Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help removing Abnow.com search redirect virus/malware


  • This topic is locked This topic is locked
37 replies to this topic

#1 mikereno1

mikereno1

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 15 April 2012 - 10:39 PM

I have some virus/malware causing all search engine result links to be redirected to other websites. After searching for Reno, NV on google the results come up as expected but anytime I try to follow a result link something similar to this (http://abnow.com/?search=reno%2C+nv&subid=73&key=0e9f36d240e9d9f82456)comes up in the web address while it is waiting and then about 5 seconds later a strange website pops up, sometimes Asktofriends or similar sites.

I've tried a few anti=virus programs with no luck. Ive searched my loaded driver list and didnt see any obviously strange ones listed, but did have a couple hundred driver that did not load so not sure why that is.

I posted on the Am I Infected forum ( http://www.bleepingcomputer.com/forums/topic450140.html ) and was told I needed to come here next. Please help. My DDS log is below and attached. I did not generate a GMER log as I am running 64-bit.

----------------------------------------------------------------------------DDS text log--------------------------------------------------------------------------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by OBrien at 20:22:02 on 2012-04-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3817.2429 [GMT -7:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\XFastUsb\XFastUsb.exe
C:\Program Files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\OBrien\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\SOUNDGRAPH\iMON\iMON.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Splashtop Connect SearchHook: {0f3dc9e0-c459-4a40-bcf8-747bd9322e10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
mURLSearchHooks: Splashtop Connect SearchHook: {0f3dc9e0-c459-4a40-bcf8-747bd9322e10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
uWinlogon: Shell=C:\Users\OBrien\AppData\Local\379f93cd\X
BHO: Splashtop Connect VisualBookmark: {0e5680d1-bf44-4929-94af-fd30d784ad1d} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ASRockXTU]
uRun: [zASRockInstantBoot]
uRun: [KB00531245.exe] "C:\Users\OBrien\AppData\Roaming\KB00531245.exe"
mRun: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
mRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [iMON] C:\Program Files (x86)\SOUNDGRAPH\iMON\iMON.exe /startup
mRun: [MozillaAgent] C:\Windows\Temp\_ex-68.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
dRunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MEDIAB~1.LNK - C:\Program Files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6B4E13E5-627F-484F-AD07-DEDF9A32748E} : DhcpNameServer = 192.168.1.254
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Splashtop Connect VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
BHO-X64: Somoto Toolbar - No File
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
BHO-X64: Vuze Remote - No File
TB-X64: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - C:\Program Files (x86)\somototoolbar\vmntemplateX.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
mRun-x64: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [iMON] C:\Program Files (x86)\SOUNDGRAPH\iMON\iMON.exe /startup
mRun-x64: [MozillaAgent] C:\Windows\Temp\_ex-68.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\OBrien\AppData\Roaming\Mozilla\Firefox\Profiles\q57szrjb.default\
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AsrAppCharger;AsrAppCharger;C:\Windows\system32\DRIVERS\AsrAppCharger.sys --> C:\Windows\system32\DRIVERS\AsrAppCharger.sys [?]
R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\system32\DRIVERS\CLBStor.sys --> C:\Windows\system32\DRIVERS\CLBStor.sys [?]
R1 FNETURPX;FNETURPX;C:\Windows\system32\drivers\FNETURPX.SYS --> C:\Windows\system32\drivers\FNETURPX.SYS [?]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-4-29 101720]
R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\system32\drivers\CLBUDF.sys --> C:\Windows\system32\drivers\CLBUDF.sys [?]
R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [2011-9-13 40960]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-5-17 2804280]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-23 2656280]
R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-3-22 497480]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
R3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-8-23 79360]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/09/15 17:22:14;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-18 240112]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-8-23 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-8-23 79360]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\system32\drivers\FNETTBOH_305.SYS --> C:\Windows\system32\drivers\FNETTBOH_305.SYS [?]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
.
=============== Created Last 30 ================
.
2012-04-16 02:18:09 -------- d-----w- C:\Users\OBrien\AppData\Roaming\Malwarebytes
2012-04-16 02:17:58 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-16 02:17:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-15 04:19:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-15 03:22:08 -------- d-----w- C:\Windows\pss
2012-04-15 02:52:59 -------- d-----w- C:\Windows\PCHEALTH
2012-04-15 02:51:15 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-04-15 02:50:42 -------- d-----w- C:\Users\OBrien\AppData\Local\Microsoft Help
2012-04-15 02:49:18 -------- d-----w- C:\IUware Online
2012-04-15 02:40:14 -------- d-----w- C:\Users\OBrien\AppData\Roaming\SpeedyPC Software
2012-04-15 02:40:14 -------- d-----w- C:\Users\OBrien\AppData\Roaming\DriverCure
2012-04-15 02:40:11 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-04-14 22:38:27 -------- d-----w- C:\Users\OBrien\AppData\Local\adaware
2012-04-14 22:38:23 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-04-14 22:38:21 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-04-14 22:38:21 45904 ----a-w- C:\Windows\System32\sbbd.exe
2012-04-14 22:38:16 94296 ----a-w- C:\Windows\System32\drivers\sbtis.sys
2012-04-14 22:38:16 60504 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-04-14 22:38:12 84568 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-04-14 22:38:12 253528 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-04-14 22:38:12 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-04-14 21:56:56 -------- d-----w- C:\Users\OBrien\AppData\Roaming\Ad-Aware Antivirus
2012-04-05 21:21:16 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-05 21:21:16 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
.
==================== Find3M ====================
.
2012-04-16 03:10:58 0 --sha-w- C:\Windows\System32\dds_log_ad13.cmd
2012-03-10 02:55:59 0 --sha-w- C:\Windows\System32\dds_log_trash.cmd
2012-03-07 16:36:59 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 20:22:44.47 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:07 AM

Posted 16 April 2012 - 12:54 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mikereno1

mikereno1
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 16 April 2012 - 02:09 PM

I am not able to get combofix to run. I can download it from the link provided but all I can do is run or cancel. No option to save. If I run it a box and some green text scroll through for a couple seconds and then go away and nothing really happens, no log or anything like that.....here is the security check log

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Ad-Aware Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus Engine SBAMSvc.exe
``````````End of Log````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:07 AM

Posted 16 April 2012 - 05:51 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mikereno1

mikereno1
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 16 April 2012 - 08:39 PM

Got both logs fine. Wasnt able to save the programs to my desktop, only had options to cancel or run after download


18:24:19.0095 1780 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
18:24:19.0719 1780 ============================================================
18:24:19.0719 1780 Current date / time: 2012/04/16 18:24:19.0719
18:24:19.0719 1780 SystemInfo:
18:24:19.0719 1780
18:24:19.0719 1780 OS Version: 6.1.7601 ServicePack: 1.0
18:24:19.0719 1780 Product type: Workstation
18:24:19.0719 1780 ComputerName: HTPC
18:24:19.0719 1780 UserName: OBrien
18:24:19.0719 1780 Windows directory: C:\Windows
18:24:19.0719 1780 System windows directory: C:\Windows
18:24:19.0719 1780 Running under WOW64
18:24:19.0719 1780 Processor architecture: Intel x64
18:24:19.0719 1780 Number of processors: 4
18:24:19.0719 1780 Page size: 0x1000
18:24:19.0719 1780 Boot type: Normal boot
18:24:19.0719 1780 ============================================================
18:24:20.0359 1780 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:24:20.0359 1780 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:24:20.0359 1780 \Device\Harddisk0\DR0:
18:24:20.0359 1780 MBR used
18:24:20.0359 1780 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:24:20.0359 1780 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800
18:24:20.0359 1780 \Device\Harddisk1\DR1:
18:24:20.0359 1780 GPT used
18:24:20.0359 1780 \Device\Harddisk1\DR1\Partition0: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {488B0565-0264-492F-BB6A-5D0781AFED45}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
18:24:20.0359 1780 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {270FB89C-D720-44E4-BAC0-08FB84B881B3}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x3F800
18:24:20.0359 1780 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {4A18C108-AA99-44F1-958B-7866BD2C0328}, Name: Basic data partition, StartLBA 0x80800, BlocksNum 0xE8D87800
18:24:20.0406 1780 Initialize success
18:24:20.0406 1780 ============================================================
18:24:23.0650 2388 ============================================================
18:24:23.0650 2388 Scan started
18:24:23.0650 2388 Mode: Manual;
