Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef.AC/AH problem. Browser Redirecting


  • This topic is locked This topic is locked
28 replies to this topic

#1 NocturnalPulse

NocturnalPulse

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 12 April 2012 - 09:35 PM

MSE couldn't remove. Tried MbAM, couldn't find the infection, yet managed to block ping.exe to some IP address.
Then I tried to remove the infection in Safe mode, it got worse. Now I can't access to my google mail account, and Chrome is redirecting.

Also, MSE detected a HTML/IFrameRef.Z, but was able to clean it. This happened right after I was notified about Sirefef infection.

GMER just detected ROOTKIT activity. (yay...)

Here're the DDS/GMER logs and Attach.txt



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Lucifer Morningstar at 16:03:07 on 2012-04-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3038.1416 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\AIMP2\AIMP2.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.iminent.com/?appId=E9E0F785-7514-48C0-BA39-8E3268B9ECD5
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TBSB01620 Class: {58124a0b-dc32-4180-9bff-e0e21ae34026} - c:\program files\iminent toolbar\tbcore3.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: IMinent Toolbar: {977ae9cc-af83-45e8-9e03-e2798216e2d5} - c:\program files\iminent toolbar\tbcore3.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Google Update] "c:\users\lucifer morningstar\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [Keyboard Manager Utility] "c:\program files\keyboard manager\manager utility\KeyboardManager.exe" /lang en /H
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{89FD6307-A626-4384-82FC-F321026DD1E7} : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl2e6f9e0c;MpKsl2e6f9e0c;c:\programdata\microsoft\microsoft antimalware\definition updates\{da1b953d-eae2-468a-8051-45c1cf1eaa9f}\MpKsl2e6f9e0c.sys [2012-4-12 29904]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2012-1-23 25896]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-12 654408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-12 22344]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-2-22 148800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856]
S2 veteboot;Nwdls;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 253600]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-12 13:29:27 -------- d-----w- c:\users\lucifer morningstar\appdata\roaming\Malwarebytes
2012-04-12 13:26:36 -------- d-----w- c:\programdata\Malwarebytes
2012-04-12 13:26:34 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-12 13:26:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-12 12:51:03 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{71DAD5DC-1D75-4E06-811A-178A68C84A4A}
2012-04-12 12:50:53 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D61B785A-8E2D-4695-8B32-3870F7E805B4}
2012-04-12 11:51:46 -------- d-----w- c:\users\lucifer morningstar\appdata\local\Demiurge Studios
2012-04-12 11:51:46 -------- d-----w- c:\programdata\RELOADED
2012-04-12 10:59:54 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{da1b953d-eae2-468a-8051-45c1cf1eaa9f}\offreg.dll
2012-04-12 10:55:54 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-12 10:55:47 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{da1b953d-eae2-468a-8051-45c1cf1eaa9f}\MpKsl2e6f9e0c.sys
2012-04-12 00:50:30 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{2F273D5E-A2D9-489D-8735-539CAE181238}
2012-04-12 00:50:10 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D92A1CD4-9B04-4975-8BED-1766F2E29835}
2012-04-11 12:49:57 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{E8B63A4E-6154-423A-85E8-B52EBA5F0BB3}
2012-04-11 12:49:36 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{0577ADB0-5F5A-45E9-B9CD-16456722ACC5}
2012-04-11 11:30:31 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-04-11 06:34:42 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{da1b953d-eae2-468a-8051-45c1cf1eaa9f}\mpengine.dll
2012-04-11 05:02:34 -------- d-----w- c:\users\lucifer morningstar\appdata\roaming\LegacyGames
2012-04-11 05:01:07 -------- d-----w- C:\Downloads
2012-04-11 02:02:24 -------- d-----w- c:\program files\VideoLAN
2012-04-11 00:49:13 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{BA401E3C-A113-4465-B4C0-C7ABF3EA3510}
2012-04-11 00:48:51 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{7B1E52A7-976B-4959-909B-04BFCB2B2197}
2012-04-10 12:48:39 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{2934ADEA-6245-41E8-BD8E-1DFC6752A748}
2012-04-10 12:48:18 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{73930A13-0B20-4022-B07C-3203946DB009}
2012-04-10 00:48:05 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{87E860A6-67B0-4A23-8758-E54D5B0970B7}
2012-04-10 00:47:45 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{5AE5BE77-4798-4406-9798-367052E7EEF0}
2012-04-09 12:47:33 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{70923B0F-8167-4F90-ADB7-18D20098D318}
2012-04-09 12:47:13 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D0EE2316-8085-47E0-8D04-943FC43D020A}
2012-04-09 00:47:00 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{EF32204F-0BF4-4444-A4D4-492BC6DF3F48}
2012-04-09 00:46:39 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{09D93C46-31E3-4369-BC60-34BDA7E1C78D}
2012-04-08 12:46:26 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{6CE4A77D-EA26-4C77-B327-051EB8F767B3}
2012-04-08 12:46:05 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A58A18DE-85B2-4C02-ACFE-B634ECBFFC62}
2012-04-08 00:45:51 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{97E5DA56-0488-4E02-902E-423FE704624B}
2012-04-08 00:45:23 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{DDF417D4-7583-4CEC-BD13-B8E339066C19}
2012-04-07 12:45:10 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A2E28F56-F50E-4D71-BE50-320AB2B5EBDD}
2012-04-07 12:44:50 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{F53912B8-E2C5-43AC-B79D-05B38B50C052}
2012-04-07 00:44:37 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{643C237C-B939-4B97-8827-52600630D168}
2012-04-07 00:44:22 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{11BAAC24-D409-450A-AE2C-AE1B11970794}
2012-04-06 12:44:07 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{DFB791A3-C598-476A-AD0C-A88C492D065D}
2012-04-06 12:43:38 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{8B4695F9-4687-44AF-AC14-1FA6D1B0EF4C}
2012-04-06 00:43:26 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D6085089-CCD9-4C24-8022-D2CF270194A7}
2012-04-06 00:43:03 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A08997CC-F9EE-4AD8-AE17-89E18022670E}
2012-04-05 12:42:51 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{DC9EA5A4-A521-41EC-ACE2-177AB78AD910}
2012-04-05 12:42:41 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{8DCFA5E9-E4D7-4A97-8118-EBBB82B4BD39}
2012-04-05 00:53:16 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{91FEA736-4ACD-4787-8400-00B0FDF37865}
2012-04-04 12:52:53 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{4A2BB2B4-B0C4-444B-A0CD-04C9E9DE7174}
2012-04-04 00:52:31 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{7DE3DB63-BE08-4904-BE5A-B18E4361AF67}
2012-04-03 12:52:05 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{3A64DE54-42E2-4171-9A9A-C74E24938C17}
2012-04-03 00:51:44 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A17CEE97-E36A-4C33-8724-8A8AAA541E08}
2012-04-02 12:51:08 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{892BF3F3-28BA-4F18-A55E-D3A7BCF171D8}
2012-04-02 06:19:53 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-02 00:50:36 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{1D25CE55-E236-4ECD-99EF-3EC6DACD4BBE}
2012-04-01 12:50:12 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{80E27944-6219-4C79-B0BD-3A1E8A6609F4}
2012-04-01 00:49:40 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D81CF393-4D1E-43F2-AA05-932D7DF2CA5D}
2012-03-31 12:49:17 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{F11C77A1-5BA6-4668-8656-A540CBB03CFD}
2012-03-31 00:48:55 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{F0E3C9FB-B083-481B-9109-AA532FC0BAB9}
2012-03-30 12:48:31 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{9E0616FB-0816-49D7-844A-8868B88E79D2}
2012-03-30 00:48:10 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{26392DF8-8D78-4975-9E78-81D7EE162A41}
2012-03-29 12:47:48 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{6AE221ED-CC8A-402A-AF95-DD40D09351E7}
2012-03-29 00:47:26 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{6AC600AA-CC45-485C-8927-ED49B229D2E7}
2012-03-28 12:47:14 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{1E52ADB8-972D-4B2D-AE7F-E66E23786BC8}
2012-03-28 12:46:52 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{653CF04D-4CDA-4C3A-B762-48A38D16EC10}
2012-03-28 00:46:39 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{72721852-39C8-42E0-8143-E2CE5B106AEE}
2012-03-28 00:46:07 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{BC0A694F-2453-4605-A2D4-8626959E5D28}
2012-03-27 12:45:55 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{27FEE192-6245-479F-88C3-C6B3C6E3A825}
2012-03-27 12:45:33 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{CF101359-2ADD-4EEA-8E7B-D54D1364E9FB}
2012-03-27 00:45:21 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{86143203-5646-4CD4-BD12-0FA16667FBFB}
2012-03-27 00:44:57 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{F5A2BBE0-361A-4963-940A-EA4BC48BE4AE}
2012-03-26 12:44:05 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{49E56C3F-D6AA-4E0B-9F2A-F698EE0CF92A}
2012-03-26 12:43:44 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{6B942774-4B1A-4CA2-B781-14FA408DE943}
2012-03-26 00:43:31 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{2826F660-BB7F-4DD7-A692-AB89299CF0DE}
2012-03-26 00:43:06 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{EBEBCFC6-337E-49E5-BC55-9DB654B5CD0A}
2012-03-25 12:42:46 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{261EA3E4-99C6-48ED-9DDE-6DDD6026EFCA}
2012-03-25 12:42:22 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{95065EA2-2541-417F-BCB8-D6EDB01F4A01}
2012-03-25 00:42:09 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{32827740-BFE1-4E21-9B20-E0F78B8298CA}
2012-03-25 00:41:48 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{0AD6C045-B9FB-4AF9-98FA-E251B580893E}
2012-03-24 12:41:24 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{85FF4C89-4618-4A13-8E10-9CCDD7C8C1EF}
2012-03-24 12:40:59 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{87688520-7A34-4DEA-AFAF-10539B2582B3}
2012-03-24 00:40:43 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{0BD9D965-1B00-4CE5-8172-DCA853194E52}
2012-03-24 00:40:22 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{54355B4B-0EA9-4D44-9028-13C7091E03B1}
2012-03-23 12:40:09 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{8ED6A8AB-28AA-49AF-A33C-E7D338DB3B6D}
2012-03-23 12:39:54 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{53F02F02-2AC8-432A-8E0A-59DF140CCFE2}
2012-03-23 00:39:42 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{FFBC80BE-2812-4E90-8DB6-971F564217BF}
2012-03-23 00:39:20 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{1FA6EB43-4DA3-4B16-9545-36F6ACEFA5DA}
2012-03-22 12:39:00 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{1E202924-2A5E-4461-8A94-82F930C42A06}
2012-03-22 12:38:37 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A068F838-0EDF-49A8-820E-E73494F21685}
2012-03-22 00:38:25 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{382518EC-2E9E-4282-8E02-523C28F582DF}
2012-03-22 00:38:05 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{939BE9C0-747B-4EC3-9128-6500038C932A}
2012-03-21 12:37:53 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{DC1FD0E2-141A-4DF8-B9A1-E432E8394D27}
2012-03-21 12:37:39 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{65EF405D-1677-4473-AEBC-0B4529E17EB5}
2012-03-21 00:37:26 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{305279AC-D386-4A52-A43D-5EDB5BFC2F52}
2012-03-21 00:37:00 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{078F571F-C683-4E5A-995F-10F81897EFE9}
2012-03-20 12:36:36 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{585EFD36-8CFF-4D5C-AD73-A501EA2FFA42}
2012-03-20 12:36:22 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D060223D-D964-493F-B967-7DDC4D5A1881}
2012-03-20 00:36:10 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{3A1F69CC-9BFA-419A-96CA-AFFB96D37B6A}
2012-03-20 00:35:42 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{0A23B819-51B4-4856-BA85-C1385C54EB4F}
2012-03-19 12:35:31 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{CE3B35D2-BB08-44F6-8AEA-73208C44AB49}
2012-03-19 12:35:20 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{4F391BA0-55C9-4AA0-A915-15B59BCB2C7C}
2012-03-19 00:35:08 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{C2F7477E-6915-4F37-9BB9-082393AF2CD9}
2012-03-19 00:34:47 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{43D24ED7-DEF6-4318-9EF2-DB88CAEFAF90}
2012-03-18 12:34:33 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{D8298081-7D8D-4472-A19F-ED1809209348}
2012-03-18 12:34:21 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{C62BBB40-A77C-437B-B2FA-717331741FF8}
2012-03-18 00:34:09 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{EB898A16-EEEC-4BB7-91FA-360CD199631C}
2012-03-18 00:33:44 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A75FD805-A923-4FBA-A7A3-A55A40C8991F}
2012-03-17 12:33:33 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{2CCDAF47-273E-43E3-BE10-9E73956DCB6E}
2012-03-17 12:33:11 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{CDB74869-C7B6-480D-AF50-417CD97503F4}
2012-03-17 03:18:53 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-17 03:18:53 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-17 03:18:53 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-17 03:18:53 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-17 03:18:53 19444544 ----a-w- c:\windows\system32\nvoglv32.dll
2012-03-17 03:18:53 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-03-17 03:18:51 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-17 00:32:49 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{8EEDF2AF-CD92-4ED6-8EC5-3C4C85F6E96F}
2012-03-17 00:32:27 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{51D6D035-8738-4132-A473-2DA4AF18F22B}
2012-03-16 12:32:15 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{BEF3B710-60D7-47EB-B597-CF6738E1F0AB}
2012-03-16 12:31:53 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{0A614804-FCC5-4BBD-BD41-EFC1D7E13ACA}
2012-03-16 00:31:40 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A107AFF9-AB87-4D9C-AE85-665BC47281E9}
2012-03-16 00:31:13 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{61C96FC5-C336-4380-A9A2-A5FD739D2B8E}
2012-03-15 12:31:02 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{C2EBB115-36E6-4BA5-B211-D3DCA0DA3E26}
2012-03-15 12:30:41 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{08CA1834-14B8-469D-861D-CDEE80C7BB1D}
2012-03-15 00:30:29 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{91DF2A8D-A376-44B2-9680-6F51C28E44B1}
2012-03-15 00:30:04 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{6E8188AD-73A4-49F2-9056-9778B46D4EA2}
2012-03-14 17:45:10 -------- d-----w- c:\program files\IMinent Toolbar
2012-03-14 17:39:05 -------- d-----w- c:\programdata\Tarma Installer
2012-03-14 17:36:59 -------- d-----w- c:\program files\fbphotozoom
2012-03-14 12:29:39 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{037C7424-07A6-44FA-9835-2D3D88923F39}
2012-03-14 12:29:07 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A3F14A3E-258F-4BBD-A9D6-ED0A3D28E625}
2012-03-14 07:53:20 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 07:52:38 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 07:52:38 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 07:52:38 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 07:52:37 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 07:52:37 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 07:44:19 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 07:44:19 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 06:13:19 -------- d--h--w- c:\program files\common files\EAInstaller
2012-03-14 06:02:51 -------- d-----w- c:\program files\HHD Software
2012-03-13 18:03:17 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{A90A339E-DA9E-4B19-AE80-F078A738B809}
2012-03-13 18:02:54 -------- d-----w- c:\users\lucifer morningstar\appdata\local\{03A2993C-FB21-4614-BDB6-587E27FB3348}
.
==================== Find3M ====================
.
2012-04-02 06:19:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-08 16:50:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-06 06:39:00 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-06 06:39:00 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-29 23:59:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:59:00 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-29 23:59:00 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:59:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-29 23:59:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 20:56:41 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:55:16 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-29 20:53:47 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:53:46 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:53:46 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 20:53:45 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-29 12:26:56 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-18 15:55:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 02:07:19 0 ----a-w- C:\DFRC602.tmp
2012-01-24 16:00:12 98816 ----a-w- c:\windows\system32\mfps.dll
2012-01-24 15:59:50 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-01-24 15:59:50 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-01-24 15:59:50 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2012-01-24 15:59:50 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-01-24 15:59:50 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-01-24 15:59:50 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-01-24 15:59:50 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-01-24 15:59:50 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-01-23 20:13:02 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-01-23 20:12:55 319488 ----a-w- c:\windows\HideWin.exe
2012-01-17 12:46:00 27968 ----a-w- c:\windows\system32\nvhdap32.dll
2012-01-17 12:45:59 67392 ----a-w- c:\windows\system32\nvapo32v.dll
2012-01-17 12:45:56 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-01-17 12:45:54 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
.
============= FINISH: 16:03:44.90 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-13 04:29:56
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST912082 rev.3.AL
Running: 1iermtcl.exe; Driver: C:\Users\LUCIFE~1\AppData\Local\Temp\pxldipod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text netbt.sys!?HideArgumentExW@@YGJF<V 90F1F000 174 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text netbt.sys!?HideArgumentExW@@YGJF<V 90F1F0AF 118 Bytes [FF, 45, F4, 8B, 45, F4, 83, ...]
.text netbt.sys!?HideArgumentExW@@YGJF<V 90F1F126 37 Bytes [89, 45, F8, 8D, 86, D0, 00, ...]
.text netbt.sys!?HideArgumentExW@@YGJF<V 90F1F14C 159 Bytes [89, 48, 04, 33, C0, F6, 46, ...]
.text netbt.sys!?HideArgumentExW@@YGJF<V 90F1F1EC 1029 Bytes [10, 66, 83, 88, 90, 00, 00, ...]
.text ...
.text netbt.sys!?InsertKeyNameOriginal@@YGMPADIM<V + 38 90F21A88 26 Bytes [75, 48, 8B, CE, FF, 15, 58, ...]
.text netbt.sys!?InsertKeyNameOriginal@@YGMPADIM<V + 53 90F21AA3 68 Bytes [F0, F3, 90, 3D, 00, F0, F3, ...]
.text netbt.sys!?InsertKeyNameOriginal@@YGMPADIM<V + 99 90F21AE9 13 Bytes [0F, 84, 30, 01, 00, 00, 8B, ...] {JZ 0x136; MOV EDI, [EBX+0xc]; TEST EDI, EDI; JZ 0x7b}
.text netbt.sys!?InsertKeyNameOriginal@@YGMPADIM<V + A7 90F21AF7 32 Bytes [63, 0C, 00, 8B, 47, 14, 6A, ...]
.text netbt.sys!?InsertKeyNameOriginal@@YGMPADIM<V + C9 90F21B19 40 Bytes [8A, 55, FF, 8B, CE, FF, 15, ...]
.text ...
.text netbt.sys!?FreeComponent@@YGDPAJH<V + E 90F229E4 8 Bytes [C1, 6C, 51, 57, 68, 30, E3, ...]
.text netbt.sys!?FreeComponent@@YGDPAJH<V + 17 90F229ED 265 Bytes [6A, 0E, FF, 70, 14, FF, 70, ...]
.text netbt.sys!?FreeComponent@@YGDPAJH<V + 121 90F22AF7 65 Bytes [89, 55, FC, FF, 15, 48, E2, ...]
.text netbt.sys!?FreeComponent@@YGDPAJH<V + 163 90F22B39 222 Bytes [68, 4E, 62, 30, 33, C1, E0, ...]
.text netbt.sys!?FreeComponent@@YGDPAJH<V + 242 90F22C18 150 Bytes [00, CF, FA, 75, 0E, FF, 75, ...]
.text ...
.text netbt.sys!?HideArgumentExW@@YGJF<V + A 90F26F59 35 Bytes [00, 8D, 87, 10, 02, 00, 00, ...]
.text netbt.sys!?HideArgumentExW@@YGJF<V + 2E 90F26F7D 35 Bytes [68, 91, 81, F3, 90, 56, E8, ...]
.text netbt.sys!?HideArgumentExW@@YGJF<V + 52 90F26FA1 14 Bytes [6A, 00, 6A, 00, FF, 33, E8, ...]
.text netbt.sys!?HideArgumentExW@@YGJF<V + 61 90F26FB0 4 Bytes JMP 90F270CC \SystemRoot\System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation)
.text netbt.sys!?HideArgumentExW@@YGJF<V + 66 90F26FB5 72 Bytes [00, A1, 00, F0, F3, 90, 3D, ...]
.text ...
? C:\Windows\System32\DRIVERS\netbt.sys suspicious PE modification

