
03:20:58.940 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13851 MB offset 596561920
03:20:58.956 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
03:20:59.018 Disk 0 scanning C:\Windows\system32\drivers
03:21:07.130 Service scanning
03:21:11.561 Service avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe **INFECTED** Win32:Malware-gen
03:21:28.097 Modules scanning
03:21:28.627 Disk 0 trace - called modules:
03:21:28.658 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
03:21:28.674 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031bb060]
03:21:28.690 3 CLASSPNP.SYS[fffff88001aa443f] -> nt!IofCallDriver -> [0xfffffa80021db6a0]
03:21:28.690 5 amdxata.sys[fffff88000e7d7a8] -> nt!IofCallDriver -> \Device\00000066[0xfffffa800315b060]
03:21:29.875 AVAST engine scan C:\Windows
03:21:34.898 AVAST engine scan C:\Windows\system32
03:23:36.395 AVAST engine scan C:\Windows\system32\drivers
03:23:45.177 AVAST engine scan C:\Users\iaj
03:33:44.330 File: C:\Users\iaj\AppData\Roamingmsudt.exe **INFECTED** MSIL:Crypt-EH [Trj]
03:41:07.238 AVAST engine scan C:\ProgramData
03:47:18.463 Scan finished successfully
13:18:41.070 Disk 0 MBR has been saved successfully to "C:\Users\iaj\Desktop\MBR.dat"
13:18:41.076 The log file has been saved successfully to "C:\Users\iaj\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:12 AM

Posted 08 April 2012 - 12:24 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::

File::
C:\Users\iaj\AppData\Roamingmsudt.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Cyferz

Cyferz
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 08 April 2012 - 09:31 PM

When trying to access certain sites via Google Chrome such as www.google.com, www.hotmail.com etc etc, I am unable to load the site due to what the browser perceives is an Invalid Certificate. Firefox and IE do not have this problem, and the computer is otherwise running normally from what I can tell.

Two unexpected Windows messages popped up while running combofix:

1)Error!
The contents of folder C:\Windows\erdnt\Hiv-backup could not be completely deleted!

2)pev.3XE has stopped working

However, after closing the pop-ups, combofix ran and rebooted my computer.


Combofix Log:

ComboFix 12-04-06.02 - iaj 08/04/2012 21:56:50.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.2811.1777 [GMT -4:00]
Running from: c:\users\iaj\Desktop\comfix.exe.exe
Command switches used :: c:\users\iaj\Desktop\CFScript.txt.txt
.
FILE ::
"c:\users\iaj\AppData\Roamingmsudt.exe"
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 02:06 . 2012-04-09 02:06 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-09 02:06 . 2012-04-09 02:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-09 02:06 . 2012-04-09 02:06 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-04-08 07:17 . 2012-04-08 07:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-06 10:33 . 2012-04-06 10:54 -------- d-----w- C:\comfix.exe
2012-04-06 10:32 . 2012-04-07 19:07 -------- d-----w- C:\ComboFix
2012-03-18 00:25 . 2012-03-18 00:25 -------- d-----w- c:\program files\Ventrilo
2012-03-14 00:26 . 2012-03-14 00:26 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-12 02:40 . 2012-03-12 02:41 -------- d-----w- c:\program files (x86)\NCSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 00:25 . 2010-07-22 08:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-06_10.49.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-04-09 02:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-06 10:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-09 02:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-06 10:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-06 10:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-09 02:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-31 06:42 . 2012-04-08 07:20 60482 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-08 07:20 32392 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-30 13:39 . 2012-04-08 07:20 11350 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1855026067-3726738363-2009836115-1000_UserData.bin
+ 2011-07-05 03:59 . 2011-12-10 19:24 23152 c:\windows\system32\drivers\mbam.sys
- 2010-06-30 13:37 . 2012-04-05 17:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-30 13:37 . 2012-04-09 02:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-30 13:37 . 2012-04-09 02:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-30 13:37 . 2012-04-05 17:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-06 10:48 . 2012-04-06 10:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-09 02:07 . 2012-04-09 02:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-09 02:07 . 2012-04-09 02:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-06 10:48 . 2012-04-06 10:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-05 02:57 667004 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-09 02:12 667004 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-09 02:12 125648 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-05 02:57 125648 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-06 10:47 396524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-09 02:07 396524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-04-06 05:07 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-04-08 19:59 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-07-18 22:23 . 2012-04-09 02:07 1070172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1855026067-3726738363-2009836115-1000-12288.dat
- 2011-07-18 22:23 . 2012-04-06 10:47 1070172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1855026067-3726738363-2009836115-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\users\iaj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SynTPEnh - Shortcut.lnk - c:\program files\Synaptics\SynTP\SynTPEnh.exe [2010-10-15 2097960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 ntiomin;ntiomin; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 136176]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato\IrisOnline\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 136176]
R3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va001;X6va001;c:\users\iaj\AppData\Local\Temp\0011CFD.tmp [x]
R3 X6va002;X6va002;c:\users\iaj\AppData\Local\Temp\002D307.tmp [x]
R3 X6va003;X6va003;c:\users\iaj\AppData\Local\Temp\0035941.tmp [x]
R3 X6va005;X6va005;c:\users\iaj\AppData\Local\Temp\00586FF.tmp [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-07-23 92216]
R4 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-12 19968]
R4 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-04-19 315392]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-02-05 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 10:17]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-09 10:17]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1855026067-3726738363-2009836115-1000Core.job
- c:\users\iaj\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-22 13:25]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1855026067-3726738363-2009836115-1000UA.job
- c:\users\iaj\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-22 13:25]
.
2012-04-06 c:\windows\Tasks\HPCeeScheduleForiaj.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-12 451072]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>?r?r?r?r?r?r?r?r?r?r?r?r??? ??;<local>†††??
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\iaj\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\iaj\AppData\Roaming\Mozilla\Firefox\Profiles\xe517z8g.default\
FF - prefs.js: browser.startup.homepage - www.google.ca
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
SafeBoot-73433299.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\iaj\AppData\Local\Temp\0011CFD.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va002]
"ImagePath"="\??\c:\users\iaj\AppData\Local\Temp\002D307.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\iaj\AppData\Local\Temp\0035941.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\iaj\AppData\Local\Temp\00586FF.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1855026067-3726738363-2009836115-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:5a,ac,47,a1,5d,19,06,60,75,a4,0f,d2,0c,8d,ab,ab,37,b2,e5,98,1b,bc,5d,
4d,d3,7d,eb,64,3b,c8,89,be,b5,de,da,36,73,39,fb,35,61,67,31,71,20,03,8c,8d,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1855026067-3726738363-2009836115-1000\Software\SecuROM\License information*]
"datasecu"=hex:0f,50,bc,39,5c,bd,8f,68,5a,65,e2,37,bb,30,ca,58,4b,89,88,9e,72,
24,6d,8b,94,6e,46,32,bb,d3,aa,8e,a6,83,d0,2d,bf,00,28,d6,0d,f2,0d,d6,dc,f2,\
"rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Mozilla Firefox\firefox.exe
c:\program files (x86)\Mozilla Firefox\plugin-container.exe
.
**************************************************************************
.
Completion time: 2012-04-08 22:23:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 02:23
ComboFix2.txt 2012-04-07 19:28
ComboFix3.txt 2012-04-06 10:54
.
Pre-Run: 104,449,019,904 bytes free
Post-Run: 104,525,971,456 bytes free
.
- - End Of File - - 59051CC76309B6210A1DC64047C9B8BC

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:12 AM

Posted 08 April 2012 - 09:52 PM

Hello


I would like you to go here and reset IE by pressing the fixit button - http://support.microsoft.com/kb/923737


let me know if it helps


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Cyferz

Cyferz
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 09 April 2012 - 02:25 PM

While running IE reset with the FixIt button, I chose to delete all temporary internet files/history/cookies etc etc.

The program finished properly.

I opened a Google Chrome browser; my homepage is set to www.google.com but it redirects me to this message:

Invalid Server Certificate
You attempted to reach www.google.ca, but the server presented an invalid certificate.
You cannot proceed because the website operator has requested heightened security for this domain.

I also cannot access www.hotmail.com, or my university email provider.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:12 AM

Posted 09 April 2012 - 06:15 PM

Hello

this seems to be a problem they (chrome)are working on - https://groups.google.com/a/googleproductforums.com/forum/#!topic/chrome/1alZsHEeprc


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

΅Torrent
Messenger Plus! Live
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Cyferz

Cyferz
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 11 April 2012 - 01:05 AM

I apologize for my lack of replies; I have exams this week.

I will definitely reply before or during this weekend (apr 14/15), and will try my best to reply as soon as possible.

Thank you for all the help so far. You, this site, and everyone from the response team are a godsend.

Edited by Cyferz, 11 April 2012 - 01:06 AM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:12 AM

Posted 11 April 2012 - 08:10 AM

Hello

no problem I will check on you in a couple of days if I have not heard from you and good luck on exams!!




gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:12 AM

Posted 13 April 2012 - 11:55 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Cyferz

Cyferz
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 16 April 2012 - 01:50 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo


Will have everything by Monday night sorry for taking so long I had exams.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:12 AM

Posted 16 April 2012 - 02:12 AM

no problem and see you then


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users