18:24:23.0650 2388 ============================================================
18:24:23.0931 2388 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:24:23.0947 2388 1394ohci - ok
18:24:23.0978 2388 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:24:23.0978 2388 ACPI - ok
18:24:24.0009 2388 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:24:24.0009 2388 AcpiPmi - ok
18:24:24.0025 2388 Ad-Aware Service (fb182ad520910442abf146bb325de79b) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
18:24:24.0040 2388 Ad-Aware Service - ok
18:24:24.0072 2388 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
18:24:24.0087 2388 adp94xx - ok
18:24:24.0118 2388 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
18:24:24.0134 2388 adpahci - ok
18:24:24.0165 2388 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
18:24:24.0165 2388 adpu320 - ok
18:24:24.0196 2388 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:24:24.0196 2388 AeLookupSvc - ok
18:24:24.0259 2388 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:24:24.0274 2388 AFD - ok
18:24:24.0306 2388 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:24:24.0306 2388 agp440 - ok
18:24:24.0337 2388 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:24:24.0337 2388 ALG - ok
18:24:24.0368 2388 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:24:24.0384 2388 aliide - ok
18:24:24.0399 2388 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:24:24.0415 2388 amdide - ok
18:24:24.0446 2388 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
18:24:24.0446 2388 AmdK8 - ok
18:24:24.0477 2388 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
18:24:24.0477 2388 AmdPPM - ok
18:24:24.0508 2388 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
18:24:24.0524 2388 amdsata - ok
18:24:24.0555 2388 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
18:24:24.0555 2388 amdsbs - ok
18:24:24.0586 2388 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
18:24:24.0602 2388 amdxata - ok
18:24:24.0633 2388 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:24:24.0633 2388 AppID - ok
18:24:24.0649 2388 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:24:24.0664 2388 AppIDSvc - ok
18:24:24.0680 2388 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:24:24.0696 2388 Appinfo - ok
18:24:24.0711 2388 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
18:24:24.0727 2388 AppMgmt - ok
18:24:24.0758 2388 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
18:24:24.0758 2388 arc - ok
18:24:24.0789 2388 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
18:24:24.0805 2388 arcsas - ok
18:24:24.0820 2388 AsrAppCharger (912a215ce180a6e7c923c662d7ec777d) C:\Windows\system32\DRIVERS\AsrAppCharger.sys
18:24:24.0945 2388 AsrAppCharger - ok
18:24:24.0961 2388 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:24:24.0976 2388 AsyncMac - ok
18:24:25.0008 2388 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:24:25.0008 2388 atapi - ok
18:24:25.0039 2388 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:24:25.0039 2388 AudioEndpointBuilder - ok
18:24:25.0054 2388 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:24:25.0070 2388 AudioSrv - ok
18:24:25.0086 2388 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:24:25.0101 2388 AxInstSV - ok
18:24:25.0132 2388 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
18:24:25.0132 2388 b06bdrv - ok
18:24:25.0164 2388 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:24:25.0179 2388 b57nd60a - ok
18:24:25.0210 2388 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:24:25.0210 2388 BDESVC - ok
18:24:25.0242 2388 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:24:25.0242 2388 Beep - ok
18:24:25.0273 2388 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:24:25.0288 2388 BFE - ok
18:24:25.0320 2388 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:24:25.0335 2388 BITS - ok
18:24:25.0366 2388 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:24:25.0366 2388 blbdrive - ok
18:24:25.0398 2388 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:24:25.0398 2388 bowser - ok
18:24:25.0429 2388 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
18:24:25.0429 2388 BrFiltLo - ok
18:24:25.0460 2388 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
18:24:25.0476 2388 BrFiltUp - ok
18:24:25.0507 2388 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:24:25.0507 2388 BridgeMP - ok
18:24:25.0538 2388 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:24:25.0538 2388 Browser - ok
18:24:25.0569 2388 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:24:25.0585 2388 Brserid - ok
18:24:25.0616 2388 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:24:25.0616 2388 BrSerWdm - ok
18:24:25.0647 2388 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:24:25.0663 2388 BrUsbMdm - ok
18:24:25.0678 2388 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:24:25.0694 2388 BrUsbSer - ok
18:24:25.0725 2388 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
18:24:25.0725 2388 BTHMODEM - ok
18:24:25.0756 2388 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:24:25.0756 2388 bthserv - ok
18:24:25.0788 2388 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:24:25.0803 2388 cdfs - ok
18:24:25.0834 2388 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:24:25.0850 2388 cdrom - ok
18:24:25.0881 2388 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:24:25.0881 2388 CertPropSvc - ok
18:24:25.0912 2388 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
18:24:25.0928 2388 circlass - ok
18:24:25.0959 2388 CLBStor (125327df629324fad78d9a95ccd0f425) C:\Windows\system32\DRIVERS\CLBStor.sys
18:24:25.0959 2388 CLBStor - ok
18:24:26.0006 2388 CLBUDF (9c0cd75fea24e7e0e835eee7f14406f7) C:\Windows\system32\drivers\CLBUDF.sys
18:24:26.0022 2388 CLBUDF - ok
18:24:26.0053 2388 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:24:26.0053 2388 CLFS - ok
18:24:26.0068 2388 CLKMSVC10_9EC60124 (4642b5a3e0d2e61d08163de95fc5b949) C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
18:24:26.0084 2388 CLKMSVC10_9EC60124 - ok
18:24:26.0100 2388 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:24:26.0115 2388 clr_optimization_v2.0.50727_32 - ok
18:24:26.0131 2388 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:24:26.0131 2388 clr_optimization_v2.0.50727_64 - ok
18:24:26.0209 2388 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
18:24:26.0224 2388 CmBatt - ok
18:24:26.0256 2388 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:24:26.0256 2388 cmdide - ok
18:24:26.0287 2388 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
18:24:26.0302 2388 CNG - ok
18:24:26.0334 2388 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
18:24:26.0334 2388 Compbatt - ok
18:24:26.0365 2388 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:24:26.0380 2388 CompositeBus - ok
18:24:26.0396 2388 COMSysApp - ok
18:24:26.0427 2388 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
18:24:26.0427 2388 crcdisk - ok
18:24:26.0443 2388 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
18:24:26.0630 2388 Creative ALchemy AL6 Licensing Service - ok
18:24:26.0646 2388 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
18:24:26.0646 2388 Creative Audio Engine Licensing Service - ok
18:24:26.0677 2388 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:24:26.0677 2388 CryptSvc - ok
18:24:26.0708 2388 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:24:26.0724 2388 CSC - ok
18:24:26.0770 2388 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
18:24:26.0770 2388 CscService - ok
18:24:26.0786 2388 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
18:24:26.0802 2388 CTAudSvcService - ok
18:24:26.0848 2388 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:24:26.0864 2388 DcomLaunch - ok
18:24:26.0895 2388 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:24:26.0911 2388 defragsvc - ok
18:24:26.0942 2388 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:24:26.0942 2388 DfsC - ok
18:24:26.0973 2388 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:24:26.0989 2388 Dhcp - ok
18:24:27.0004 2388 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:24:27.0020 2388 discache - ok
18:24:27.0051 2388 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
18:24:27.0067 2388 Disk - ok
18:24:27.0082 2388 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
18:24:27.0098 2388 dmvsc - ok
18:24:27.0114 2388 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:24:27.0129 2388 Dnscache - ok
18:24:27.0160 2388 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:24:27.0176 2388 dot3svc - ok
18:24:27.0207 2388 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:24:27.0207 2388 DPS - ok
18:24:27.0238 2388 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:24:27.0238 2388 drmkaud - ok
18:24:27.0285 2388 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:24:27.0285 2388 DXGKrnl - ok
18:24:27.0316 2388 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:24:27.0316 2388 EapHost - ok
18:24:27.0394 2388 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
18:24:27.0426 2388 ebdrv - ok
18:24:27.0457 2388 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
18:24:27.0457 2388 EFS - ok
18:24:27.0472 2388 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:24:27.0488 2388 ehRecvr - ok
18:24:27.0488 2388 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:24:27.0504 2388 ehSched - ok
18:24:27.0535 2388 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
18:24:27.0535 2388 elxstor - ok
18:24:27.0566 2388 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:24:27.0566 2388 ErrDev - ok
18:24:27.0597 2388 EtronHub3 (df2f6c1e55f6e81cfc7f688380d85816) C:\Windows\system32\Drivers\EtronHub3.sys
18:24:27.0847 2388 EtronHub3 - ok
18:24:27.0878 2388 EtronXHCI (e093abfb67a4b9d94f80611a7d0a8bb9) C:\Windows\system32\Drivers\EtronXHCI.sys
18:24:28.0174 2388 EtronXHCI - ok
18:24:28.0206 2388 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:24:28.0206 2388 EventSystem - ok
18:24:28.0237 2388 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:24:28.0237 2388 exfat - ok
18:24:28.0268 2388 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:24:28.0284 2388 fastfat - ok