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\System32\ping.exe[760] ntdll.dll!NtCreateProcess 77374304 5 Bytes JMP 002A000A
.text C:\Windows\System32\ping.exe[760] ntdll.dll!NtCreateProcessEx 77374314 5 Bytes JMP 002C000A
.text C:\Windows\System32\ping.exe[760] ntdll.dll!NtCreateUserProcess 77375674 5 Bytes JMP 002D000A
.text C:\Windows\System32\ping.exe[760] USER32.dll!WindowFromPoint 7748884F 5 Bytes JMP 0096000A
.text C:\Windows\System32\ping.exe[760] USER32.dll!CreateWindowExW 77491305 5 Bytes JMP 009C000A
.text C:\Windows\System32\ping.exe[760] USER32.dll!GetForegroundWindow 774932C4 5 Bytes JMP 0097000A
.text C:\Windows\System32\ping.exe[760] USER32.dll!GetCursorPos 774A0B88 5 Bytes JMP 0095000A
.text C:\Windows\System32\ping.exe[760] ole32.dll!CoCreateInstance 75A19F3E 5 Bytes JMP 0094000A
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtCreateFile + 6 7737424A 4 Bytes [28, 00, 35, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtCreateFile + B 7737424F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtMapViewOfSection + 6 7737499A 1 Byte [28]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtMapViewOfSection + 6 7737499A 4 Bytes [28, 03, 35, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtMapViewOfSection + B 7737499F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenFile + 6 77374A2A 4 Bytes [68, 00, 35, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenFile + B 77374A2F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcess + 6 77374AAA 4 Bytes [A8, 01, 35, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcess + B 77374AAF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcessToken + B 77374ABF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcessTokenEx + 6 77374ACA 4 Bytes [A8, 02, 35, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenProcessTokenEx + B 77374ACF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThread + 6 77374B1A 4 Bytes [68, 01, 35, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThread + B 77374B1F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThreadToken + 6 77374B2A 4 Bytes [68, 02, 35, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThreadToken + B 77374B2F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtOpenThreadTokenEx + B 77374B3F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtQueryAttributesFile + 6 77374BCA 4 Bytes [A8, 00, 35, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtQueryAttributesFile + B 77374BCF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtQueryFullAttributesFile + B 77374C7F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtSetInformationFile + 6 7737515A 4 Bytes [28, 01, 35, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtSetInformationFile + B 7737515F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtSetInformationThread + 6 773751AA 4 Bytes [28, 02, 35, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtSetInformationThread + B 773751AF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtUnmapViewOfSection + 6 7737544A 1 Byte [68]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtUnmapViewOfSection + 6 7737544A 4 Bytes [68, 03, 35, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[948] ntdll.dll!NtUnmapViewOfSection + B 7737544F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtCreateFile + 6 7737424A 4 Bytes [28, 00, 16, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtCreateFile + B 7737424F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtMapViewOfSection + 6 7737499A 1 Byte [28]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtMapViewOfSection + 6 7737499A 4 Bytes [28, 03, 16, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtMapViewOfSection + B 7737499F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenFile + 6 77374A2A 4 Bytes [68, 00, 16, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenFile + B 77374A2F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenProcess + 6 77374AAA 4 Bytes [A8, 01, 16, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenProcess + B 77374AAF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenProcessToken + B 77374ABF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenProcessTokenEx + 6 77374ACA 4 Bytes [A8, 02, 16, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenProcessTokenEx + B 77374ACF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenThread + 6 77374B1A 4 Bytes [68, 01, 16, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenThread + B 77374B1F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenThreadToken + 6 77374B2A 4 Bytes [68, 02, 16, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenThreadToken + B 77374B2F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtOpenThreadTokenEx + B 77374B3F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtQueryAttributesFile + 6 77374BCA 4 Bytes [A8, 00, 16, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtQueryAttributesFile + B 77374BCF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtQueryFullAttributesFile + B 77374C7F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtSetInformationFile + 6 7737515A 4 Bytes [28, 01, 16, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtSetInformationFile + B 7737515F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtSetInformationThread + 6 773751AA 4 Bytes [28, 02, 16, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtSetInformationThread + B 773751AF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtUnmapViewOfSection + 6 7737544A 1 Byte [68]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtUnmapViewOfSection + 6 7737544A 4 Bytes [68, 03, 16, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[2084] ntdll.dll!NtUnmapViewOfSection + B 7737544F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtCreateFile + 6 7737424A 4 Bytes [28, 00, 31, 00] {SUB [EAX], AL; XOR [EAX], EAX}
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtCreateFile + B 7737424F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtMapViewOfSection + 6 7737499A 1 Byte [28]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtMapViewOfSection + 6 7737499A 4 Bytes [28, 03, 31, 00] {SUB [EBX], AL; XOR [EAX], EAX}
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtMapViewOfSection + B 7737499F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenFile + 6 77374A2A 4 Bytes [68, 00, 31, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenFile + B 77374A2F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcess + 6 77374AAA 4 Bytes [A8, 01, 31, 00] {TEST AL, 0x1; XOR [EAX], EAX}
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcess + B 77374AAF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcessToken + B 77374ABF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcessTokenEx + 6 77374ACA 4 Bytes [A8, 02, 31, 00] {TEST AL, 0x2; XOR [EAX], EAX}
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcessTokenEx + B 77374ACF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThread + 6 77374B1A 4 Bytes [68, 01, 31, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThread + B 77374B1F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThreadToken + 6 77374B2A 4 Bytes [68, 02, 31, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThreadToken + B 77374B2F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThreadTokenEx + B 77374B3F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtQueryAttributesFile + 6 77374BCA 4 Bytes [A8, 00, 31, 00] {TEST AL, 0x0; XOR [EAX], EAX}
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtQueryAttributesFile + B 77374BCF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtQueryFullAttributesFile + B 77374C7F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationFile + 6 7737515A 4 Bytes [28, 01, 31, 00] {SUB [ECX], AL; XOR [EAX], EAX}
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationFile + B 7737515F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationThread + 6 773751AA 4 Bytes [28, 02, 31, 00] {SUB [EDX], AL; XOR [EAX], EAX}
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationThread + B 773751AF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtUnmapViewOfSection + 6 7737544A 1 Byte [68]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtUnmapViewOfSection + 6 7737544A 4 Bytes [68, 03, 31, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtUnmapViewOfSection + B 7737544F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3560] CRYPT32.dll!CertDuplicateCRLContext + 5A 753289ED 2 Bytes JMP 009D1A30
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3560] CRYPT32.dll!CertDuplicateCRLContext + 5D 753289F0 4 Bytes [6A, 8B, EB, F9] {PUSH -0x75; JMP 0xfffffffffffffffd}
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[3560] CRYPT32.dll!I_CryptFreeLruCache + 1E1 7532DC4F 7 Bytes JMP 009D1A10
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtCreateFile + 6 7737424A 4 Bytes [28, 00, 1E, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtCreateFile + B 7737424F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtMapViewOfSection + 6 7737499A 1 Byte [28]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtMapViewOfSection + 6 7737499A 4 Bytes [28, 03, 1E, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtMapViewOfSection + B 7737499F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenFile + 6 77374A2A 4 Bytes [68, 00, 1E, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenFile + B 77374A2F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenProcess + 6 77374AAA 4 Bytes [A8, 01, 1E, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenProcess + B 77374AAF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenProcessToken + B 77374ABF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenProcessTokenEx + 6 77374ACA 4 Bytes [A8, 02, 1E, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenProcessTokenEx + B 77374ACF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenThread + 6 77374B1A 4 Bytes [68, 01, 1E, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenThread + B 77374B1F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenThreadToken + 6 77374B2A 4 Bytes [68, 02, 1E, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenThreadToken + B 77374B2F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtOpenThreadTokenEx + B 77374B3F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtQueryAttributesFile + 6 77374BCA 4 Bytes [A8, 00, 1E, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtQueryAttributesFile + B 77374BCF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtQueryFullAttributesFile + B 77374C7F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtSetInformationFile + 6 7737515A 4 Bytes [28, 01, 1E, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtSetInformationFile + B 7737515F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtSetInformationThread + 6 773751AA 4 Bytes [28, 02, 1E, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtSetInformationThread + B 773751AF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtUnmapViewOfSection + 6 7737544A 1 Byte [68]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtUnmapViewOfSection + 6 7737544A 4 Bytes [68, 03, 1E, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[4932] ntdll.dll!NtUnmapViewOfSection + B 7737544F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtCreateFile + 6 7737424A 4 Bytes [28, 00, 1F, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtCreateFile + B 7737424F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtMapViewOfSection + 6 7737499A 1 Byte [28]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtMapViewOfSection + 6 7737499A 4 Bytes [28, 03, 1F, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtMapViewOfSection + B 7737499F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenFile + 6 77374A2A 4 Bytes [68, 00, 1F, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenFile + B 77374A2F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenProcess + 6 77374AAA 4 Bytes [A8, 01, 1F, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenProcess + B 77374AAF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenProcessToken + B 77374ABF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenProcessTokenEx + 6 77374ACA 4 Bytes [A8, 02, 1F, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenProcessTokenEx + B 77374ACF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenThread + 6 77374B1A 4 Bytes [68, 01, 1F, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenThread + B 77374B1F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenThreadToken + 6 77374B2A 4 Bytes [68, 02, 1F, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenThreadToken + B 77374B2F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenThreadTokenEx + B 77374B3F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtQueryAttributesFile + 6 77374BCA 4 Bytes [A8, 00, 1F, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtQueryAttributesFile + B 77374BCF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtQueryFullAttributesFile + B 77374C7F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtSetInformationFile + 6 7737515A 4 Bytes [28, 01, 1F, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtSetInformationFile + B 7737515F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtSetInformationThread + 6 773751AA 4 Bytes [28, 02, 1F, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtSetInformationThread + B 773751AF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtUnmapViewOfSection + 6 7737544A 1 Byte [68]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtUnmapViewOfSection + 6 7737544A 4 Bytes [68, 03, 1F, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtUnmapViewOfSection + B 7737544F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtCreateFile + 6 7737424A 4 Bytes [28, 00, 20, 00] {SUB [EAX], AL; AND [EAX], AL}
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtCreateFile + B 7737424F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtMapViewOfSection + 6 7737499A 1 Byte [28]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtMapViewOfSection + 6 7737499A 4 Bytes [28, 03, 20, 00] {SUB [EBX], AL; AND [EAX], AL}
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtMapViewOfSection + B 7737499F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenFile + 6 77374A2A 4 Bytes [68, 00, 20, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenFile + B 77374A2F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenProcess + 6 77374AAA 4 Bytes [A8, 01, 20, 00] {TEST AL, 0x1; AND [EAX], AL}
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenProcess + B 77374AAF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenProcessToken + B 77374ABF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenProcessTokenEx + 6 77374ACA 4 Bytes [A8, 02, 20, 00] {TEST AL, 0x2; AND [EAX], AL}
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenProcessTokenEx + B 77374ACF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenThread + 6 77374B1A 4 Bytes [68, 01, 20, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenThread + B 77374B1F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenThreadToken + 6 77374B2A 4 Bytes [68, 02, 20, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenThreadToken + B 77374B2F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtOpenThreadTokenEx + B 77374B3F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtQueryAttributesFile + 6 77374BCA 4 Bytes [A8, 00, 20, 00] {TEST AL, 0x0; AND [EAX], AL}
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtQueryAttributesFile + B 77374BCF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtQueryFullAttributesFile + B 77374C7F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtSetInformationFile + 6 7737515A 4 Bytes [28, 01, 20, 00] {SUB [ECX], AL; AND [EAX], AL}
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtSetInformationFile + B 7737515F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtSetInformationThread + 6 773751AA 4 Bytes [28, 02, 20, 00] {SUB [EDX], AL; AND [EAX], AL}
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtSetInformationThread + B 773751AF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtUnmapViewOfSection + 6 7737544A 1 Byte [68]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtUnmapViewOfSection + 6 7737544A 4 Bytes [68, 03, 20, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5092] ntdll.dll!NtUnmapViewOfSection + B 7737544F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtCreateFile + 6 7737424A 4 Bytes [28, 00, 1B, 00] {SUB [EAX], AL; SBB EAX, [EAX]}
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtCreateFile + B 7737424F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtMapViewOfSection + 6 7737499A 1 Byte [28]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtMapViewOfSection + 6 7737499A 4 Bytes [28, 03, 1B, 00] {SUB [EBX], AL; SBB EAX, [EAX]}
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtMapViewOfSection + B 7737499F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtOpenFile + 6 77374A2A 4 Bytes [68, 00, 1B, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtOpenFile + B 77374A2F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtOpenProcess + 6 77374AAA 4 Bytes [A8, 01, 1B, 00] {TEST AL, 0x1; SBB EAX, [EAX]}
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtOpenProcess + B 77374AAF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtOpenProcessToken + B 77374ABF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtOpenProcessTokenEx + 6 77374ACA 4 Bytes [A8, 02, 1B, 00] {TEST AL, 0x2; SBB EAX, [EAX]}
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtOpenProcessTokenEx + B 77374ACF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtOpenThread + 6 77374B1A 4 Bytes [68, 01, 1B, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtOpenThread + B 77374B1F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtOpenThreadToken + 6 77374B2A 4 Bytes [68, 02, 1B, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtOpenThreadToken + B 77374B2F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtOpenThreadTokenEx + B 77374B3F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtQueryAttributesFile + 6 77374BCA 4 Bytes [A8, 00, 1B, 00] {TEST AL, 0x0; SBB EAX, [EAX]}
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtQueryAttributesFile + B 77374BCF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtQueryFullAttributesFile + B 77374C7F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtSetInformationFile + 6 7737515A 4 Bytes [28, 01, 1B, 00] {SUB [ECX], AL; SBB EAX, [EAX]}
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtSetInformationFile + B 7737515F 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtSetInformationThread + 6 773751AA 4 Bytes [28, 02, 1B, 00] {SUB [EDX], AL; SBB EAX, [EAX]}
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtSetInformationThread + B 773751AF 1 Byte [E2]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtUnmapViewOfSection + 6 7737544A 1 Byte [68]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtUnmapViewOfSection + 6 7737544A 4 Bytes [68, 03, 1B, 00]
.text C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\chrome.exe[5512] ntdll.dll!NtUnmapViewOfSection + B 7737544F 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 90E78000-90E8D000 (86016 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\Windows\System32\ping.exe (*** hidden *** ) 760
Process PING.EXE (*** hidden *** ) 1600
Process PING.EXE (*** hidden *** ) 4444
Process C:\Windows\System32\ping.exe (*** hidden *** ) 4448