18:24:28.0315 2388 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:24:28.0330 2388 Fax - ok
18:24:28.0362 2388 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:24:28.0377 2388 fdc - ok
18:24:28.0393 2388 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:24:28.0408 2388 fdPHost - ok
18:24:28.0440 2388 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:24:28.0455 2388 FDResPub - ok
18:24:28.0486 2388 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:24:28.0486 2388 FileInfo - ok
18:24:28.0518 2388 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:24:28.0533 2388 Filetrace - ok
18:24:28.0549 2388 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
18:24:28.0564 2388 flpydisk - ok
18:24:28.0596 2388 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:24:28.0596 2388 FltMgr - ok
18:24:28.0627 2388 FNETTBOH_305 (fe95ae537b41a7e2f4cfe353064dc4af) C:\Windows\system32\drivers\FNETTBOH_305.SYS
18:24:28.0642 2388 FNETTBOH_305 - ok
18:24:28.0674 2388 FNETURPX (7c3c4b4c951ec1bdfd4f769d05e2cc68) C:\Windows\system32\drivers\FNETURPX.SYS
18:24:28.0674 2388 FNETURPX - ok
18:24:28.0705 2388 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
18:24:28.0720 2388 FontCache - ok
18:24:28.0736 2388 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:24:28.0736 2388 FontCache3.0.0.0 - ok
18:24:28.0767 2388 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:24:28.0783 2388 FsDepends - ok
18:24:28.0798 2388 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:24:28.0814 2388 Fs_Rec - ok
18:24:28.0845 2388 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:24:28.0845 2388 fvevol - ok
18:24:28.0876 2388 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
18:24:28.0892 2388 gagp30kx - ok
18:24:28.0923 2388 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:24:28.0939 2388 gpsvc - ok
18:24:28.0970 2388 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:24:28.0970 2388 hcw85cir - ok
18:24:29.0001 2388 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:24:29.0017 2388 HdAudAddService - ok
18:24:29.0048 2388 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:24:29.0048 2388 HDAudBus - ok
18:24:29.0095 2388 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
18:24:29.0095 2388 HidBatt - ok
18:24:29.0126 2388 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
18:24:29.0142 2388 HidBth - ok
18:24:29.0157 2388 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
18:24:29.0173 2388 HidIr - ok
18:24:29.0204 2388 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:24:29.0204 2388 hidserv - ok
18:24:29.0235 2388 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:24:29.0235 2388 HidUsb - ok
18:24:29.0266 2388 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:24:29.0266 2388 hkmsvc - ok
18:24:29.0298 2388 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:24:29.0298 2388 HomeGroupListener - ok
18:24:29.0329 2388 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:24:29.0329 2388 HomeGroupProvider - ok
18:24:29.0344 2388 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:24:29.0360 2388 HpSAMD - ok
18:24:29.0391 2388 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:24:29.0407 2388 HTTP - ok
18:24:29.0422 2388 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:24:29.0438 2388 hwpolicy - ok
18:24:29.0454 2388 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:24:29.0469 2388 i8042prt - ok
18:24:29.0500 2388 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
18:24:29.0516 2388 iaStorV - ok
18:24:29.0532 2388 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:24:29.0547 2388 idsvc - ok
18:24:29.0672 2388 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:24:29.0812 2388 igfx - ok
18:24:29.0844 2388 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
18:24:29.0844 2388 iirsp - ok
18:24:29.0875 2388 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:24:29.0890 2388 IKEEXT - ok
18:24:29.0937 2388 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
18:24:29.0953 2388 IntcAzAudAddService - ok
18:24:30.0000 2388 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
18:24:30.0000 2388 IntcDAud - ok
18:24:30.0031 2388 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:24:30.0031 2388 intelide - ok
18:24:30.0062 2388 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:24:30.0078 2388 intelppm - ok
18:24:30.0093 2388 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:24:30.0109 2388 IPBusEnum - ok
18:24:30.0124 2388 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:24:30.0140 2388 IpFilterDriver - ok
18:24:30.0156 2388 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:24:30.0171 2388 iphlpsvc - ok
18:24:30.0202 2388 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:24:30.0202 2388 IPMIDRV - ok
18:24:30.0234 2388 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:24:30.0249 2388 IPNAT - ok
18:24:30.0280 2388 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:24:30.0280 2388 IRENUM - ok
18:24:30.0327 2388 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:24:30.0327 2388 isapnp - ok
18:24:30.0374 2388 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:24:30.0374 2388 iScsiPrt - ok
18:24:30.0405 2388 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:24:30.0421 2388 kbdclass - ok
18:24:30.0452 2388 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:24:30.0452 2388 kbdhid - ok
18:24:30.0483 2388 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:24:30.0483 2388 KeyIso - ok
18:24:30.0530 2388 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
18:24:30.0530 2388 KSecDD - ok
18:24:30.0561 2388 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
18:24:30.0561 2388 KSecPkg - ok
18:24:30.0592 2388 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:24:30.0592 2388 ksthunk - ok
18:24:30.0624 2388 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:24:30.0639 2388 KtmRm - ok
18:24:30.0702 2388 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:24:30.0717 2388 LanmanServer - ok
18:24:30.0733 2388 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:24:30.0748 2388 LanmanWorkstation - ok
18:24:30.0764 2388 LightScribeService (fa4a45c179ab0e0f1a31b9751d4b18d7) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:24:30.0858 2388 LightScribeService - ok
18:24:30.0889 2388 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:24:30.0889 2388 lltdio - ok
18:24:30.0920 2388 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:24:30.0920 2388 lltdsvc - ok
18:24:30.0951 2388 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:24:30.0951 2388 lmhosts - ok
18:24:30.0967 2388 LMS (98b16e756243bea9410e32025b19c06f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:24:30.0967 2388 LMS - ok
18:24:30.0998 2388 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
18:24:30.0998 2388 LSI_FC - ok
18:24:31.0029 2388 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
18:24:31.0045 2388 LSI_SAS - ok
18:24:31.0060 2388 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
18:24:31.0076 2388 LSI_SAS2 - ok
18:24:31.0107 2388 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
18:24:31.0123 2388 LSI_SCSI - ok
18:24:31.0154 2388 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:24:31.0154 2388 luafv - ok
18:24:31.0185 2388 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:24:31.0185 2388 Mcx2Svc - ok
18:24:31.0216 2388 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
18:24:31.0232 2388 megasas - ok
18:24:31.0263 2388 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
18:24:31.0263 2388 MegaSR - ok
18:24:31.0294 2388 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
18:24:31.0310 2388 MEIx64 - ok
18:24:31.0326 2388 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:24:31.0341 2388 MMCSS - ok
18:24:31.0372 2388 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:24:31.0372 2388 Modem - ok
18:24:31.0404 2388 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:24:31.0419 2388 monitor - ok
18:24:31.0435 2388 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:24:31.0450 2388 mouclass - ok
18:24:31.0482 2388 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:24:31.0482 2388 mouhid - ok
18:24:31.0513 2388 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:24:31.0528 2388 mountmgr - ok
18:24:31.0560 2388 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:24:31.0560 2388 mpio - ok
18:24:31.0591 2388 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:24:31.0606 2388 mpsdrv - ok
18:24:31.0638 2388 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:24:31.0653 2388 MpsSvc - ok
18:24:31.0684 2388 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:24:31.0700 2388 MRxDAV - ok
18:24:31.0731 2388 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:24:31.0731 2388 mrxsmb - ok
18:24:31.0762 2388 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:24:31.0778 2388 mrxsmb10 - ok
18:24:31.0809 2388 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:24:31.0825 2388 mrxsmb20 - ok
18:24:31.0840 2388 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:24:31.0856 2388 msahci - ok
18:24:31.0887 2388 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:24:31.0887 2388 msdsm - ok
18:24:31.0918 2388 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:24:31.0934 2388 MSDTC - ok
18:24:31.0965 2388 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:24:31.0965 2388 Msfs - ok
18:24:31.0996 2388 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:24:32.0012 2388 mshidkmdf - ok
18:24:32.0028 2388 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:24:32.0043 2388 msisadrv - ok
18:24:32.0059 2388 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:24:32.0074 2388 MSiSCSI - ok
18:24:32.0090 2388 msiserver - ok
18:24:32.0121 2388 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:24:32.0137 2388 MSKSSRV - ok
18:24:32.0168 2388 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:24:32.0168 2388 MSPCLOCK - ok
18:24:32.0199 2388 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:24:32.0215 2388 MSPQM - ok
18:24:32.0246 2388 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:24:32.0262 2388 MsRPC - ok
18:24:32.0277 2388 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:24:32.0293 2388 mssmbios - ok