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 PE file @ sector 234438669

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB32896$\160384126 0 bytes
File C:\Windows\$NtUninstallKB32896$\1889464350 0 bytes
File C:\Windows\$NtUninstallKB32896$\1889464350\@ 2048 bytes
File C:\Windows\$NtUninstallKB32896$\1889464350\cfg.ini 341 bytes
File C:\Windows\$NtUninstallKB32896$\1889464350\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB32896$\1889464350\L 0 bytes
File C:\Windows\$NtUninstallKB32896$\1889464350\L\qnbwvoto 185856 bytes
File C:\Windows\$NtUninstallKB32896$\1889464350\oemid 76 bytes
File C:\Windows\$NtUninstallKB32896$\1889464350\U 0 bytes
File C:\Windows\$NtUninstallKB32896$\1889464350\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB32896$\1889464350\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB32896$\1889464350\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB32896$\1889464350\U\80000000.@ 66560 bytes
File C:\Windows\$NtUninstallKB32896$\1889464350\U\80000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB32896$\1889464350\U\80000032.@ 115712 bytes
File C:\Windows\$NtUninstallKB32896$\1889464350\version 908 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOOEFTRM\billingcube_com[1].htm 10197 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPKAHF03\banner_300_250[2].png 2641 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPKAHF03\jquery.min[3].js 91556 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJ18RBS2\videoscriptCAOPCXG8.js 4368 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJ18RBS2\spacer[2].gif 43 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJ18RBS2\yt-no-image[1].gif 739 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJ18RBS2\config[11].js 285 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJ18RBS2\style[1].css 13277 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:58 AM

Posted 12 April 2012 - 11:14 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 NocturnalPulse

NocturnalPulse
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 13 April 2012 - 03:26 AM

Ok, here's what's going on;

After using ComboFix the system rebooted. Now here comes the weird part, it kept on restarting. I caught only a tiny glimpse of it C:\ComboFix\C...something file opened a dos-window and an error message popped up error at some numbers, followed by a reboot. I guess it was the 9th reboot I pressed F8 and disabled the auto-restart at system failure. Didn't work. Again F8. I tried last known successful reboot option. ComboFix this time -somehow- worked. The same file tried to run C:\ComboFix\C...something and I saw a blue window titled Administrator right after that.

Problem is; no log appeared.

Meanwhile MbAM gave me a warning, Rootkit detected. Which wasn't there before using combofix.

So as I ran ComboFix again, as it told me to hoping to get a log file this time. Nothing happened. I rebooted. Retried. Nothing happened again. Rebooted.

Right now; I checked a couple of pages which was telling me that I have a security breach (facebook and google mail) the little lock appeared green. I didn't experience chrome redirection, nor mbam and MsSecEs gave me a warning.

Yet I'm pretty confused and restless about what's going on. Is it clean or not???


Security Check Log


Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 31
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
Lucifer Morningstar Desktop malware stuff SecurityCheck.exe
Microsoft Security Client Antimalware MpCmdRun.exe
``````````End of Log````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:58 AM

Posted 13 April 2012 - 03:49 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 NocturnalPulse

NocturnalPulse
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 13 April 2012 - 05:04 AM

Hello again.

I need a small assistance with MSE. I've read how to disable protection software just in case if I'm doing something wrong or missing a step. But here's what's happening.

In my first combofix try despite the fact that the Real Time Protection was disabled ComboFix opened a window telling me that MSE antispyware/antivirus is running. I started the program again, checked and unchecked the box again and hit OK. It told me that it's still running but ComboFix will continue.
[side note; I unchecked the box and closed the process: Microsoft Security Client User Interface/msseces.exe]

In Safe Mode, MSE didn't even start yet I've got the same warning message. Again started the program, checked and unchecked, ended the process from task bar. Same warning. It's still running but ComboFix'll continue.

I didn't see a window opening, creating starting point whatsoever. ComboFix just doesn't want to run after these warnings I'm getting.

And since ComboFix doesn't have an uninstall, I cannot do a clean start of the program.

I also have a question, just in case, if ComboFix's created a log file where should it be located so I could check manually.

Other than that, what am I supposed to do with ComboFix files after the extraction?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:58 AM

Posted 13 April 2012 - 07:18 AM

Greetings

Something may be stopping it so lets go this route first

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 NocturnalPulse

NocturnalPulse
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 13 April 2012 - 08:03 AM

Both programs ran smoothly. Here're the logs.

-TDSS-

14:34:53.0375 5828 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
14:34:53.0936 5828 ============================================================
14:34:53.0936 5828 Current date / time: 2012/04/13 14:34:53.0936
14:34:53.0936 5828 SystemInfo:
14:34:53.0936 5828
14:34:53.0936 5828 OS Version: 6.0.6002 ServicePack: 2.0
14:34:53.0936 5828 Product type: Workstation
14:34:53.0936 5828 ComputerName: HELL
14:34:53.0936 5828 UserName: Lucifer Morningstar
14:34:53.0936 5828 Windows directory: C:\Windows
14:34:53.0936 5828 System windows directory: C:\Windows
14:34:53.0936 5828 Processor architecture: Intel x86
14:34:53.0936 5828 Number of processors: 2
14:34:53.0936 5828 Page size: 0x1000
14:34:53.0936 5828 Boot type: Normal boot
14:34:53.0936 5828 ============================================================
14:34:54.0481 5828 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:34:54.0881 5828 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:34:54.0881 5828 \Device\Harddisk0\DR0:
14:34:54.0901 5828 MBR used
14:34:54.0901 5828 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
14:34:54.0901 5828 \Device\Harddisk1\DR1:
14:34:54.0901 5828 MBR used
14:34:54.0901 5828 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A16800
14:34:54.0901 5828 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x12A17800, BlocksNum 0x12A16800
14:34:55.0021 5828 Initialize success
14:34:55.0021 5828 ============================================================
14:35:06.0891 4616 ============================================================
14:35:06.0891 4616 Scan started
14:35:06.0891 4616 Mode: Manual;
14:35:06.0891 4616 ============================================================
14:35:07.0764 4616 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:35:07.0764 4616 ACPI - ok
14:35:07.0858 4616 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:35:07.0858 4616 AdobeARMservice - ok
14:35:07.0951 4616 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:35:07.0951 4616 AdobeFlashPlayerUpdateSvc - ok
14:35:08.0014 4616 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:35:08.0014 4616 adp94xx - ok
14:35:08.0076 4616 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:35:08.0076 4616 adpahci - ok
14:35:08.0107 4616 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:35:08.0107 4616 adpu160m - ok
14:35:08.0154 4616 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:35:08.0170 4616 adpu320 - ok
14:35:08.0217 4616 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:35:08.0217 4616 AeLookupSvc - ok
14:35:08.0263 4616 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:35:08.0263 4616 AFD - ok
14:35:08.0295 4616 AgereModemAudio (efbc44fbd75e4f80bd927aebf6e7eade) C:\Windows\system32\agrsmsvc.exe
14:35:08.0295 4616 AgereModemAudio - ok
14:35:08.0388 4616 AgereSoftModem (1cfeba39fc613e45b49d3eddfbcda289) C:\Windows\system32\DRIVERS\AGRSM.sys
14:35:08.0388 4616 AgereSoftModem - ok
14:35:08.0451 4616 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:35:08.0451 4616 agp440 - ok
14:35:08.0482 4616 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:35:08.0482 4616 aic78xx - ok
14:35:08.0513 4616 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:35:08.0529 4616 ALG - ok
14:35:08.0575 4616 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:35:08.0575 4616 aliide - ok
14:35:08.0591 4616 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:35:08.0607 4616 amdagp - ok
14:35:08.0622 4616 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:35:08.0622 4616 amdide - ok
14:35:08.0638 4616 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:35:08.0638 4616 AmdK7 - ok
14:35:08.0669 4616 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:35:08.0685 4616 AmdK8 - ok
14:35:08.0716 4616 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:35:08.0716 4616 Appinfo - ok
14:35:08.0778 4616 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:35:08.0778 4616 arc - ok
14:35:08.0794 4616 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:35:08.0809 4616 arcsas - ok
14:35:08.0887 4616 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:35:08.0887 4616 aspnet_state - ok
14:35:08.0950 4616 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:35:08.0950 4616 AsyncMac - ok
14:35:08.0997 4616 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:35:08.0997 4616 atapi - ok
14:35:09.0012 4616 ATSWPDRV - ok
14:35:09.0059 4616 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:35:09.0059 4616 AudioEndpointBuilder - ok
14:35:09.0090 4616 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:35:09.0090 4616 Audiosrv - ok
14:35:09.0121 4616 bcm4sbxp - ok
14:35:09.0153 4616 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:35:09.0153 4616 Beep - ok
14:35:09.0231 4616 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
14:35:09.0246 4616 BITS - ok
14:35:09.0293 4616 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:35:09.0293 4616 blbdrive - ok
14:35:09.0340 4616 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:35:09.0340 4616 bowser - ok
14:35:09.0387 4616 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:35:09.0387 4616 BrFiltLo - ok
14:35:09.0433 4616 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:35:09.0433 4616 BrFiltUp - ok
14:35:09.0465 4616 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:35:09.0465 4616 Browser - ok
14:35:09.0496 4616 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:35:09.0511 4616 Brserid - ok
14:35:09.0574 4616 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:35:09.0605 4616 BrSerWdm - ok
14:35:09.0652 4616 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:35:09.0652 4616 BrUsbMdm - ok
14:35:09.0667 4616 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:35:09.0667 4616 BrUsbSer - ok
14:35:09.0714 4616 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:35:09.0714 4616 BTHMODEM - ok
14:35:09.0730 4616 catchme - ok
14:35:09.0761 4616 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:35:09.0761 4616 cdfs - ok
14:35:09.0823 4616 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:35:09.0823 4616 cdrom - ok
14:35:09.0855 4616 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:35:09.0855 4616 CertPropSvc - ok
14:35:09.0901 4616 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:35:09.0901 4616 circlass - ok
14:35:09.0979 4616 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:35:09.0979 4616 CLFS - ok
14:35:09.0995 4616 clr_optimization_v2.0.50215_32 - ok
14:35:10.0042 4616 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:35:10.0057 4616 clr_optimization_v2.0.50727_32 - ok
14:35:10.0120 4616 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:35:10.0135 4616 clr_optimization_v4.0.30319_32 - ok
14:35:10.0182 4616 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:35:10.0182 4616 CmBatt - ok
14:35:10.0245 4616 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:35:10.0245 4616 cmdide - ok
14:35:10.0260 4616 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:35:10.0260 4616 Compbatt - ok
14:35:10.0276 4616 COMSysApp - ok
14:35:10.0276 4616 cqmgstor - ok
14:35:10.0307 4616 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:35:10.0307 4616 crcdisk - ok
14:35:10.0354 4616 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:35:10.0369 4616 Crusoe - ok
14:35:10.0432 4616 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
14:35:10.0432 4616 CryptSvc - ok
14:35:10.0479 4616 crystaloutputfileserver - ok
14:35:10.0479 4616 CTEDSPFX.DLL - ok
14:35:10.0494 4616 CX88AUD - ok
14:35:10.0525 4616 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:35:10.0525 4616 DcomLaunch - ok
14:35:10.0588 4616 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:35:10.0588 4616 DfsC - ok
14:35:10.0713 4616 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
14:35:10.0728 4616 DFSR - ok
14:35:10.0775 4616 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
14:35:10.0775 4616 Dhcp - ok
14:35:10.0822 4616 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:35:10.0822 4616 disk - ok
14:35:10.0869 4616 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
14:35:10.0869 4616 Dnscache - ok
14:35:10.0900 4616 dnsexit - ok
14:35:10.0947 4616 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
14:35:10.0947 4616 dot3svc - ok
14:35:10.0978 4616 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:35:10.0978 4616 DPS - ok
14:35:11.0025 4616 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:35:11.0025 4616 drmkaud - ok
14:35:11.0025 4616 DSI_SiUSBXp_3_1 - ok
14:35:11.0103 4616 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:35:11.0103 4616 DXGKrnl - ok
14:35:11.0134 4616 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:35:11.0149 4616 E1G60 - ok
14:35:11.0212 4616 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:35:11.0212 4616 EapHost - ok
14:35:11.0259 4616 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:35:11.0259 4616 Ecache - ok
14:35:11.0290 4616 egathdrv - ok
14:35:11.0337 4616 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
14:35:11.0337 4616 ehRecvr - ok
14:35:11.0352 4616 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
14:35:11.0352 4616 ehSched - ok
14:35:11.0368 4616 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
14:35:11.0368 4616 ehstart - ok
14:35:11.0415 4616 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:35:11.0415 4616 elxstor - ok
14:35:11.0461 4616 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
14:35:11.0477 4616 EMDMgmt - ok
14:35:11.0493 4616 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:35:11.0493 4616 ErrDev - ok
14:35:11.0539 4616 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
14:35:11.0539 4616 EventSystem - ok
14:35:11.0664 4616 EvtEng (306ac856622864c761cbdb5e816bb9d8) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:35:11.0664 4616 EvtEng - ok
14:35:11.0727 4616 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:35:11.0742 4616 exfat - ok
14:35:11.0805 4616 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:35:11.0820 4616 fastfat - ok
14:35:11.0867 4616 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:35:11.0867 4616 fdc - ok
14:35:11.0914 4616 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:35:11.0914 4616 fdPHost - ok
14:35:11.0914 4616 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:35:11.0929 4616 FDResPub - ok
14:35:11.0945 4616 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:35:11.0945 4616 FileInfo - ok
14:35:11.0961 4616 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:35:11.0961 4616 Filetrace - ok
14:35:11.0992 4616 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:35:11.0992 4616 flpydisk - ok
14:35:12.0007 4616 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:35:12.0007 4616 FltMgr - ok
14:35:12.0085 4616 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
14:35:12.0085 4616 FontCache - ok
14:35:12.0148 4616 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:35:12.0148 4616 FontCache3.0.0.0 - ok
14:35:12.0210 4616 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
14:35:12.0210 4616 Fs_Rec - ok
14:35:12.0257 4616 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:35:12.0257 4616 gagp30kx - ok
14:35:12.0304 4616 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
14:35:12.0304 4616 gpsvc - ok
14:35:12.0351 4616 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:35:12.0366 4616 HdAudAddService - ok
14:35:12.0413 4616 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:35:12.0413 4616 HDAudBus - ok
14:35:12.0444 4616 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:35:12.0444 4616 HidBth - ok
14:35:12.0491 4616 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:35:12.0491 4616 HidIr - ok
14:35:12.0553 4616 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
14:35:12.0553 4616 hidserv - ok
14:35:12.0600 4616 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:35:12.0600 4616 HidUsb - ok
14:35:12.0631 4616 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:35:12.0631 4616 hkmsvc - ok
14:35:12.0678 4616 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:35:12.0694 4616 HpCISSs - ok
14:35:12.0741 4616 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:35:12.0741 4616 HTTP - ok
14:35:12.0787 4616 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:35:12.0787 4616 i2omp - ok
14:35:12.0834 4616 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:35:12.0834 4616 i8042prt - ok
14:35:12.0928 4616 IAANTMON (3e42c4691aad4b1e8d0466f9cbf05cbe) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
14:35:12.0928 4616 IAANTMON - ok
14:35:12.0990 4616 iaStor (707c1692214b1c290271067197f075f6) C:\Windows\system32\DRIVERS\iaStor.sys
14:35:12.0990 4616 iaStor - ok
14:35:13.0053 4616 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:35:13.0053 4616 iaStorV - ok
14:35:13.0131 4616 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:35:13.0193 4616 idsvc - ok
14:35:13.0240 4616 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:35:13.0240 4616 iirsp - ok
14:35:13.0287 4616 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