18:24:32.0324 2388 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:24:32.0324 2388 MSTEE - ok
18:24:32.0355 2388 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
18:24:32.0371 2388 MTConfig - ok
18:24:32.0386 2388 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:24:32.0402 2388 Mup - ok
18:24:32.0433 2388 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:24:32.0433 2388 napagent - ok
18:24:32.0480 2388 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:24:32.0480 2388 NativeWifiP - ok
18:24:32.0527 2388 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:24:32.0542 2388 NDIS - ok
18:24:32.0574 2388 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:24:32.0589 2388 NdisCap - ok
18:24:32.0620 2388 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:24:32.0636 2388 NdisTapi - ok
18:24:32.0652 2388 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:24:32.0667 2388 Ndisuio - ok
18:24:32.0698 2388 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:24:32.0714 2388 NdisWan - ok
18:24:32.0730 2388 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:24:32.0745 2388 NDProxy - ok
18:24:32.0776 2388 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:24:32.0776 2388 NetBIOS - ok
18:24:32.0808 2388 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:24:32.0823 2388 NetBT - ok
18:24:32.0839 2388 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:24:32.0854 2388 Netlogon - ok
18:24:32.0886 2388 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:24:32.0886 2388 Netman - ok
18:24:32.0917 2388 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:24:32.0917 2388 netprofm - ok
18:24:32.0917 2388 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:24:32.0932 2388 NetTcpPortSharing - ok
18:24:32.0964 2388 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
18:24:32.0964 2388 nfrd960 - ok
18:24:32.0995 2388 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:24:33.0010 2388 NlaSvc - ok
18:24:33.0026 2388 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:24:33.0042 2388 Npfs - ok
18:24:33.0057 2388 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:24:33.0073 2388 nsi - ok
18:24:33.0104 2388 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:24:33.0104 2388 nsiproxy - ok
18:24:33.0151 2388 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
18:24:33.0182 2388 Ntfs - ok
18:24:33.0213 2388 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:24:33.0213 2388 Null - ok
18:24:33.0244 2388 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
18:24:33.0260 2388 nvraid - ok
18:24:33.0291 2388 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
18:24:33.0291 2388 nvstor - ok
18:24:33.0322 2388 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:24:33.0322 2388 nv_agp - ok
18:24:33.0354 2388 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:24:33.0369 2388 ohci1394 - ok
18:24:33.0385 2388 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:24:33.0400 2388 p2pimsvc - ok
18:24:33.0432 2388 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:24:33.0432 2388 p2psvc - ok
18:24:33.0463 2388 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:24:33.0478 2388 Parport - ok
18:24:33.0510 2388 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:24:33.0510 2388 partmgr - ok
18:24:33.0541 2388 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:24:33.0541 2388 PcaSvc - ok
18:24:33.0572 2388 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:24:33.0588 2388 pci - ok
18:24:33.0619 2388 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:24:33.0619 2388 pciide - ok
18:24:33.0650 2388 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
18:24:33.0666 2388 pcmcia - ok
18:24:33.0697 2388 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:24:33.0697 2388 pcw - ok
18:24:33.0728 2388 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:24:33.0744 2388 PEAUTH - ok
18:24:33.0790 2388 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
18:24:33.0806 2388 PeerDistSvc - ok
18:24:33.0837 2388 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:24:33.0837 2388 PerfHost - ok
18:24:33.0884 2388 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:24:33.0900 2388 pla - ok
18:24:33.0915 2388 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:24:33.0931 2388 PlugPlay - ok
18:24:33.0946 2388 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:24:33.0962 2388 PNRPAutoReg - ok
18:24:33.0993 2388 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:24:34.0009 2388 PNRPsvc - ok
18:24:34.0024 2388 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:24:34.0040 2388 PolicyAgent - ok
18:24:34.0071 2388 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:24:34.0087 2388 Power - ok
18:24:34.0118 2388 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:24:34.0118 2388 PptpMiniport - ok
18:24:34.0149 2388 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
18:24:34.0165 2388 Processor - ok
18:24:34.0180 2388 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:24:34.0196 2388 ProfSvc - ok
18:24:34.0227 2388 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:24:34.0227 2388 ProtectedStorage - ok
18:24:34.0258 2388 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:24:34.0274 2388 Psched - ok
18:24:34.0321 2388 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
18:24:34.0352 2388 ql2300 - ok
18:24:34.0368 2388 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
18:24:34.0383 2388 ql40xx - ok
18:24:34.0399 2388 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:24:34.0414 2388 QWAVE - ok
18:24:34.0446 2388 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:24:34.0446 2388 QWAVEdrv - ok
18:24:34.0477 2388 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:24:34.0477 2388 RasAcd - ok
18:24:34.0508 2388 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:24:34.0524 2388 RasAgileVpn - ok
18:24:34.0539 2388 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:24:34.0555 2388 RasAuto - ok
18:24:34.0586 2388 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:24:34.0586 2388 Rasl2tp - ok
18:24:34.0617 2388 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:24:34.0633 2388 RasMan - ok
18:24:34.0664 2388 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:24:34.0664 2388 RasPppoe - ok
18:24:34.0695 2388 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:24:34.0695 2388 RasSstp - ok
18:24:34.0726 2388 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:24:34.0742 2388 rdbss - ok
18:24:34.0773 2388 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:24:34.0773 2388 rdpbus - ok
18:24:34.0804 2388 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:24:34.0804 2388 RDPCDD - ok
18:24:34.0836 2388 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:24:34.0851 2388 RDPDR - ok
18:24:34.0882 2388 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:24:34.0882 2388 RDPENCDD - ok
18:24:34.0914 2388 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:24:34.0914 2388 RDPREFMP - ok
18:24:34.0945 2388 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:24:34.0960 2388 RDPWD - ok
18:24:34.0992 2388 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:24:35.0007 2388 rdyboost - ok
18:24:35.0007 2388 Realtek11nSU (bbfcac1c23b867ae5d7ef96df40680c5) C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe
18:24:35.0132 2388 Realtek11nSU - ok
18:24:35.0163 2388 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:24:35.0163 2388 RemoteAccess - ok
18:24:35.0194 2388 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:24:35.0194 2388 RemoteRegistry - ok
18:24:35.0226 2388 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:24:35.0226 2388 RpcEptMapper - ok
18:24:35.0241 2388 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:24:35.0257 2388 RpcLocator - ok
18:24:35.0288 2388 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:24:35.0288 2388 RpcSs - ok
18:24:35.0319 2388 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:24:35.0319 2388 rspndr - ok
18:24:35.0350 2388 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:24:35.0366 2388 RTL8167 - ok
18:24:35.0397 2388 RTL8192su (fc00c0de6dc83de1b2b01420e2195b21) C:\Windows\system32\DRIVERS\RTL8192su.sys
18:24:35.0413 2388 RTL8192su - ok
18:24:35.0444 2388 s117mdm (a9e7a3fe06d451dd5dd1d3dcb060e467) C:\Windows\system32\TdmService.dll
18:24:35.0460 2388 Suspicious file (NoAccess): C:\Windows\system32\TdmService.dll. md5: a9e7a3fe06d451dd5dd1d3dcb060e467
18:24:35.0460 2388 s117mdm ( Backdoor.Multi.ZAccess.gen ) - infected
18:24:35.0460 2388 s117mdm - detected Backdoor.Multi.ZAccess.gen (0)
18:24:35.0475 2388 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:24:35.0491 2388 s3cap - ok
18:24:35.0506 2388 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:24:35.0522 2388 SamSs - ok
18:24:35.0553 2388 SBAMSvc (c7d53053541a448febb1373abbaf79ef) C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
18:24:35.0553 2388 SBAMSvc - ok
18:24:35.0584 2388 sbapifs (db7f9394b2f2d446df14d46c61b0e94b) C:\Windows\system32\DRIVERS\sbapifs.sys
18:24:35.0600 2388 sbapifs - ok
18:24:35.0631 2388 SbFw (cdb954c736d51dc5fa712c039af4f683) C:\Windows\system32\drivers\SbFw.sys
18:24:35.0631 2388 SbFw - ok
18:24:35.0662 2388 SBFWIMCL (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\sbfwim.sys
18:24:35.0662 2388 SBFWIMCL - ok
18:24:35.0694 2388 SBFWIMCLMP (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\SBFWIM.sys
18:24:35.0694 2388 SBFWIMCLMP - ok
18:24:35.0725 2388 sbhips (a5bc45f8c2f30350e7566799c86b2f5d) C:\Windows\system32\drivers\sbhips.sys
18:24:35.0740 2388 sbhips - ok
18:24:35.0772 2388 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:24:35.0787 2388 sbp2port - ok
18:24:35.0818 2388 SBRE (fd833bee2fd9befdc0afd1941a306d9e) C:\Windows\system32\drivers\SBREdrv.sys
18:24:35.0818 2388 SBRE - ok
18:24:35.0850 2388 SbTis (f9955774a6bf0a5ca696f591c7b80a79) C:\Windows\system32\drivers\sbtis.sys
18:24:35.0850 2388 SbTis - ok
18:24:35.0881 2388 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:24:35.0881 2388 SCardSvr - ok
18:24:35.0896 2388 SCBackService (8475e746eb72d04f1015e6f091f50e09) C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
18:24:35.0912 2388 SCBackService - ok