14:35:13.0287 4616 IKEEXT - ok
14:35:13.0396 4616 IntcAzAudAddService (a963d32ab87a83445e7d21bd5620539a) C:\Windows\system32\drivers\RTKVHDA.sys
14:35:13.0411 4616 IntcAzAudAddService - ok
14:35:13.0427 4616 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:35:13.0427 4616 intelide - ok
14:35:13.0443 4616 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:35:13.0443 4616 intelppm - ok
14:35:13.0474 4616 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:35:13.0474 4616 IPBusEnum - ok
14:35:13.0505 4616 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:35:13.0521 4616 IpFilterDriver - ok
14:35:13.0567 4616 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
14:35:13.0567 4616 iphlpsvc - ok
14:35:13.0583 4616 IpInIp - ok
14:35:13.0645 4616 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:35:13.0661 4616 IPMIDRV - ok
14:35:13.0692 4616 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:35:13.0708 4616 IPNAT - ok
14:35:13.0723 4616 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:35:13.0723 4616 IRENUM - ok
14:35:13.0739 4616 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:35:13.0739 4616 isapnp - ok
14:35:13.0786 4616 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:35:13.0786 4616 iScsiPrt - ok
14:35:13.0801 4616 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:35:13.0801 4616 iteatapi - ok
14:35:13.0833 4616 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:35:13.0833 4616 iteraid - ok
14:35:13.0848 4616 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:35:13.0848 4616 kbdclass - ok
14:35:13.0911 4616 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
14:35:13.0911 4616 kbdhid - ok
14:35:13.0957 4616 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:35:13.0957 4616 KeyIso - ok
14:35:14.0004 4616 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
14:35:14.0004 4616 KMWDFILTER - ok
14:35:14.0035 4616 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
14:35:14.0035 4616 KSecDD - ok
14:35:14.0082 4616 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:35:14.0098 4616 KtmRm - ok
14:35:14.0113 4616 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
14:35:14.0113 4616 LanmanServer - ok
14:35:14.0176 4616 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
14:35:14.0176 4616 LanmanWorkstation - ok
14:35:14.0223 4616 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:35:14.0223 4616 lltdio - ok
14:35:14.0269 4616 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:35:14.0269 4616 lltdsvc - ok
14:35:14.0301 4616 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:35:14.0301 4616 lmhosts - ok
14:35:14.0316 4616 LMIRfsDriver - ok
14:35:14.0363 4616 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:35:14.0363 4616 LSI_FC - ok
14:35:14.0394 4616 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:35:14.0394 4616 LSI_SAS - ok
14:35:14.0425 4616 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:35:14.0425 4616 LSI_SCSI - ok
14:35:14.0457 4616 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:35:14.0457 4616 luafv - ok
14:35:14.0488 4616 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
14:35:14.0488 4616 MBAMProtector - ok
14:35:14.0597 4616 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:35:14.0597 4616 MBAMService - ok
14:35:14.0691 4616 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
14:35:14.0691 4616 Mcx2Svc - ok
14:35:14.0753 4616 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:35:14.0769 4616 megasas - ok
14:35:14.0831 4616 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:35:14.0847 4616 MegaSR - ok
14:35:14.0909 4616 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:35:14.0909 4616 MMCSS - ok
14:35:14.0940 4616 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:35:14.0940 4616 Modem - ok
14:35:15.0003 4616 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:35:15.0003 4616 monitor - ok
14:35:15.0049 4616 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:35:15.0049 4616 mouclass - ok
14:35:15.0050 4616 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:35:15.0050 4616 mouhid - ok
14:35:15.0063 4616 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:35:15.0065 4616 MountMgr - ok
14:35:15.0124 4616 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
14:35:15.0125 4616 MpFilter - ok
14:35:15.0150 4616 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:35:15.0151 4616 mpio - ok
14:35:15.0196 4616 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
14:35:15.0236 4616 MpNWMon - ok
14:35:15.0277 4616 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:35:15.0287 4616 mpsdrv - ok
14:35:15.0306 4616 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:35:15.0306 4616 Mraid35x - ok
14:35:15.0348 4616 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:35:15.0349 4616 MRxDAV - ok
14:35:15.0388 4616 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:35:15.0389 4616 mrxsmb - ok
14:35:15.0403 4616 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:35:15.0404 4616 mrxsmb10 - ok
14:35:15.0416 4616 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:35:15.0416 4616 mrxsmb20 - ok
14:35:15.0446 4616 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
14:35:15.0447 4616 msahci - ok
14:35:15.0471 4616 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:35:15.0472 4616 msdsm - ok
14:35:15.0527 4616 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:35:15.0529 4616 MSDTC - ok
14:35:15.0587 4616 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:35:15.0588 4616 Msfs - ok
14:35:15.0599 4616 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:35:15.0599 4616 msisadrv - ok
14:35:15.0652 4616 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:35:15.0654 4616 MSiSCSI - ok
14:35:15.0664 4616 msiserver - ok
14:35:15.0708 4616 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:35:15.0709 4616 MSKSSRV - ok
14:35:15.0864 4616 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
14:35:15.0864 4616 MsMpSvc - ok
14:35:15.0938 4616 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:35:15.0939 4616 MSPCLOCK - ok
14:35:15.0968 4616 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:35:15.0969 4616 MSPQM - ok
14:35:16.0013 4616 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:35:16.0014 4616 MsRPC - ok
14:35:16.0043 4616 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:35:16.0044 4616 mssmbios - ok
14:35:16.0055 4616 mssqlserver - ok
14:35:16.0065 4616 mstdc - ok
14:35:16.0119 4616 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:35:16.0119 4616 MSTEE - ok
14:35:16.0182 4616 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:35:16.0182 4616 Mup - ok
14:35:16.0197 4616 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
14:35:16.0213 4616 napagent - ok
14:35:16.0275 4616 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:35:16.0275 4616 NativeWifiP - ok
14:35:16.0306 4616 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:35:16.0306 4616 NDIS - ok
14:35:16.0338 4616 ndiscm - ok
14:35:16.0369 4616 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:35:16.0369 4616 NdisTapi - ok
14:35:16.0416 4616 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:35:16.0416 4616 Ndisuio - ok
14:35:16.0462 4616 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:35:16.0462 4616 NdisWan - ok
14:35:16.0478 4616 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:35:16.0478 4616 NDProxy - ok
14:35:16.0494 4616 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:35:16.0494 4616 NetBIOS - ok
14:35:16.0525 4616 netbt (e860e445c423d20a343de2763b80013c) C:\Windows\system32\DRIVERS\netbt.sys
14:35:18.0849 4616 netbt ( Virus.Win32.ZAccess.k ) - infected
14:35:18.0849 4616 netbt - detected Virus.Win32.ZAccess.k (0)
14:35:18.0927 4616 NETGEAR_MA111 - ok
14:35:18.0974 4616 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:35:18.0974 4616 Netlogon - ok
14:35:19.0036 4616 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:35:19.0036 4616 Netman - ok
14:35:19.0114 4616 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:35:19.0114 4616 NetMsmqActivator - ok
14:35:19.0114 4616 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:35:19.0114 4616 NetPipeActivator - ok
14:35:19.0161 4616 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:35:19.0161 4616 netprofm - ok
14:35:19.0177 4616 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:35:19.0177 4616 NetTcpActivator - ok
14:35:19.0177 4616 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:35:19.0177 4616 NetTcpPortSharing - ok
14:35:19.0348 4616 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
14:35:19.0364 4616 NETw5v32 - ok
14:35:19.0426 4616 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:35:19.0426 4616 nfrd960 - ok
14:35:19.0489 4616 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:35:19.0489 4616 NisDrv - ok
14:35:19.0582 4616 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
14:35:19.0582 4616 NisSrv - ok
14:35:19.0645 4616 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:35:19.0645 4616 NlaSvc - ok
14:35:19.0692 4616 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:35:19.0692 4616 Npfs - ok
14:35:19.0754 4616 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:35:19.0754 4616 nsi - ok
14:35:19.0785 4616 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:35:19.0785 4616 nsiproxy - ok
14:35:19.0879 4616 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:35:19.0894 4616 Ntfs - ok
14:35:19.0926 4616 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:35:19.0926 4616 ntrigdigi - ok
14:35:19.0957 4616 ntuneservice - ok
14:35:19.0972 4616 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:35:19.0972 4616 Null - ok
14:35:20.0035 4616 NVHDA (3d7fb57354703809b5f0c23287fac1d6) C:\Windows\system32\drivers\nvhda32v.sys
14:35:20.0035 4616 NVHDA - ok
14:35:20.0378 4616 nvlddmkm (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:35:20.0659 4616 nvlddmkm - ok
14:35:20.0721 4616 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:35:20.0721 4616 nvraid - ok
14:35:20.0737 4616 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:35:20.0752 4616 nvstor - ok
14:35:20.0815 4616 nvsvc (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
14:35:20.0830 4616 nvsvc - ok
14:35:20.0862 4616 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:35:20.0862 4616 nv_agp - ok
14:35:20.0877 4616 NwlnkFlt - ok
14:35:20.0893 4616 NwlnkFwd - ok
14:35:20.0908 4616 O2SCBUS - ok
14:35:20.0924 4616 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
14:35:20.0940 4616 ohci1394 - ok
14:35:20.0971 4616 OsaFsLoc - ok
14:35:21.0033 4616 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:35:21.0033 4616 ose - ok
14:35:21.0096 4616 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:35:21.0111 4616 p2pimsvc - ok
14:35:21.0111 4616 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:35:21.0127 4616 p2psvc - ok
14:35:21.0127 4616 paamsrv - ok
14:35:21.0189 4616 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:35:21.0236 4616 Parport - ok
14:35:21.0267 4616 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:35:21.0267 4616 partmgr - ok
14:35:21.0283 4616 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:35:21.0283 4616 Parvdm - ok
14:35:21.0330 4616 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:35:21.0330 4616 PcaSvc - ok
14:35:21.0345 4616 pchost - ok
14:35:21.0408 4616 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:35:21.0408 4616 pci - ok
14:35:21.0454 4616 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
14:35:21.0454 4616 pciide - ok
14:35:21.0486 4616 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:35:21.0486 4616 pcmcia - ok
14:35:21.0532 4616 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:35:21.0532 4616 PEAUTH - ok
14:35:21.0626 4616 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:35:21.0642 4616 pla - ok
14:35:21.0673 4616 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
14:35:21.0673 4616 PlugPlay - ok
14:35:21.0720 4616 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:35:21.0720 4616 PNRPAutoReg - ok
14:35:21.0751 4616 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:35:21.0766 4616 PNRPsvc - ok
14:35:21.0798 4616 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
14:35:21.0813 4616 PolicyAgent - ok
14:35:21.0860 4616 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:35:21.0860 4616 PptpMiniport - ok
14:35:21.0891 4616 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:35:21.0907 4616 Processor - ok
14:35:21.0938 4616 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
14:35:21.0954 4616 ProfSvc - ok
14:35:22.0000 4616 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:35:22.0000 4616 ProtectedStorage - ok
14:35:22.0016 4616 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:35:22.0016 4616 PSched - ok
14:35:22.0047 4616 qbposdbextservices - ok
14:35:22.0078 4616 qconsvc - ok
14:35:22.0110 4616 qkbfiltr (a94f63608371ab232ed75fbab00fb132) C:\Windows\system32\DRIVERS\qkbfiltr.sys
14:35:22.0110 4616 qkbfiltr - ok
14:35:22.0188 4616 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:35:22.0188 4616 ql2300 - ok
14:35:22.0219 4616 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:35:22.0234 4616 ql40xx - ok
14:35:22.0281 4616 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:35:22.0281 4616 QWAVE - ok
14:35:22.0312 4616 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:35:22.0312 4616 QWAVEdrv - ok
14:35:22.0328 4616 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:35:22.0328 4616 RasAcd - ok
14:35:22.0390 4616 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:35:22.0390 4616 RasAuto - ok
14:35:22.0422 4616 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:35:22.0422 4616 Rasl2tp - ok
14:35:22.0468 4616 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
14:35:22.0468 4616 RasMan - ok
14:35:22.0484 4616 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:35:22.0484 4616 RasPppoe - ok
14:35:22.0515 4616 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:35:22.0531 4616 RasSstp - ok
14:35:22.0531 4616 Rawwan - ok
14:35:22.0578 4616 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:35:22.0578 4616 rdbss - ok
14:35:22.0609 4616 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:35:22.0609 4616 RDPCDD - ok
14:35:22.0640 4616 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:35:22.0640 4616 rdpdr - ok
14:35:22.0656 4616 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:35:22.0656 4616 RDPENCDD - ok
14:35:22.0675 4616 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
14:35:22.0734 4616 RDPWD - ok
14:35:22.0839 4616 RegSrvc (b33c88df3588acf250b87a004526c31a) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:35:22.0841 4616 RegSrvc - ok
14:35:22.0951 4616 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:35:22.0953 4616 RemoteAccess - ok
14:35:22.0991 4616 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
14:35:22.0994 4616 RemoteRegistry - ok
14:35:23.0025 4616 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:35:23.0026 4616 RpcLocator - ok
14:35:23.0099 4616 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:35:23.0103 4616 RpcSs - ok
14:35:23.0178 4616 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:35:23.0178 4616 rspndr - ok