18:24:35.0943 2388 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:24:35.0943 2388 scfilter - ok
18:24:35.0974 2388 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:24:36.0006 2388 Schedule - ok
18:24:36.0021 2388 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:24:36.0021 2388 SCPolicySvc - ok
18:24:36.0052 2388 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:24:36.0068 2388 SDRSVC - ok
18:24:36.0084 2388 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:24:36.0099 2388 secdrv - ok
18:24:36.0115 2388 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:24:36.0130 2388 seclogon - ok
18:24:36.0146 2388 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:24:36.0162 2388 SENS - ok
18:24:36.0177 2388 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:24:36.0193 2388 SensrSvc - ok
18:24:36.0224 2388 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:24:36.0224 2388 Serenum - ok
18:24:36.0255 2388 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:24:36.0255 2388 Serial - ok
18:24:36.0286 2388 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
18:24:36.0302 2388 sermouse - ok
18:24:36.0318 2388 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:24:36.0333 2388 SessionEnv - ok
18:24:36.0364 2388 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:24:36.0364 2388 sffdisk - ok
18:24:36.0396 2388 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:24:36.0411 2388 sffp_mmc - ok
18:24:36.0427 2388 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:24:36.0442 2388 sffp_sd - ok
18:24:36.0474 2388 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
18:24:36.0474 2388 sfloppy - ok
18:24:36.0505 2388 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:24:36.0505 2388 SharedAccess - ok
18:24:36.0536 2388 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:24:36.0552 2388 ShellHWDetection - ok
18:24:36.0583 2388 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
18:24:36.0583 2388 SiSRaid2 - ok
18:24:36.0614 2388 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
18:24:36.0630 2388 SiSRaid4 - ok
18:24:36.0661 2388 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:24:36.0661 2388 Smb - ok
18:24:36.0692 2388 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:24:36.0692 2388 SNMPTRAP - ok
18:24:36.0708 2388 Sound Blaster X-Fi MB Licensing Service (ffc5f7ed77aa59aa0a6b70f3d7a22a93) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
18:24:36.0879 2388 Sound Blaster X-Fi MB Licensing Service - ok
18:24:36.0895 2388 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:24:36.0910 2388 spldr - ok
18:24:36.0926 2388 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:24:36.0942 2388 Spooler - ok
18:24:37.0004 2388 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:24:37.0020 2388 sppsvc - ok
18:24:37.0035 2388 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:24:37.0051 2388 sppuinotify - ok
18:24:37.0082 2388 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:24:37.0082 2388 srv - ok
18:24:37.0129 2388 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:24:37.0129 2388 srv2 - ok
18:24:37.0160 2388 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:24:37.0176 2388 srvnet - ok
18:24:37.0191 2388 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:24:37.0207 2388 SSDPSRV - ok
18:24:37.0222 2388 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:24:37.0238 2388 SstpSvc - ok
18:24:37.0269 2388 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
18:24:37.0269 2388 stexstor - ok
18:24:37.0300 2388 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:24:37.0316 2388 stisvc - ok
18:24:37.0347 2388 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:24:37.0347 2388 storflt - ok
18:24:37.0378 2388 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
18:24:37.0378 2388 StorSvc - ok
18:24:37.0410 2388 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:24:37.0425 2388 storvsc - ok
18:24:37.0441 2388 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:24:37.0456 2388 swenum - ok
18:24:37.0488 2388 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:24:37.0503 2388 swprv - ok
18:24:37.0534 2388 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:24:37.0566 2388 SysMain - ok
18:24:37.0597 2388 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:24:37.0612 2388 TabletInputService - ok
18:24:37.0628 2388 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:24:37.0644 2388 TapiSrv - ok
18:24:37.0675 2388 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:24:37.0675 2388 TBS - ok
18:24:37.0722 2388 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:24:37.0753 2388 Tcpip - ok
18:24:37.0800 2388 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:24:37.0815 2388 TCPIP6 - ok
18:24:37.0846 2388 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:24:37.0862 2388 tcpipreg - ok
18:24:37.0878 2388 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:24:37.0893 2388 TDPIPE - ok
18:24:37.0924 2388 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:24:37.0924 2388 TDTCP - ok
18:24:37.0956 2388 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:24:37.0956 2388 tdx - ok
18:24:37.0987 2388 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
18:24:38.0002 2388 TermDD - ok
18:24:38.0034 2388 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:24:38.0049 2388 TermService - ok
18:24:38.0065 2388 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:24:38.0080 2388 Themes - ok
18:24:38.0096 2388 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:24:38.0096 2388 THREADORDER - ok
18:24:38.0127 2388 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:24:38.0127 2388 TrkWks - ok
18:24:38.0143 2388 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:24:38.0143 2388 TrustedInstaller - ok
18:24:38.0174 2388 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:24:38.0190 2388 tssecsrv - ok
18:24:38.0205 2388 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:24:38.0221 2388 TsUsbFlt - ok
18:24:38.0252 2388 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
18:24:38.0252 2388 TsUsbGD - ok
18:24:38.0283 2388 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:24:38.0283 2388 tunnel - ok
18:24:38.0314 2388 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
18:24:38.0314 2388 uagp35 - ok
18:24:38.0346 2388 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:24:38.0361 2388 udfs - ok
18:24:38.0392 2388 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:24:38.0408 2388 UI0Detect - ok
18:24:38.0424 2388 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:24:38.0439 2388 uliagpkx - ok
18:24:38.0470 2388 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:24:38.0470 2388 umbus - ok
18:24:38.0502 2388 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
18:24:38.0502 2388 UmPass - ok
18:24:38.0533 2388 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
18:24:38.0548 2388 UmRdpService - ok
18:24:38.0580 2388 UNS (7a78ed1088890114dfde2c4ab038d6b6) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:24:38.0611 2388 UNS - ok
18:24:38.0642 2388 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:24:38.0642 2388 upnphost - ok
18:24:38.0673 2388 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
18:24:38.0689 2388 usbccgp - ok
18:24:38.0720 2388 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:24:38.0720 2388 usbcir - ok
18:24:38.0751 2388 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
18:24:38.0767 2388 usbehci - ok
18:24:38.0798 2388 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
18:24:38.0814 2388 usbhub - ok
18:24:38.0829 2388 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
18:24:38.0845 2388 usbohci - ok
18:24:38.0876 2388 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
18:24:38.0876 2388 usbprint - ok
18:24:38.0907 2388 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:24:38.0923 2388 USBSTOR - ok
18:24:38.0938 2388 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
18:24:38.0954 2388 usbuhci - ok
18:24:38.0970 2388 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:24:38.0985 2388 UxSms - ok
18:24:39.0016 2388 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
18:24:39.0016 2388 VaultSvc - ok
18:24:39.0048 2388 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:24:39.0048 2388 vdrvroot - ok
18:24:39.0079 2388 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:24:39.0094 2388 vds - ok
18:24:39.0126 2388 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:24:39.0126 2388 vga - ok
18:24:39.0157 2388 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:24:39.0157 2388 VgaSave - ok
18:24:39.0188 2388 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:24:39.0204 2388 vhdmp - ok
18:24:39.0235 2388 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:24:39.0235 2388 viaide - ok
18:24:39.0266 2388 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:24:39.0282 2388 vmbus - ok
18:24:39.0297 2388 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:24:39.0313 2388 VMBusHID - ok
18:24:39.0344 2388 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:24:39.0344 2388 volmgr - ok
18:24:39.0375 2388 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:24:39.0391 2388 volmgrx - ok
18:24:39.0422 2388 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:24:39.0422 2388 volsnap - ok
18:24:39.0453 2388 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
18:24:39.0469 2388 vsmraid - ok
18:24:39.0516 2388 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:24:39.0547 2388 VSS - ok
18:24:39.0578 2388 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:24:39.0578 2388 vwifibus - ok
18:24:39.0609 2388 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:24:39.0609 2388 vwififlt - ok
18:24:39.0640 2388 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:24:39.0656 2388 W32Time - ok
18:24:39.0687 2388 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
18:24:39.0703 2388 WacomPen - ok
18:24:39.0734 2388 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:24:39.0734 2388 WANARP - ok
18:24:39.0734 2388 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:24:39.0750 2388 Wanarpv6 - ok
18:24:39.0781 2388 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:24:39.0812 2388 wbengine - ok
18:24:39.0843 2388 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:24:39.0843 2388 WbioSrvc - ok
18:24:39.0874 2388 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:24:39.0890 2388 wcncsvc - ok
18:24:39.0906 2388 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:24:39.0921 2388 WcsPlugInService - ok
18:24:39.0937 2388 WCUService_STC_IE (147c60622cb53e901efd8bb6d44a4c46) C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
18:24:39.0952 2388 WCUService_STC_IE - ok
18:24:39.0984 2388 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
18:24:39.0999 2388 Wd - ok
18:24:40.0030 2388 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:24:40.0046 2388 Wdf01000 - ok
18:24:40.0062 2388 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:24:40.0077 2388 WdiServiceHost - ok
18:24:40.0077 2388 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:24:40.0077 2388 WdiSystemHost - ok
18:24:40.0108 2388 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:24:40.0124 2388 WebClient - ok
18:24:40.0140 2388 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:24:40.0155 2388 Wecsvc - ok
18:24:40.0186 2388 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:24:40.0186 2388 wercplsupport - ok
18:24:40.0218 2388 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:24:40.0218 2388 WerSvc - ok
18:24:40.0249 2388 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:24:40.0249 2388 WfpLwf - ok
18:24:40.0280 2388 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:24:40.0280 2388 WIMMount - ok
18:24:40.0296 2388 WinDefend - ok
18:24:40.0296 2388 WinHttpAutoProxySvc - ok
18:24:40.0327 2388 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:24:40.0327 2388 Winmgmt - ok
18:24:40.0374 2388 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:24:40.0405 2388 WinRM - ok
18:24:40.0436 2388 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:24:40.0452 2388 Wlansvc - ok
18:24:40.0483 2388 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:24:40.0483 2388 WmiAcpi - ok
18:24:40.0514 2388 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:24:40.0514 2388 wmiApSrv - ok
18:24:40.0530 2388 WMPNetworkSvc - ok
18:24:40.0545 2388 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:24:40.0561 2388 WPCSvc - ok
18:24:40.0576 2388 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:24:40.0576 2388 WPDBusEnum - ok
18:24:40.0608 2388 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:24:40.0623 2388 ws2ifsl - ok
18:24:40.0639 2388 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:24:40.0639 2388 wscsvc - ok
18:24:40.0670 2388 WSearch - ok
18:24:40.0717 2388 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:24:40.0732 2388 wuauserv - ok
18:24:40.0764 2388 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:24:40.0764 2388 WudfPf - ok
18:24:40.0795 2388 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:24:40.0795 2388 WUDFRd - ok
18:24:40.0826 2388 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:24:40.0826 2388 wudfsvc - ok
18:24:40.0857 2388 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:24:40.0873 2388 WwanSvc - ok
18:24:40.0873 2388 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:24:40.0873 2388 \Device\Harddisk0\DR0 - ok
18:24:40.0920 2388 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
18:24:40.0920 2388 \Device\Harddisk1\DR1 - ok
18:24:40.0920 2388 Boot (0x1200) (4babdb373e7630c0375c530d3c7fa954) \Device\Harddisk0\DR0\Partition0
18:24:40.0935 2388 \Device\Harddisk0\DR0\Partition0 - ok
18:24:40.0935 2388 Boot (0x1200) (33b1b36ea9908740042120714a9e9af9) \Device\Harddisk0\DR0\Partition1
18:24:40.0935 2388 \Device\Harddisk0\DR0\Partition1 - ok
18:24:40.0935 2388 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk1\DR1\Partition0
18:24:40.0935 2388 \Device\Harddisk1\DR1\Partition0 - ok
18:24:40.0935 2388 Boot (0x1200) (634ce24575165ef616f0dfcd6afd186b) \Device\Harddisk1\DR1\Partition1
18:24:40.0935 2388 \Device\Harddisk1\DR1\Partition1 - ok
18:24:40.0935 2388 Boot (0x1200) (d049aff5c73574c047f1b47596f52a9f) \Device\Harddisk1\DR1\Partition2
18:24:40.0935 2388 \Device\Harddisk1\DR1\Partition2 - ok
18:24:40.0935 2388 ============================================================
18:24:40.0935 2388 Scan finished
18:24:40.0935 2388 ============================================================
18:24:40.0951 1352 Detected object count: 1
18:24:40.0951 1352 Actual detected object count: 1
18:24:47.0706 1352 C:\Windows\system32\TdmService.dll - copied to quarantine
18:24:47.0721 1352 HKLM\SYSTEM\ControlSet001\services\s117mdm - will be deleted on reboot
18:24:47.0721 1352 HKLM\SYSTEM\ControlSet002\services\s117mdm - will be deleted on reboot
18:24:47.0737 1352 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
18:24:47.0737 1352 C:\Windows\system32\TdmService.dll - will be deleted on reboot
18:24:47.0737 1352 s117mdm ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
18:24:51.0278 3080 Deinitialize success


----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-16 18:28:14
-----------------------------
18:28:14.866 OS Version: Windows x64 6.1.7601 Service Pack 1
18:28:14.866 Number of processors: 4 586 0x2A07
18:28:14.866 ComputerName: HTPC UserName:
18:28:14.975 Initialize success
18:28:19.109 AVAST engine defs: 12041502
18:28:25.287 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-6
18:28:25.302 Disk 0 Vendor: KINGSTON_SV100S264G D110225a Size: 61057MB BusType: 3
18:28:25.302 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
18:28:25.302 Disk 1 Vendor: WDC_WD20EARS-00S8B1 80.00A80 Size: 1907729MB BusType: 3
18:28:25.302 Disk 0 MBR read successfully
18:28:25.302 Disk 0 MBR scan
18:28:25.302 Disk 0 Windows 7 default MBR code
18:28:25.302 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:28:25.318 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 60955 MB offset 206848
18:28:25.318 Disk 0 scanning C:\Windows\system32\drivers
18:28:32.587 Service scanning
18:28:45.770 Modules scanning
18:28:45.770 Disk 0 trace - called modules:
18:28:45.910 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:28:45.910 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80044a4060]
18:28:45.926 3 CLASSPNP.SYS[fffff8800195a43f] -> nt!IofCallDriver -> [0xfffffa80042ac580]
18:28:45.926 5 ACPI.sys[fffff88000f0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-6[0xfffffa80042b9060]
18:28:46.035 AVAST engine scan C:\Windows
18:28:46.674 AVAST engine scan C:\Windows\system32
18:30:24.944 File: C:\Windows\assembly\tmp\loader.tlb **SUSPICIOUS**
18:30:25.016 File: C:\Windows\assembly\tmp\U\00000001.@ **SUSPICIOUS**
18:30:25.093 File: C:\Windows\assembly\tmp\U\000000c0.@ **SUSPICIOUS**
18:30:25.171 File: C:\Windows\assembly\tmp\U\000000cb.@ **SUSPICIOUS**
18:30:25.247 File: C:\Windows\assembly\tmp\U\000000cf.@ **SUSPICIOUS**
18:30:25.270 File: C:\Windows\assembly\tmp\U\80000000.@ **SUSPICIOUS**
18:30:25.296 File: C:\Windows\assembly\tmp\U\800000c0.@ **SUSPICIOUS**
18:30:25.325 File: C:\Windows\assembly\tmp\U\800000cb.@ **SUSPICIOUS**
18:30:25.349 File: C:\Windows\assembly\tmp\U\800000cf.@ **SUSPICIOUS**
18:30:25.365 File: C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} **SUSPICIOUS**
18:30:25.417 AVAST engine scan C:\Windows\system32\drivers
18:30:33.387 AVAST engine scan C:\Users\OBrien
18:35:04.009 AVAST engine scan C:\ProgramData
18:37:27.640 Disk 0 MBR has been saved successfully to "C:\Users\OBrien\Desktop\MBR.dat"
18:37:27.647 The log file has been saved successfully to "C:\Users\OBrien\Desktop\aswMBR2.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:07 AM

Posted 16 April 2012 - 09:40 PM

Hello


try and run combofix now please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mikereno1

mikereno1
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 16 April 2012 - 11:22 PM

Same thing happens when I run combofix, the program starts and green text is scrolled for about 5 seconds and then it closes itself and nothing else happens.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:07 AM

Posted 16 April 2012 - 11:31 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 mikereno1

mikereno1
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 16 April 2012 - 11:40 PM

Windows will not start now, this happened after I ran some of the programs and after I tried combofix from the am i infected forum. I had to do system restore to an earlier time and that looks like my only option again. Ok to do that?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:07 AM

Posted 16 April 2012 - 11:47 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 mikereno1

mikereno1
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 17 April 2012 - 12:07 AM

Ok, here is the log.


Scan result of Farbar Recovery Scan Tool Version: 16-04-2012
Ran by SYSTEM at 16-04-2012 22:05:32
Running from H:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-02-04] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-02-04] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418328 2011-02-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBRC.exe" [197968 2011-05-17] (Sunbelt Software)
HKLM-x32\...\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2011-08-23] (FNet Co., Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey [1233195 2009-07-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [776064 2011-01-21] (Splashtop Inc.)
HKLM-x32\...\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [841544 2010-11-15] (Splashtop Inc.)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [222504 2011-03-01] (CyberLink Corp.)
HKLM-x32\...\Run: [iMON] C:\Program Files (x86)\SOUNDGRAPH\iMON\iMON.exe /startup [2592768 2008-06-13] (SoundGraph, Inc.)
HKLM-x32\...\Run: [MozillaAgent] C:\Windows\Temp\_ex-68.exe [x]
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [198032 2011-10-21] (Lavasoft)
HKU\OBrien\...\Run: [ASRockXTU] [x]
HKU\OBrien\...\Run: [zASRockInstantBoot] [x]
HKU\OBrien\...\Run: [KB00531245.exe] "C:\Users\OBrien\AppData\Roaming\KB00531245.exe" [x]
HKU\OBrien\...\Policies\system: [disableregistrytools] 0
HKLM-x32\...\Winlogon: [Userinit] c:\windows\syswow64\userinit.exe, [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 Ad-Aware Service; "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe" [1161072 2012-03-29] (Lavasoft Limited)