14:35:23.0247 4616 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
14:35:23.0248 4616 RTL8169 - ok
14:35:23.0303 4616 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
14:35:23.0303 4616 RtlProt - ok
14:35:23.0332 4616 rtm - ok
14:35:23.0372 4616 RTSTOR (b0538dea03e088b80482ca939f4e8740) C:\Windows\system32\drivers\RTSTOR.SYS
14:35:23.0373 4616 RTSTOR - ok
14:35:23.0418 4616 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:35:23.0420 4616 SamSs - ok
14:35:23.0457 4616 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:35:23.0458 4616 sbp2port - ok
14:35:23.0495 4616 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
14:35:23.0497 4616 SCardSvr - ok
14:35:23.0560 4616 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
14:35:23.0561 4616 SCDEmu - ok
14:35:23.0622 4616 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
14:35:23.0645 4616 Schedule - ok
14:35:23.0695 4616 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:35:23.0695 4616 SCPolicySvc - ok
14:35:23.0742 4616 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:35:23.0742 4616 SDRSVC - ok
14:35:23.0773 4616 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:35:23.0773 4616 secdrv - ok
14:35:23.0804 4616 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:35:23.0804 4616 seclogon - ok
14:35:23.0820 4616 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
14:35:23.0820 4616 SENS - ok
14:35:23.0835 4616 ser2plms - ok
14:35:23.0882 4616 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:35:23.0882 4616 Serenum - ok
14:35:23.0913 4616 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:35:23.0913 4616 Serial - ok
14:35:23.0929 4616 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:35:23.0929 4616 sermouse - ok
14:35:23.0960 4616 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:35:23.0976 4616 SessionEnv - ok
14:35:24.0007 4616 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:35:24.0007 4616 sffdisk - ok
14:35:24.0038 4616 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:35:24.0038 4616 sffp_mmc - ok
14:35:24.0054 4616 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:35:24.0054 4616 sffp_sd - ok
14:35:24.0069 4616 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:35:24.0069 4616 sfloppy - ok
14:35:24.0147 4616 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:35:24.0147 4616 SharedAccess - ok
14:35:24.0210 4616 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
14:35:24.0210 4616 ShellHWDetection - ok
14:35:24.0257 4616 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:35:24.0257 4616 sisagp - ok
14:35:24.0288 4616 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:35:24.0288 4616 SiSRaid2 - ok
14:35:24.0350 4616 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:35:24.0350 4616 SiSRaid4 - ok
14:35:24.0397 4616 SkypeUpdate (62b825015fa289d2c5ebf8b00846a8ff) C:\Program Files\Skype\Updater\Updater.exe
14:35:24.0397 4616 SkypeUpdate - ok
14:35:24.0522 4616 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
14:35:24.0537 4616 slsvc - ok
14:35:24.0615 4616 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
14:35:24.0615 4616 SLUINotify - ok
14:35:24.0662 4616 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:35:24.0662 4616 Smb - ok
14:35:24.0693 4616 smwdm - ok
14:35:24.0740 4616 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:35:24.0740 4616 SNMPTRAP - ok
14:35:24.0771 4616 speedfan - ok
14:35:24.0865 4616 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:35:24.0865 4616 spldr - ok
14:35:24.0912 4616 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
14:35:24.0912 4616 Spooler - ok
14:35:24.0974 4616 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:35:24.0974 4616 srv - ok
14:35:25.0021 4616 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:35:25.0021 4616 srv2 - ok
14:35:25.0068 4616 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:35:25.0068 4616 srvnet - ok
14:35:25.0130 4616 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:35:25.0130 4616 SSDPSRV - ok
14:35:25.0146 4616 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:35:25.0161 4616 SstpSvc - ok
14:35:25.0193 4616 stac97 - ok
14:35:25.0286 4616 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:35:25.0286 4616 Stereo Service - ok
14:35:25.0411 4616 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
14:35:25.0411 4616 stisvc - ok
14:35:25.0442 4616 streamip - ok
14:35:25.0505 4616 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:35:25.0505 4616 swenum - ok
14:35:25.0567 4616 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
14:35:25.0567 4616 swprv - ok
14:35:25.0614 4616 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:35:25.0614 4616 Symc8xx - ok
14:35:25.0645 4616 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:35:25.0645 4616 Sym_hi - ok
14:35:25.0661 4616 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:35:25.0661 4616 Sym_u3 - ok
14:35:25.0707 4616 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
14:35:25.0707 4616 SynTP - ok
14:35:25.0754 4616 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
14:35:25.0754 4616 SysMain - ok
14:35:25.0817 4616 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:35:25.0817 4616 TabletInputService - ok
14:35:25.0848 4616 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
14:35:25.0863 4616 TapiSrv - ok
14:35:25.0879 4616 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:35:25.0879 4616 TBS - ok
14:35:25.0957 4616 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
14:35:25.0957 4616 Tcpip - ok
14:35:26.0051 4616 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
14:35:26.0066 4616 Tcpip6 - ok
14:35:26.0097 4616 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
14:35:26.0097 4616 tcpipreg - ok
14:35:26.0129 4616 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:35:26.0129 4616 TDPIPE - ok
14:35:26.0160 4616 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:35:26.0160 4616 TDTCP - ok
14:35:26.0191 4616 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:35:26.0191 4616 tdx - ok
14:35:26.0238 4616 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:35:26.0238 4616 TermDD - ok
14:35:26.0269 4616 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
14:35:26.0269 4616 TermService - ok
14:35:26.0316 4616 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
14:35:26.0316 4616 Themes - ok
14:35:26.0347 4616 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:35:26.0347 4616 THREADORDER - ok
14:35:26.0378 4616 tossmbnt - ok
14:35:26.0425 4616 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:35:26.0425 4616 TrkWks - ok
14:35:26.0456 4616 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
14:35:26.0456 4616 TrustedInstaller - ok
14:35:26.0487 4616 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:35:26.0487 4616 tssecsrv - ok
14:35:26.0503 4616 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:35:26.0503 4616 tunmp - ok
14:35:26.0550 4616 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:35:26.0550 4616 tunnel - ok
14:35:26.0581 4616 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:35:26.0581 4616 uagp35 - ok
14:35:26.0643 4616 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:35:26.0643 4616 udfs - ok
14:35:26.0690 4616 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:35:26.0690 4616 UI0Detect - ok
14:35:26.0753 4616 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:35:26.0753 4616 uliagpkx - ok
14:35:26.0799 4616 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:35:26.0799 4616 uliahci - ok
14:35:26.0831 4616 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:35:26.0831 4616 UlSata - ok
14:35:26.0877 4616 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:35:26.0877 4616 ulsata2 - ok
14:35:26.0893 4616 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:35:26.0893 4616 umbus - ok
14:35:26.0955 4616 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:35:26.0955 4616 upnphost - ok
14:35:27.0002 4616 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:35:27.0002 4616 usbccgp - ok
14:35:27.0049 4616 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:35:27.0065 4616 usbcir - ok
14:35:27.0096 4616 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:35:27.0096 4616 usbehci - ok
14:35:27.0127 4616 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:35:27.0127 4616 usbhub - ok
14:35:27.0158 4616 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:35:27.0158 4616 usbohci - ok
14:35:27.0174 4616 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
14:35:27.0174 4616 usbprint - ok
14:35:27.0189 4616 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:35:27.0189 4616 USBSTOR - ok
14:35:27.0236 4616 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:35:27.0236 4616 usbuhci - ok
14:35:27.0267 4616 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
14:35:27.0267 4616 usbvideo - ok
14:35:27.0314 4616 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
14:35:27.0314 4616 UxSms - ok
14:35:27.0345 4616 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
14:35:27.0361 4616 vds - ok
14:35:27.0361 4616 veteboot - ok
14:35:27.0392 4616 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:35:27.0392 4616 vga - ok
14:35:27.0423 4616 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:35:27.0423 4616 VgaSave - ok
14:35:27.0470 4616 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:35:27.0470 4616 viaagp - ok
14:35:27.0486 4616 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:35:27.0501 4616 ViaC7 - ok
14:35:27.0533 4616 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:35:27.0533 4616 viaide - ok
14:35:27.0548 4616 vmkbd2 - ok
14:35:27.0564 4616 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:35:27.0579 4616 volmgr - ok
14:35:27.0626 4616 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:35:27.0626 4616 volmgrx - ok
14:35:27.0673 4616 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:35:27.0673 4616 volsnap - ok
14:35:27.0704 4616 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:35:27.0704 4616 vsmraid - ok
14:35:27.0767 4616 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
14:35:27.0829 4616 VSS - ok
14:35:27.0845 4616 w200mdm - ok
14:35:27.0876 4616 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
14:35:27.0876 4616 W32Time - ok
14:35:27.0923 4616 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:35:27.0938 4616 WacomPen - ok
14:35:27.0954 4616 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:35:27.0954 4616 Wanarp - ok
14:35:27.0954 4616 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:35:27.0954 4616 Wanarpv6 - ok
14:35:28.0001 4616 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
14:35:28.0001 4616 wcncsvc - ok
14:35:28.0032 4616 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:35:28.0032 4616 WcsPlugInService - ok
14:35:28.0063 4616 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:35:28.0063 4616 Wd - ok
14:35:28.0094 4616 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:35:28.0110 4616 Wdf01000 - ok
14:35:28.0188 4616 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:35:28.0188 4616 WdiServiceHost - ok
14:35:28.0203 4616 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:35:28.0203 4616 WdiSystemHost - ok
14:35:28.0250 4616 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
14:35:28.0250 4616 WebClient - ok
14:35:28.0281 4616 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
14:35:28.0281 4616 Wecsvc - ok
14:35:28.0328 4616 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:35:28.0328 4616 wercplsupport - ok
14:35:28.0375 4616 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
14:35:28.0375 4616 WerSvc - ok
14:35:28.0453 4616 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
14:35:28.0453 4616 WinDefend - ok
14:35:28.0469 4616 WinHttpAutoProxySvc - ok
14:35:28.0593 4616 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
14:35:28.0593 4616 Winmgmt - ok
14:35:28.0593 4616 winpppoverethernet - ok
14:35:28.0656 4616 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
14:35:28.0671 4616 WinRM - ok
14:35:28.0734 4616 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
14:35:28.0796 4616 Wlansvc - ok
14:35:28.0937 4616 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:35:28.0937 4616 wlidsvc - ok
14:35:28.0999 4616 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
14:35:28.0999 4616 WmiAcpi - ok
14:35:29.0061 4616 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
14:35:29.0061 4616 wmiApSrv - ok
14:35:29.0139 4616 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:35:29.0139 4616 WMPNetworkSvc - ok
14:35:29.0171 4616 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
14:35:29.0171 4616 WPCSvc - ok
14:35:29.0233 4616 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
14:35:29.0233 4616 WPDBusEnum - ok
14:35:29.0342 4616 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:35:29.0358 4616 WPFFontCache_v0400 - ok
14:35:29.0436 4616 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:35:29.0436 4616 ws2ifsl - ok
14:35:29.0498 4616 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
14:35:29.0514 4616 wscsvc - ok
14:35:29.0514 4616 WSearch - ok
14:35:29.0623 4616 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
14:35:29.0639 4616 wuauserv - ok
14:35:29.0701 4616 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:35:29.0732 4616 WUDFRd - ok
14:35:29.0779 4616 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
14:35:29.0779 4616 wudfsvc - ok
14:35:29.0810 4616 wusb54gv2svc - ok
14:35:29.0826 4616 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:35:29.0857 4616 \Device\Harddisk0\DR0 - ok
14:35:29.0904 4616 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
14:35:29.0966 4616 \Device\Harddisk1\DR1 - ok
14:35:29.0966 4616 Boot (0x1200) (a0979c308b32317d32153df4715de082) \Device\Harddisk0\DR0\Partition0
14:35:29.0982 4616 \Device\Harddisk0\DR0\Partition0 - ok
14:35:29.0982 4616 Boot (0x1200) (dc047a03bbd1e2f5ab6c1af231ee6ca6) \Device\Harddisk1\DR1\Partition0
14:35:29.0982 4616 \Device\Harddisk1\DR1\Partition0 - ok
14:35:29.0997 4616 Boot (0x1200) (98ef84edde0e8535d3b5230a749450df) \Device\Harddisk1\DR1\Partition1
14:35:30.0013 4616 \Device\Harddisk1\DR1\Partition1 - ok
14:35:30.0013 4616 ============================================================
14:35:30.0013 4616 Scan finished
14:35:30.0013 4616 ============================================================
14:35:30.0013 4888 Detected object count: 1
14:35:30.0013 4888 Actual detected object count: 1
14:35:43.0066 4888 C:\Windows\system32\DRIVERS\netbt.sys - copied to quarantine
14:35:44.0346 4888 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\netbt.sys) error 1813
14:35:45.0219 4888 Backup copy found, using it..
14:35:45.0282 4888 C:\Windows\system32\DRIVERS\netbt.sys - will be cured on reboot
14:35:48.0936 4888 netbt ( Virus.Win32.ZAccess.k ) - User select action: Cure
14:36:02.0861 3952 Deinitialize success



-aswMBR-



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-13 14:39:10
-----------------------------
14:39:10.059 OS Version: Windows 6.0.6002 Service Pack 2
14:39:10.059 Number of processors: 2 586 0x170A
14:39:10.059 ComputerName: HELL UserName:
14:39:41.370 Initialize success
14:47:06.156 AVAST engine defs: 12041300
14:47:11.398 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:47:11.398 Disk 0 Vendor: ST912082 3.AL Size: 114473MB BusType: 3
14:47:11.694 Disk 0 MBR read successfully
14:47:11.710 Disk 0 MBR scan
14:47:11.897 Disk 0 Windows VISTA default MBR code
14:47:13.098 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114471 MB offset 2048
14:47:13.332 Disk 0 scanning sectors +234438656
14:47:13.597 Disk 0 PE file @ sector 234438669 !
14:47:13.738 Disk 0 scanning C:\Windows\system32\drivers
14:47:50.913 Service scanning
14:48:02.207 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
14:48:24.094 Modules scanning
14:48:29.632 Disk 0 trace - called modules:
14:48:30.193 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:48:30.209 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86407ac8]
14:48:30.209 3 CLASSPNP.SYS[8a6aa8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8541b028]
14:48:31.051 AVAST engine scan C:\Windows
14:48:37.089 AVAST engine scan C:\Windows\system32
14:52:31.432 AVAST engine scan C:\Windows\system32\drivers
14:52:46.533 AVAST engine scan C:\Users\Lucifer Morningstar
14:57:33.981 AVAST engine scan C:\ProgramData
14:58:08.371 Scan finished successfully
15:01:45.582 Disk 0 MBR has been saved successfully to "C:\Users\Lucifer Morningstar\Desktop\MBR.dat"
15:01:45.582 The log file has been saved successfully to "C:\Users\Lucifer Morningstar\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:58 AM

Posted 13 April 2012 - 08:11 AM

hello

that did remove something so I want you to try and run combofix again for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 NocturnalPulse

NocturnalPulse
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 13 April 2012 - 08:41 AM

Tried twice, also in Safe Mode. Doesn't work. But there's an improvement. This time it didn't say MSE is still running after I unchecked the real time protection.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:58 AM

Posted 13 April 2012 - 01:02 PM

Hello


How is the computer working at this time



Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 NocturnalPulse

NocturnalPulse
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 13 April 2012 - 01:58 PM

Right now, everything is running smoothly. MbAM and MSE are quiet. No redirecting. My ping is steady. It feels just fine and faster. Though I'm still a bit anxious about it.


OTL log



OTL logfile created on: 13/04/2012 20:51:07 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Lucifer Morningstar\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 46.71% Memory free
6.87 Gb Paging File | 5.00 Gb Available in Paging File | 72.77% Paging File free
Paging file location(s): c:\pagefile.sys 4095 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 63.19 Gb Free Space | 56.53% Space Free | Partition Type: NTFS
Drive E: | 149.04 Gb Total Space | 10.29 Gb Free Space | 6.90% Space Free | Partition Type: NTFS
Drive F: | 149.04 Gb Total Space | 46.40 Gb Free Space | 31.13% Space Free | Partition Type: NTFS

Computer Name: HELL | User Name: Lucifer Morningstar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Lucifer Morningstar\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\Lucifer Morningstar\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\AIMP2\AIMP2.exe (AIMP DevTeam)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer, INC.)


========== Modules (No Company Name) ==========

MOD - C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\18.0.1025.152\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\18.0.1025.152\pdf.dll ()
MOD - C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\18.0.1025.152\avutil-51.dll ()
MOD - C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\18.0.1025.152\avformat-53.dll ()
MOD - C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\18.0.1025.152\avcodec-53.dll ()
MOD - C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\18.0.1025.152\gcswf32.dll ()
MOD - C:\Program Files\AIMP2\sqlite3.dll ()
MOD - C:\Program Files\Keyboard Manager\Manager Utility\QManager.dll ()
MOD - C:\Program Files\AIMP2\OptimFROG.dll ()


========== Win32 Services (SafeList) ==========

SRV - (wusb54gv2svc) -- %systemroot%\system32\NWADI.dll File not found
SRV - (winpppoverethernet) -- %systemroot%\system32\tvicport.dll File not found
SRV - (w200mdm) -- %systemroot%\system32\vds.dll File not found
SRV - (vmkbd2) -- %systemroot%\system32\s3savagemx.dll File not found
SRV - (veteboot) -- %systemroot%\system32\aavmker4.dll File not found
SRV - (tossmbnt) -- %systemroot%\system32\usrbridg.dll File not found
SRV - (streamip) -- %systemroot%\system32\mrxdav.dll File not found
SRV - (stac97) -- %systemroot%\system32\bdrsdrv.dll File not found
SRV - (speedfan) -- %systemroot%\system32\enxpsvc.dll File not found
SRV - (smwdm) -- %systemroot%\system32\QWAVEDRV.dll File not found
SRV - (ser2plms) -- %systemroot%\system32\iAimTV6.dll File not found
SRV - (rtm) -- %systemroot%\system32\vpnva.dll File not found
SRV - (Rawwan) -- %systemroot%\system32\ntservice1.dll File not found
SRV - (qconsvc) -- %systemroot%\system32\CoachAud.dll File not found
SRV - (qbposdbextservices) -- %systemroot%\system32\igniteservice.exe.dll File not found
SRV - (pchost) -- %systemroot%\system32\pcandis5.dll File not found
SRV - (paamsrv) -- %systemroot%\system32\houdiniserver.dll File not found
SRV - (OsaFsLoc) -- %systemroot%\system32\automate6.dll File not found
SRV - (O2SCBUS) -- %systemroot%\system32\cics.region1.dll File not found
SRV - (ntuneservice) -- %systemroot%\system32\asc.dll File not found
SRV - (NETGEAR_MA111) -- %systemroot%\system32\DELTA.dll File not found
SRV - (ndiscm) -- %systemroot%\system32\ARCSOFTVIRTUALCAPTURE.dll File not found
SRV - (mstdc) -- %systemroot%\system32\isdrv122.dll File not found
SRV - (mssqlserver) -- %systemroot%\system32\clisvc.dll File not found
SRV - (LMIRfsDriver) -- %systemroot%\system32\pcscnsrv.dll File not found
SRV - (egathdrv) -- %systemroot%\system32\netw4x32.dll File not found
SRV - (DSI_SiUSBXp_3_1) -- %systemroot%\system32\alcxwdm.dll File not found
SRV - (dnsexit) -- %systemroot%\system32\z525bus.dll File not found
SRV - (CX88AUD) -- %systemroot%\system32\fcdabus.dll File not found
SRV - (CTEDSPFX.DLL) -- %systemroot%\system32\vcomm.dll File not found
SRV - (crystaloutputfileserver) -- %systemroot%\system32\bantext.dll File not found
SRV - (cqmgstor) -- %systemroot%\system32\X10UIF.dll File not found
SRV - (clr_optimization_v2.0.50215_32) -- %systemroot%\system32\netw4x32.dll File not found
SRV - (catchme) -- %systemroot%\system32\remoteregistry.dll File not found
SRV - (bcm4sbxp) -- %systemroot%\system32\ati2mtaa.dll File not found
SRV - (ATSWPDRV) -- %systemroot%\system32\PCDRSRVC.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (qkbfiltr) -- C:\Windows\System32\drivers\qkbfiltr.sys (KM Software Team)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Lucifer Morningstar\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 7E 3B D7 E1 F0 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.159_0\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lucifer Morningstar\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lucifer Morningstar\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files\fbphotozoom\fbphotozoom13.xpi [2012/03/14 19:38:21 | 000,102,233 | ---- | M] ()


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.159_0\npsoe.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Lucifer Morningstar\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SOE Web Installer = C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.159_0\
CHR - Extension: LastPass = C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.4_0\
CHR - Extension: Totoro Rainy Day = C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmiagjknjjfockcklibjlfdojojaffff\1.15_0\
CHR - Extension: FBPHOTOZOOM = C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.6_0\
CHR - Extension: Gmail = C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Keyboard Manager Utility] C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer, INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89FD6307-A626-4384-82FC-F321026DD1E7}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lucifer Morningstar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lucifer Morningstar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/13 20:45:20 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Lucifer Morningstar\Desktop\OTL.exe
[2012/04/13 14:52:57 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{3EF76954-0642-4173-B911-E654D8416DA8}
[2012/04/13 14:52:27 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{15024DD9-8993-44E8-B55F-0A55C90916D7}
[2012/04/13 14:35:42 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/13 14:33:18 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Lucifer Morningstar\Desktop\aswMBR.exe
[2012/04/13 14:32:38 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lucifer Morningstar\Desktop\tdsskiller.exe
[2012/04/13 09:49:29 | 004,460,173 | R--- | C] (Swearware) -- C:\Users\Lucifer Morningstar\Desktop\ComboFix.exe
[2012/04/13 09:48:48 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/04/13 09:03:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/13 09:03:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/13 09:03:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/13 09:03:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/13 09:03:44 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/13 09:00:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/13 02:51:50 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{A31422BF-604D-4521-B6D8-9D4DF596A392}
[2012/04/13 02:51:28 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{7FEA8A28-0FE8-4221-B365-C65BB77D22CA}
[2012/04/12 16:15:19 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\Desktop\malware stuff
[2012/04/12 15:29:27 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Roaming\Malwarebytes
[2012/04/12 15:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/12 15:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/12 15:26:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/12 15:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/12 14:51:03 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{71DAD5DC-1D75-4E06-811A-178A68C84A4A}
[2012/04/12 14:50:53 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{D61B785A-8E2D-4695-8B32-3870F7E805B4}
[2012/04/12 13:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012/04/12 13:51:46 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\Demiurge Studios
[2012/04/12 03:07:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/12 03:07:40 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/12 03:07:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/12 03:07:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/12 03:07:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/12 03:07:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/12 03:07:16 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/12 03:07:15 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/12 02:50:30 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{2F273D5E-A2D9-489D-8735-539CAE181238}
[2012/04/12 02:50:10 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{D92A1CD4-9B04-4975-8BED-1766F2E29835}
[2012/04/11 14:49:57 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{E8B63A4E-6154-423A-85E8-B52EBA5F0BB3}
[2012/04/11 14:49:36 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{0577ADB0-5F5A-45E9-B9CD-16456722ACC5}
[2012/04/11 07:02:34 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Roaming\LegacyGames
[2012/04/11 04:03:31 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Roaming\vlc
[2012/04/11 04:02:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/04/11 04:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/04/11 02:49:13 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{BA401E3C-A113-4465-B4C0-C7ABF3EA3510}
[2012/04/11 02:48:51 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{7B1E52A7-976B-4959-909B-04BFCB2B2197}
[2012/04/10 14:48:39 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{2934ADEA-6245-41E8-BD8E-1DFC6752A748}
[2012/04/10 14:48:18 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{73930A13-0B20-4022-B07C-3203946DB009}
[2012/04/10 02:48:05 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{87E860A6-67B0-4A23-8758-E54D5B0970B7}
[2012/04/10 02:47:45 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{5AE5BE77-4798-4406-9798-367052E7EEF0}
[2012/04/09 14:47:33 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{70923B0F-8167-4F90-ADB7-18D20098D318}
[2012/04/09 14:47:13 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{D0EE2316-8085-47E0-8D04-943FC43D020A}
[2012/04/09 02:47:00 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{EF32204F-0BF4-4444-A4D4-492BC6DF3F48}
[2012/04/09 02:46:39 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{09D93C46-31E3-4369-BC60-34BDA7E1C78D}
[2012/04/08 14:46:26 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{6CE4A77D-EA26-4C77-B327-051EB8F767B3}
[2012/04/08 14:46:05 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{A58A18DE-85B2-4C02-ACFE-B634ECBFFC62}
[2012/04/08 02:45:51 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{97E5DA56-0488-4E02-902E-423FE704624B}
[2012/04/08 02:45:23 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{DDF417D4-7583-4CEC-BD13-B8E339066C19}
[2012/04/07 14:45:10 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{A2E28F56-F50E-4D71-BE50-320AB2B5EBDD}
[2012/04/07 14:44:50 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{F53912B8-E2C5-43AC-B79D-05B38B50C052}
[2012/04/07 02:44:37 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{643C237C-B939-4B97-8827-52600630D168}
[2012/04/07 02:44:22 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{11BAAC24-D409-450A-AE2C-AE1B11970794}
[2012/04/06 14:44:07 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{DFB791A3-C598-476A-AD0C-A88C492D065D}
[2012/04/06 14:43:38 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{8B4695F9-4687-44AF-AC14-1FA6D1B0EF4C}
[2012/04/06 02:43:26 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{D6085089-CCD9-4C24-8022-D2CF270194A7}
[2012/04/06 02:43:03 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{A08997CC-F9EE-4AD8-AE17-89E18022670E}
[2012/04/05 14:42:51 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{DC9EA5A4-A521-41EC-ACE2-177AB78AD910}
[2012/04/05 14:42:41 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{8DCFA5E9-E4D7-4A97-8118-EBBB82B4BD39}
[2012/04/05 02:53:16 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{91FEA736-4ACD-4787-8400-00B0FDF37865}
[2012/04/04 14:52:53 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{4A2BB2B4-B0C4-444B-A0CD-04C9E9DE7174}
[2012/04/04 02:52:31 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{7DE3DB63-BE08-4904-BE5A-B18E4361AF67}
[2012/04/03 14:52:05 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{3A64DE54-42E2-4171-9A9A-C74E24938C17}
[2012/04/03 02:51:44 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{A17CEE97-E36A-4C33-8724-8A8AAA541E08}