2 CLKMSVC10_9EC60124; "C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe" /svc [240112 2010-11-18] (CyberLink)
2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-22] (Creative Technology Ltd)
2 Realtek11nSU; C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek)
2 SBAMSvc; "C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe" [2804280 2011-05-17] (Sunbelt Software)
2 SCBackService; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2011-02-01] (Intel Corporation)
2 WCUService_STC_IE; C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [497480 2011-03-22] (Splashtop Inc.)
2 ifxtcs; C:\Windows\System32\earthlinksafeconnectagent.dll [x]
2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

1 AsrAppCharger; C:\Windows\System32\Drivers\AsrAppCharger.sys [15368 2010-06-11] (Windows ® Win 7 DDK provider)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
1 CLBStor; C:\Windows\System32\Drivers\CLBStor.sys [24560 2009-10-07] (Cyberlink Co.,Ltd.)
2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [376304 2009-10-07] (CyberLink Corporation.)
3 dmvsc; C:\Windows\System32\Drivers\dmvsc.sys [71168 2010-11-20] (Microsoft Corporation)
3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [39936 2011-02-07] (Etron Technology Inc)
3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [64512 2011-02-07] (Etron Technology Inc)
3 FNETTBOH_305; C:\Windows\System32\Drivers\FNETTBOH_305.sys [31808 2011-08-25] (FNet Co., Ltd.)
1 FNETURPX; C:\Windows\System32\Drivers\FNETURPX.sys [15936 2011-08-23] (FNet Co., Ltd.)
3 RTL8192su; C:\Windows\System32\Drivers\RTL8192su.sys [676864 2010-02-26] (Realtek Semiconductor Corporation )
2 sbapifs; C:\Windows\System32\Drivers\sbapifs.sys [72280 2011-05-11] (Sunbelt Software)
1 SbFw; C:\Windows\System32\Drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
3 sbhips; C:\Windows\System32\Drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [55384 2011-04-29] (Sunbelt Software)
1 SbTis; C:\Windows\System32\Drivers\SbTis.sys [94296 2011-04-05] (Sunbelt Software, Inc.)
3 TsUsbGD; C:\Windows\System32\Drivers\TsUsbGD.sys [31232 2010-11-20] (Microsoft Corporation)

========================== NetSvcs (Whitelisted) ===========
NETSVC: EL2000
NETSVC: symdns
NETSVC: vvoice
NETSVC: ifxtcs
NETSVC: StMp3Rec
NETSVC: vusbbus

============ One Month Created Files and Folders ==============

2012-04-16 22:05 - 2009-07-13 21:08 - 0000000 ____D C:\FRST
2012-04-16 20:23 - 2012-04-16 17:37 - 4620288 ____A C:\Users\OBrien\Desktop\MCE_MediaBrowser2_5_3.msi
2012-04-16 20:16 - 2012-04-15 19:23 - 4465601 ____R (Swearware) C:\Users\OBrien\Desktop\ComboFix(1).exe
2012-04-16 20:14 - 2011-08-23 20:22 - 0000000 ____D C:\Program Files (x86)\MediaBrowser
2012-04-16 17:37 - 2012-04-15 18:35 - 0002844 ____A C:\Users\OBrien\Desktop\aswMBR2.txt
2012-04-16 17:29 - 2009-07-13 17:32 - 0000104 ____A C:\Windows\System32\SBRC.dat
2012-04-16 17:27 - 2012-04-14 13:56 - 4731392 ____A (AVAST Software) C:\Users\OBrien\Downloads\aswMBR.exe
2012-04-16 17:24 - 2012-04-14 20:19 - 0127666 ____A C:\TDSSKiller.2.7.28.0_16.04.2012_18.24.19_log.txt
2012-04-16 17:23 - 2011-10-30 14:51 - 2071600 ____A (Kaspersky Lab ZAO) C:\Users\OBrien\Downloads\tdsskiller.exe
2012-04-16 10:06 - 2011-10-16 16:41 - 4465601 ____R (Swearware) C:\Users\OBrien\Downloads\ComboFix.exe
2012-04-16 10:05 - 2011-10-02 21:10 - 0879714 ____A C:\Users\OBrien\Downloads\SecurityCheck.exe
2012-04-15 19:45 - 2011-08-23 18:13 - 349368220 ____A C:\Users\OBrien\Desktop\Game.of.Thrones.S02E03.HDTV.x264-ASAP.mp4
2012-04-15 19:23 - 2012-04-16 20:16 - 0016931 ____A C:\Users\OBrien\Desktop\DDS.txt
2012-04-15 19:23 - 2012-04-16 17:37 - 0006132 ____A C:\Users\OBrien\Desktop\Attach.txt
2012-04-15 19:20 - 2012-04-16 10:06 - 0607260 ____R (Swearware) C:\Users\OBrien\Downloads\dds(1).scr
2012-04-15 19:19 - 2012-04-15 19:20 - 0607260 ____R (Swearware) C:\Users\OBrien\Downloads\dds.scr
2012-04-15 19:18 - 2012-04-15 19:19 - 0050477 ____A C:\Users\OBrien\Downloads\Defogger.exe
2012-04-15 19:18 - 2011-08-23 18:13 - 0000000 ____A C:\Users\OBrien\defogger_reenable
2012-04-15 18:35 - 2012-04-15 20:23 - 0000512 ____A C:\Users\OBrien\Desktop\MBR.dat
2012-04-15 18:35 - - 0002843 ____A C:\Users\OBrien\Desktop\aswMBR.txt
2012-04-15 18:18 - 2011-08-23 19:50 - 0000000 ____D C:\Users\OBrien\AppData\Roaming\Malwarebytes
2012-04-15 18:17 - 2012-04-14 14:38 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-15 18:17 - 2012-04-14 14:38 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-15 18:17 - 2011-11-19 16:42 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-14 20:39 - 2012-04-09 12:24 - 215060270 ____A C:\Users\OBrien\Desktop\The.Vampire.Diaries.S03E18.HDTV.x264-LOL.mp4
2012-04-14 20:35 - 2011-08-23 18:13 - 0000000 ___SD C:\32788R22FWJFW
2012-04-14 20:19 - 2012-04-16 17:41 - 0128536 ____A C:\TDSSKiller.2.7.28.0_14.04.2012_21.19.26_log.txt
2012-04-14 20:19 - 2012-04-16 17:24 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-14 19:22 - 2009-06-10 12:30 - 0000000 ____D C:\Windows\pss
2012-04-14 18:52 - 2011-08-23 18:13 - 0000000 ____D C:\Windows\PCHEALTH
2012-04-14 18:51 - 2012-04-14 18:53 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-04-14 18:51 - 2011-11-19 16:42 - 0000000 ____D C:\Program Files\Microsoft Office
2012-04-14 18:50 - 2012-04-16 20:14 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-14 18:50 - 2012-04-15 20:09 - 0000000 ____D C:\Users\OBrien\AppData\Local\Microsoft Help
2012-04-14 18:50 - 2012-04-15 20:09 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-14 18:50 - 2012-04-15 20:09 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-14 18:50 - 2012-04-14 18:49 - 0000000 __RHD C:\MSOCache
2012-04-14 18:49 - 2011-08-23 19:46 - 0000000 ____D C:\IUware Online
2012-04-14 18:40 - 2012-04-16 17:25 - 0000000 ____D C:\Users\OBrien\AppData\Roaming\SpeedyPC Software
2012-04-14 18:40 - 2011-12-31 22:42 - 0000000 ____D C:\Users\OBrien\AppData\Roaming\DriverCure
2012-04-14 18:40 - 2011-09-15 16:27 - 0000000 ____D C:\Users\All Users\SpeedyPC Software
2012-04-14 18:40 - 2011-09-15 16:27 - 0000000 ____D C:\ProgramData\SpeedyPC Software
2012-04-14 17:46 - 2011-11-02 22:07 - 0000000 ____D C:\Program Files\WinRAR
2012-04-14 17:45 - 2012-04-16 17:23 - 1639789 ____A C:\Users\OBrien\Downloads\winrar-x64-411.exe
2012-04-14 17:44 - 2012-04-14 17:46 - 1506653 ____A C:\Users\OBrien\Downloads\wrar411.exe
2012-04-14 17:44 - 2011-09-13 19:56 - 0000000 ____D C:\Users\OBrien\AppData\Roaming\WinRAR
2012-04-14 15:04 - 2011-12-31 22:38 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\OBrien\Downloads\mbam-setup-1.61.0.1400.exe
2012-04-14 14:45 - - 0000946 ____A C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2012-04-14 14:38 - 2011-10-16 11:00 - 0000000 ____D C:\Users\OBrien\AppData\Local\adaware
2012-04-14 14:38 - 2011-08-23 19:49 - 0000000 ____D C:\Users\All Users\Lavasoft
2012-04-14 14:38 - 2011-08-23 19:49 - 0000000 ____D C:\ProgramData\Lavasoft
2012-04-14 14:38 - 2011-05-11 15:26 - 0253528 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\SbFw.sys
2012-04-14 14:38 - 2011-04-29 13:15 - 0094296 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\sbtis.sys
2012-04-14 14:38 - 2011-04-05 16:35 - 0084568 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\SbFwIm.sys
2012-04-14 14:38 - 2011-02-08 08:14 - 0060504 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\sbhips.sys
2012-04-14 14:38 - 2010-11-20 19:23 - 0055384 ____A (Sunbelt Software) C:\Windows\System32\Drivers\SBREDrv.sys
2012-04-14 14:38 - 2009-07-13 17:41 - 0045904 ____A (Sunbelt Software) C:\Windows\System32\sbbd.exe
2012-04-14 14:38 - - 0001868 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2012-04-14 14:38 - - 0000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2012-04-14 14:38 - - 0000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2012-04-14 14:38 - - 0000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-04-14 13:56 - 2012-01-26 11:46 - 0000000 ____D C:\Users\OBrien\AppData\Roaming\Ad-Aware Antivirus
2012-04-14 13:56 - - 6243960 ____A (Lavasoft Limited) C:\Users\OBrien\Downloads\Adaware_Installer.exe
2012-04-09 12:29 - 2011-10-02 21:21 - 0000000 ____D C:\Users\OBrien\Desktop\Ringer S01E20 If Youre Just an Evil bleep Then Get Over It HDTV XviD-FQM[ettv]
2012-04-09 12:24 - 2012-04-09 12:29 - 0000000 ____D C:\Users\OBrien\Desktop\The Killing S02E03 Numb REPACK HDTV XviD-FQM[ettv]
2012-03-28 06:25 - 2012-04-15 20:22 - 0000000 ____D C:\Users\OBrien\Desktop\[ www.TorrentDay.com ] - Ringer.S01E19.HDTV.XviD-2HD

============ 3 Months Modified Files and Folders =============

2012-04-16 20:36 - 2011-11-08 18:37 - 264374894 ____A C:\Windows\MEMORY.DMP
2012-04-16 20:36 - 2011-11-08 18:31 - 0325922 ____A C:\Windows\ntbtlog.txt
2012-04-16 20:36 - 2011-08-24 08:58 - 3001565184 __ASH C:\hiberfil.sys
2012-04-16 20:34 - 2011-08-24 09:10 - 1463848 ____A C:\Windows\WindowsUpdate.log
2012-04-16 20:34 - 2011-08-23 19:54 - 0327680 ____A C:\Windows\System32\Ikeext.etl
2012-04-16 20:23 - 2012-04-16 20:23 - 4620288 ____A C:\Users\OBrien\Desktop\MCE_MediaBrowser2_5_3.msi
2012-04-16 20:19 - 2012-04-14 20:35 - 0000000 ___SD C:\32788R22FWJFW
2012-04-16 20:17 - 2011-10-04 19:36 - 0000000 ____D C:\Users\OBrien\AppData\Local\CrashDumps
2012-04-16 20:16 - 2012-04-16 20:16 - 4465601 ____R (Swearware) C:\Users\OBrien\Desktop\ComboFix(1).exe
2012-04-16 20:14 - 2012-04-16 20:14 - 0000000 ____D C:\Program Files (x86)\MediaBrowser
2012-04-16 20:14 - 2011-08-23 20:14 - 0001977 ____A C:\Users\Public\Desktop\Media Browser.lnk
2012-04-16 20:14 - 2011-08-23 20:14 - 0001241 ____A C:\Users\All Users\Start Menu\Programs\Startup\Media Browser Service.lnk
2012-04-16 20:14 - 2011-08-23 20:14 - 0000000 ____D C:\Users\All Users\MediaBrowser
2012-04-16 20:14 - 2011-08-23 20:14 - 0000000 ____D C:\ProgramData\MediaBrowser
2012-04-16 17:37 - 2012-04-16 17:37 - 0002844 ____A C:\Users\OBrien\Desktop\aswMBR2.txt
2012-04-16 17:37 - 2012-04-15 18:35 - 0000512 ____A C:\Users\OBrien\Desktop\MBR.dat
2012-04-16 17:35 - 2012-03-10 09:40 - 0000000 ____D C:\Users\All Users\B7E858A70003FACB0000233DB4EB2331
2012-04-16 17:35 - 2012-03-10 09:40 - 0000000 ____D C:\ProgramData\B7E858A70003FACB0000233DB4EB2331
2012-04-16 17:32 - 2009-07-13 20:45 - 0020304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-16 17:32 - 2009-07-13 20:45 - 0020304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-16 17:30 - 2009-07-13 21:13 - 0713888 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-16 17:29 - 2012-04-16 17:29 - 0000104 ____A C:\Windows\System32\SBRC.dat
2012-04-16 17:28 - 2012-04-16 17:27 - 4731392 ____A (AVAST Software) C:\Users\OBrien\Downloads\aswMBR.exe
2012-04-16 17:25 - 2012-04-14 14:38 - 0001868 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2012-04-16 17:25 - 2012-03-09 18:57 - 0000000 __ASH C:\Windows\System32\dds_log_ad13.cmd
2012-04-16 17:25 - 2011-09-15 16:27 - 0000000 ____D C:\Users\OBrien\AppData\Roaming\SOUNDGRAPH
2012-04-16 17:25 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-16 17:25 - 2009-07-13 20:51 - 0040752 ____A C:\Windows\setupact.log
2012-04-16 17:24 - 2012-04-16 17:24 - 0127666 ____A C:\TDSSKiller.2.7.28.0_16.04.2012_18.24.19_log.txt
2012-04-16 17:24 - 2012-04-14 20:19 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-16 17:24 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\tracing
2012-04-16 17:23 - 2012-04-16 17:23 - 2071600 ____A (Kaspersky Lab ZAO) C:\Users\OBrien\Downloads\tdsskiller.exe
2012-04-16 10:08 - 2012-04-14 13:56 - 0000000 ____D C:\Users\OBrien\AppData\Roaming\Ad-Aware Antivirus
2012-04-16 10:06 - 2012-04-16 10:06 - 4465601 ____R (Swearware) C:\Users\OBrien\Downloads\ComboFix.exe
2012-04-16 10:05 - 2012-04-16 10:05 - 0879714 ____A C:\Users\OBrien\Downloads\SecurityCheck.exe
2012-04-16 10:03 - 2010-11-20 19:47 - 0281188 ____A C:\Windows\PFRO.log
2012-04-15 20:24 - 2011-09-13 19:44 - 0000000 ____D C:\Users\OBrien\Documents\Vuze Downloads
2012-04-15 20:23 - 2012-04-15 19:45 - 349368220 ____A C:\Users\OBrien\Desktop\Game.of.Thrones.S02E03.HDTV.x264-ASAP.mp4
2012-04-15 20:23 - 2011-08-23 20:05 - 0000000 ____D C:\Users\OBrien\AppData\Roaming\Azureus
2012-04-15 20:22 - 2011-12-08 21:37 - 0000000 ____D C:\Users\OBrien\Desktop\Tosh.0
2012-04-15 20:10 - 2012-04-15 18:17 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-15 20:10 - 2012-04-14 19:22 - 0000000 ____D C:\Windows\pss
2012-04-15 20:10 - 2012-04-14 18:51 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-04-15 20:10 - 2012-04-14 18:50 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-15 20:10 - 2012-04-14 18:50 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-15 20:09 - 2011-08-23 19:49 - 0000000 ____D C:\Users\All Users\FNET
2012-04-15 20:09 - 2011-08-23 19:49 - 0000000 ____D C:\ProgramData\FNET
2012-04-15 20:09 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-15 19:23 - 2012-04-15 19:23 - 0016931 ____A C:\Users\OBrien\Desktop\DDS.txt
2012-04-15 19:23 - 2012-04-15 19:23 - 0006132 ____A C:\Users\OBrien\Desktop\Attach.txt
2012-04-15 19:20 - 2012-04-15 19:20 - 0607260 ____R (Swearware) C:\Users\OBrien\Downloads\dds(1).scr
2012-04-15 19:19 - 2012-04-15 19:19 - 0607260 ____R (Swearware) C:\Users\OBrien\Downloads\dds.scr
2012-04-15 19:18 - 2012-04-15 19:18 - 0050477 ____A C:\Users\OBrien\Downloads\Defogger.exe
2012-04-15 19:18 - 2012-04-15 19:18 - 0000000 ____A C:\Users\OBrien\defogger_reenable
2012-04-15 19:18 - 2011-08-23 20:11 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-15 19:18 - 2011-08-23 18:13 - 0000000 ____D C:\users\OBrien
2012-04-15 19:11 - 2011-08-23 20:05 - 0063032 ____A C:\Users\OBrien\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-15 19:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-15 18:35 - 2012-04-15 18:35 - 0002843 ____A C:\Users\OBrien\Desktop\aswMBR.txt
2012-04-15 18:18 - 2012-04-15 18:18 - 0000000 ____D C:\Users\OBrien\AppData\Roaming\Malwarebytes
2012-04-15 18:17 - 2012-04-15 18:17 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-15 18:17 - 2012-04-15 18:17 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-14 20:45 - 2012-04-14 20:39 - 215060270 ____A C:\Users\OBrien\Desktop\The.Vampire.Diaries.S03E18.HDTV.x264-LOL.mp4
2012-04-14 20:19 - 2012-04-14 20:19 - 0128536 ____A C:\TDSSKiller.2.7.28.0_14.04.2012_21.19.26_log.txt
2012-04-14 18:53 - 2012-04-14 18:50 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-14 18:52 - 2012-04-14 18:52 - 0000000 ____D C:\Windows\PCHEALTH
2012-04-14 18:51 - 2012-04-14 18:51 - 0000000 ____D C:\Program Files\Microsoft Office
2012-04-14 18:50 - 2012-04-14 18:50 - 0000000 __RHD C:\MSOCache
2012-04-14 18:50 - 2012-04-14 18:50 - 0000000 ____D C:\Users\OBrien\AppData\Local\Microsoft Help
2012-04-14 18:49 - 2012-04-14 18:49 - 0000000 ____D C:\IUware Online
2012-04-14 18:43 - 2012-04-14 18:40 - 0000000 ____D C:\Users\All Users\SpeedyPC Software
2012-04-14 18:43 - 2012-04-14 18:40 - 0000000 ____D C:\ProgramData\SpeedyPC Software
2012-04-14 18:40 - 2012-04-14 18:40 - 0000000 ____D C:\Users\OBrien\AppData\Roaming\SpeedyPC Software
2012-04-14 18:40 - 2012-04-14 18:40 - 0000000 ____D C:\Users\OBrien\AppData\Roaming\DriverCure
2012-04-14 17:52 - 2012-04-14 17:44 - 0000000 ____D C:\Users\OBrien\AppData\Roaming\WinRAR
2012-04-14 17:46 - 2012-04-14 17:46 - 0000000 ____D C:\Program Files\WinRAR
2012-04-14 17:46 - 2012-04-14 17:45 - 1639789 ____A C:\Users\OBrien\Downloads\winrar-x64-411.exe
2012-04-14 17:44 - 2012-04-14 17:44 - 1506653 ____A C:\Users\OBrien\Downloads\wrar411.exe
2012-04-14 15:04 - 2012-04-14 15:04 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\OBrien\Downloads\mbam-setup-1.61.0.1400.exe
2012-04-14 14:50 - 2012-04-14 14:45 - 0000946 ____A C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2012-04-14 14:44 - 2012-04-14 14:38 - 0000000 ____D C:\Users\OBrien\AppData\Local\adaware
2012-04-14 14:38 - 2012-04-14 14:38 - 0000000 ____D C:\Users\All Users\Lavasoft
2012-04-14 14:38 - 2012-04-14 14:38 - 0000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2012-04-14 14:38 - 2012-04-14 14:38 - 0000000 ____D C:\ProgramData\Lavasoft
2012-04-14 14:38 - 2012-04-14 14:38 - 0000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2012-04-14 14:38 - 2012-04-14 14:38 - 0000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-04-14 14:37 - 2011-10-02 21:21 - 0000000 ____D C:\Program Files\PeerBlock
2012-04-14 13:56 - 2012-04-14 13:56 - 6243960 ____A (Lavasoft Limited) C:\Users\OBrien\Downloads\Adaware_Installer.exe
2012-04-09 12:29 - 2012-04-09 12:29 - 0000000 ____D C:\Users\OBrien\Desktop\Ringer S01E20 If Youre Just an Evil bleep Then Get Over It HDTV XviD-FQM[ettv]
2012-04-09 12:24 - 2012-04-09 12:24 - 0000000 ____D C:\Users\OBrien\Desktop\The Killing S02E03 Numb REPACK HDTV XviD-FQM[ettv]
2012-04-06 19:41 - 2009-07-13 21:08 - 0032644 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-03-28 06:25 - 2012-03-28 06:25 - 0000000 ____D C:\Users\OBrien\Desktop\[ www.TorrentDay.com ] - Ringer.S01E19.HDTV.XviD-2HD
2012-03-09 18:55 - 2012-02-12 14:43 - 0000000 __ASH C:\Windows\System32\dds_log_trash.cmd
2012-03-07 08:36 - 2011-08-23 20:19 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-26 10:07 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-01-26 11:46 - 2011-12-30 19:54 - 0000000 ___HD C:\Users\OBrien\AppData\Roaming\0E630A8F
2012-01-22 20:36 - 2011-10-16 12:35 - 0000000 ____D C:\Users\OBrien\AppData\Local\ElevatedDiagnostics
2012-01-21 14:16 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\LiveKernelReports
2012-01-19 21:06 - 2011-10-22 15:50 - 0000000 ____D C:\Program Files (x86)\Vuze_Remote


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 3816.69 MB
Available physical RAM: 3295.25 MB
Total Pagefile: 3814.89 MB
Available Pagefile: 3283.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:59.53 GB) (Free:30.53 GB) NTFS
2 Drive d: (Media) (Fixed) (Total:1862.76 GB) (Free:496.09 GB) NTFS
3 Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive h: (KINGSTON) (Removable) (Total:1.92 GB) (Free:1.92 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (Programs) (Fixed) (Total:0.12 GB) (Free:0.1 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 1863 GB 2048 KB *
Disk 1 Online 59 GB 0 B
Disk 2 Online 1968 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Reserved 128 MB 17 KB
Partition 2 Primary 127 MB 129 MB
Partition 3 Primary 1862 GB 257 MB

======================================================================================================

Disk: 0
Partition 1
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0000000000000000

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y Programs NTFS Partition 127 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Media NTFS Partition 1862 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 59 GB 101 MB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C NTFS Partition 59 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1967 MB 16 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H KINGSTON FAT Removable 1967 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-09 13:16

======================= End Of Log ==========================

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:07 AM

Posted 17 April 2012 - 12:33 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 ifxtcs; C:\Windows\System32\earthlinksafeconnectagent.dll [x]
C:\Windows\System32\earthlinksafeconnectagent.dll
NETSVC: ifxtcs


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mikereno1

mikereno1
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 17 April 2012 - 12:38 AM

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 16-04-2012
Ran by SYSTEM at 2012-04-16 22:37:58 R:1
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
ifxtcs service deleted successfully.
C:\Windows\System32\earthlinksafeconnectagent.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ifxtcs Deleted successfully.

==== End of Fixlog ====

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:07 AM

Posted 17 April 2012 - 12:56 AM

is it starting ok now?


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 mikereno1

mikereno1
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 17 April 2012 - 12:58 AM

I hadnt tried yet, but yes it started ok. Had an error message saying the mediabrowser service isnt responding though




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users