[2012/04/02 14:51:08 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{892BF3F3-28BA-4F18-A55E-D3A7BCF171D8}
[2012/04/02 08:19:53 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/02 08:10:43 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\Documents\DeathRoad
[2012/04/02 02:50:36 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{1D25CE55-E236-4ECD-99EF-3EC6DACD4BBE}
[2012/04/01 14:50:12 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{80E27944-6219-4C79-B0BD-3A1E8A6609F4}
[2012/04/01 02:49:40 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{D81CF393-4D1E-43F2-AA05-932D7DF2CA5D}
[2012/03/31 14:49:17 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{F11C77A1-5BA6-4668-8656-A540CBB03CFD}
[2012/03/31 02:48:55 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{F0E3C9FB-B083-481B-9109-AA532FC0BAB9}
[2012/03/30 14:48:31 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{9E0616FB-0816-49D7-844A-8868B88E79D2}
[2012/03/30 02:48:10 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{26392DF8-8D78-4975-9E78-81D7EE162A41}
[2012/03/29 14:47:48 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{6AE221ED-CC8A-402A-AF95-DD40D09351E7}
[2012/03/29 02:47:26 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{6AC600AA-CC45-485C-8927-ED49B229D2E7}
[2012/03/28 22:34:24 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\Desktop\Amalur Save Edit
[2012/03/28 22:02:23 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\Desktop\1992 Countdown To Extinction @320
[2012/03/28 14:47:14 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{1E52ADB8-972D-4B2D-AE7F-E66E23786BC8}
[2012/03/28 14:46:52 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{653CF04D-4CDA-4C3A-B762-48A38D16EC10}
[2012/03/28 02:46:39 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{72721852-39C8-42E0-8143-E2CE5B106AEE}
[2012/03/28 02:46:07 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{BC0A694F-2453-4605-A2D4-8626959E5D28}
[2012/03/27 14:45:55 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{27FEE192-6245-479F-88C3-C6B3C6E3A825}
[2012/03/27 14:45:33 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{CF101359-2ADD-4EEA-8E7B-D54D1364E9FB}
[2012/03/27 02:45:21 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{86143203-5646-4CD4-BD12-0FA16667FBFB}
[2012/03/27 02:44:57 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{F5A2BBE0-361A-4963-940A-EA4BC48BE4AE}
[2012/03/26 14:44:05 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{49E56C3F-D6AA-4E0B-9F2A-F698EE0CF92A}
[2012/03/26 14:43:44 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{6B942774-4B1A-4CA2-B781-14FA408DE943}
[2012/03/26 02:43:31 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{2826F660-BB7F-4DD7-A692-AB89299CF0DE}
[2012/03/26 02:43:06 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{EBEBCFC6-337E-49E5-BC55-9DB654B5CD0A}
[2012/03/25 14:42:46 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{261EA3E4-99C6-48ED-9DDE-6DDD6026EFCA}
[2012/03/25 14:42:22 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{95065EA2-2541-417F-BCB8-D6EDB01F4A01}
[2012/03/25 02:42:09 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{32827740-BFE1-4E21-9B20-E0F78B8298CA}
[2012/03/25 02:41:48 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{0AD6C045-B9FB-4AF9-98FA-E251B580893E}
[2012/03/24 14:41:24 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{85FF4C89-4618-4A13-8E10-9CCDD7C8C1EF}
[2012/03/24 14:40:59 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{87688520-7A34-4DEA-AFAF-10539B2582B3}
[2012/03/24 02:40:43 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{0BD9D965-1B00-4CE5-8172-DCA853194E52}
[2012/03/24 02:40:22 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{54355B4B-0EA9-4D44-9028-13C7091E03B1}
[2012/03/23 14:40:09 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{8ED6A8AB-28AA-49AF-A33C-E7D338DB3B6D}
[2012/03/23 14:39:54 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{53F02F02-2AC8-432A-8E0A-59DF140CCFE2}
[2012/03/23 02:39:42 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{FFBC80BE-2812-4E90-8DB6-971F564217BF}
[2012/03/23 02:39:20 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{1FA6EB43-4DA3-4B16-9545-36F6ACEFA5DA}
[2012/03/22 14:39:00 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{1E202924-2A5E-4461-8A94-82F930C42A06}
[2012/03/22 14:38:37 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{A068F838-0EDF-49A8-820E-E73494F21685}
[2012/03/22 02:38:25 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{382518EC-2E9E-4282-8E02-523C28F582DF}
[2012/03/22 02:38:05 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{939BE9C0-747B-4EC3-9128-6500038C932A}
[2012/03/21 14:37:53 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{DC1FD0E2-141A-4DF8-B9A1-E432E8394D27}
[2012/03/21 14:37:39 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{65EF405D-1677-4473-AEBC-0B4529E17EB5}
[2012/03/21 02:37:26 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{305279AC-D386-4A52-A43D-5EDB5BFC2F52}
[2012/03/21 02:37:00 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{078F571F-C683-4E5A-995F-10F81897EFE9}
[2012/03/20 14:36:36 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{585EFD36-8CFF-4D5C-AD73-A501EA2FFA42}
[2012/03/20 14:36:22 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{D060223D-D964-493F-B967-7DDC4D5A1881}
[2012/03/20 02:36:10 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{3A1F69CC-9BFA-419A-96CA-AFFB96D37B6A}
[2012/03/20 02:35:42 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{0A23B819-51B4-4856-BA85-C1385C54EB4F}
[2012/03/19 14:35:31 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{CE3B35D2-BB08-44F6-8AEA-73208C44AB49}
[2012/03/19 14:35:20 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{4F391BA0-55C9-4AA0-A915-15B59BCB2C7C}
[2012/03/19 02:58:46 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/03/19 02:35:08 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{C2F7477E-6915-4F37-9BB9-082393AF2CD9}
[2012/03/19 02:34:47 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{43D24ED7-DEF6-4318-9EF2-DB88CAEFAF90}
[2012/03/18 14:34:33 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{D8298081-7D8D-4472-A19F-ED1809209348}
[2012/03/18 14:34:21 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{C62BBB40-A77C-437B-B2FA-717331741FF8}
[2012/03/18 02:34:09 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{EB898A16-EEEC-4BB7-91FA-360CD199631C}
[2012/03/18 02:33:44 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{A75FD805-A923-4FBA-A7A3-A55A40C8991F}
[2012/03/17 14:33:33 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{2CCDAF47-273E-43E3-BE10-9E73956DCB6E}
[2012/03/17 14:33:11 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{CDB74869-C7B6-480D-AF50-417CD97503F4}
[2012/03/17 05:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/03/17 05:18:53 | 019,444,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/03/17 05:18:53 | 010,819,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/03/17 05:18:53 | 005,892,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/03/17 05:18:53 | 002,517,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/03/17 05:18:53 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/03/17 05:18:53 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/03/17 05:18:51 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/03/17 02:32:49 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{8EEDF2AF-CD92-4ED6-8EC5-3C4C85F6E96F}
[2012/03/17 02:32:27 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{51D6D035-8738-4132-A473-2DA4AF18F22B}
[2012/03/16 14:32:15 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{BEF3B710-60D7-47EB-B597-CF6738E1F0AB}
[2012/03/16 14:31:53 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{0A614804-FCC5-4BBD-BD41-EFC1D7E13ACA}
[2012/03/16 02:31:40 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{A107AFF9-AB87-4D9C-AE85-665BC47281E9}
[2012/03/16 02:31:13 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{61C96FC5-C336-4380-A9A2-A5FD739D2B8E}
[2012/03/15 18:53:05 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\Desktop\bin
[2012/03/15 14:31:02 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{C2EBB115-36E6-4BA5-B211-D3DCA0DA3E26}
[2012/03/15 14:30:41 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{08CA1834-14B8-469D-861D-CDEE80C7BB1D}
[2012/03/15 06:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012/03/15 02:30:29 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{91DF2A8D-A376-44B2-9680-6F51C28E44B1}
[2012/03/15 02:30:04 | 000,000,000 | ---D | C] -- C:\Users\Lucifer Morningstar\AppData\Local\{6E8188AD-73A4-49F2-9056-9778B46D4EA2}

========== Files - Modified Within 30 Days ==========

[2012/04/13 20:45:28 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Lucifer Morningstar\Desktop\OTL.exe
[2012/04/13 20:20:01 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1361915471-2963087161-2656352562-1000UA.job
[2012/04/13 20:09:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/13 20:09:30 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/13 20:09:30 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/13 19:38:57 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/13 19:38:57 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/13 15:44:22 | 000,647,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/13 15:44:22 | 000,124,576 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/13 15:38:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/13 15:38:50 | 3186,827,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/13 15:01:45 | 000,000,512 | ---- | M] () -- C:\Users\Lucifer Morningstar\Desktop\MBR.dat
[2012/04/13 14:34:36 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Lucifer Morningstar\Desktop\aswMBR.exe
[2012/04/13 14:33:32 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lucifer Morningstar\Desktop\tdsskiller.exe
[2012/04/13 08:50:45 | 004,460,173 | R--- | M] (Swearware) -- C:\Users\Lucifer Morningstar\Desktop\ComboFix.exe
[2012/04/13 04:20:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1361915471-2963087161-2656352562-1000Core.job
[2012/04/13 03:47:58 | 002,155,262 | ---- | M] () -- C:\Users\Lucifer Morningstar\Desktop\Skyprince PE7.pdf
[2012/04/13 02:40:31 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/04/12 13:51:07 | 000,000,711 | ---- | M] () -- C:\Users\Public\Desktop\Shoot Many Robots.lnk
[2012/04/11 07:00:35 | 000,081,920 | ---- | M] () -- C:\Users\Lucifer Morningstar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/11 04:06:15 | 000,000,859 | ---- | M] () -- C:\Users\Lucifer Morningstar\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/02 08:17:53 | 000,230,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/02 08:09:52 | 000,000,819 | ---- | M] () -- C:\Users\Lucifer Morningstar\Desktop\MassEffect3 - Shortcut.lnk
[2012/03/20 23:40:22 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012/03/16 23:17:20 | 000,016,723 | ---- | M] () -- C:\Users\Lucifer Morningstar\Desktop\rtgy.png

========== Files Created - No Company Name ==========

[2012/04/13 15:38:50 | 3186,827,264 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/13 15:01:45 | 000,000,512 | ---- | C] () -- C:\Users\Lucifer Morningstar\Desktop\MBR.dat
[2012/04/13 09:03:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/13 09:03:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/13 09:03:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/13 09:03:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/13 09:03:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/12 13:51:07 | 000,000,711 | ---- | C] () -- C:\Users\Public\Desktop\Shoot Many Robots.lnk
[2012/04/12 12:55:54 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/04/11 04:06:15 | 000,000,859 | ---- | C] () -- C:\Users\Lucifer Morningstar\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2012/04/02 08:19:55 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/16 23:17:20 | 000,016,723 | ---- | C] () -- C:\Users\Lucifer Morningstar\Desktop\rtgy.png
[2012/02/29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/02/16 03:18:21 | 000,000,027 | -HS- | C] () -- C:\Windows\System32\Userdata.ini
[2012/02/15 17:13:39 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/01/24 03:50:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/01/24 03:49:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/01/24 01:23:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/01/23 21:57:17 | 000,081,920 | ---- | C] () -- C:\Users\Lucifer Morningstar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/23 21:39:48 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2012/01/23 21:24:46 | 000,000,680 | ---- | C] () -- C:\Users\Lucifer Morningstar\AppData\Local\d3d9caps.dat

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:58 AM

Posted 13 April 2012 - 04:54 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe
    FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.159_0\npsoe.dll ()
    O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
    [2012/04/13 02:40:31 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 NocturnalPulse

NocturnalPulse
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 13 April 2012 - 11:14 PM

I didn't notice any visible improvement. Other than that, I have combofix debris in C, some .vir files appearing blue in Qoobox\Quarintine...


OTL fix log;



========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\Setup.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3\ deleted successfully.
C:\Users\Lucifer Morningstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.159_0\npsoe.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}\ deleted successfully.
C:\Program Files\IMinent Toolbar\tbcore3.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\ deleted successfully.
File C:\Program Files\IMinent Toolbar\tbcore3.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\ not found.
File C:\Program Files\IMinent Toolbar\tbcore3.dll not found.
C:\Windows\System32\dds_trash_log.cmd moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Lucifer Morningstar\Desktop\cmd.bat deleted successfully.
C:\Users\Lucifer Morningstar\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Lucifer Morningstar
->Java cache emptied: 548527 bytes

User: Public

Total Java Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Lucifer Morningstar
->Flash cache emptied: 2172 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04142012_060438

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:58 AM

Posted 13 April 2012 - 11:27 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 NocturnalPulse

NocturnalPulse
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 14 April 2012 - 02:55 AM

File not found.

edit1:Would you like me to support with some screen shots?

Edit2: Good news. I took the initiative and renamed the old ComboFix directory into -ComboFix. Downloaded it again, and ran it. It worked. Rootkit detected, successfully rebooted and got the log file.

Edited by NocturnalPulse, 14 April 2012 - 07:33 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users