Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PING.exe 100% cpu usage


  • This topic is locked This topic is locked
14 replies to this topic

#1 Konishi

Konishi

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 17 May 2012 - 02:48 AM

I having problem with this process named PING.exe and i tried remove it, unfortunately it always come back and i can't simple delete it.
I don't really know what to say here because i'm confused with this, the only thing i can say is, this using 80~90% of cpu and sometimes reaching 100%.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Konishi at 4:35:44 on 2012-05-17
Microsoft Windows 7 Ultimate 6.1.7601.1.949.82.1046.18.4095.2767 [GMT -3:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Proxy Labs\ProxyCap\pcapui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://df.nexon.com/
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
LSP: pcapwsp.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 7.254.254.254
TCP: Interfaces\{13B9D6D9-0DA8-4834-B1E4-CDC0AF978A59} : DhcpNameServer = 44.0.255.250 44.0.255.251 4.2.2.1
TCP: Interfaces\{5F5BC493-072E-49C4-AC1F-266A9244ED4E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6576ABC8-708F-4FC2-8B93-621C1EF471E7} : DhcpNameServer = 7.254.254.254
Notify: ecojink - C:\Windows\system32\config\systemprofile\AppData\Local\ecojink.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\f8n672gz.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NeoplePlugin\npNeopleGameInstaller.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 0a7ec48300000000000000ff6576abc8
FF - user.js: extensions.BabylonToolbar_i.hardId - 0a7ec48300000000000000ff6576abc8
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15467
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.173:03:55
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 pcapsvc;ProxyCap Service;C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe [2010-9-18 635904]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 Mkd3kfNt;Mkd3kfNt;C:\Windows\system32\drivers\Mkd3kfNt.sys --> C:\Windows\system32\drivers\Mkd3kfNt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
S2 biafagiz;i8042 Keyboard and PS/2 Mouse Port Helper;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 dfmirage;dfmirage;C:\Windows\system32\DRIVERS\dfmirage.sys --> C:\Windows\system32\DRIVERS\dfmirage.sys [?]
S3 Mkd2Bthf;Mkd2Bthf;C:\Windows\system32\drivers\Mkd2Bthf.sys --> C:\Windows\system32\drivers\Mkd2Bthf.sys [?]
S3 Mkd2Nadr;Mkd2Nadr;C:\Windows\system32\drivers\Mkd2Nadr.sys --> C:\Windows\system32\drivers\Mkd2Nadr.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-11 129976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-2-24 736104]
S3 WatAdminSvc;Servico de Tecnologias de Ativacao do Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
.
=============== Created Last 30 ================
.
2012-05-17 02:07:51 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{42FA5DA3-013B-4BBA-876F-A622A9D790BA}\offreg.dll
2012-05-16 17:22:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-16 17:07:33 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-16 16:58:33 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-05-16 16:34:51 98816 ----a-w- C:\Windows\sed.exe
2012-05-16 16:34:51 518144 ----a-w- C:\Windows\SWREG.exe
2012-05-16 16:34:51 256000 ----a-w- C:\Windows\PEV.exe
2012-05-16 16:34:51 208896 ----a-w- C:\Windows\MBR.exe
2012-05-15 21:21:20 15128 ----a-w- C:\Users\Konishi\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2012-05-15 20:27:26 -------- d-----w- C:\Windows\SysWow64\xlive
2012-05-15 20:27:23 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-05-15 19:46:33 -------- d-----w- C:\Program Files (x86)\CAPCOM
2012-05-14 19:47:50 -------- d-----w- C:\Users\Konishi\AppData\Local\ATI
2012-05-14 19:47:46 -------- d-----w- C:\ProgramData\AMD
2012-05-14 19:47:45 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-05-14 19:47:43 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-05-14 19:47:37 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-05-14 19:47:37 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-05-14 19:47:25 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2012-05-14 19:46:28 -------- d-----w- C:\Program Files\ATI
2012-05-14 19:46:26 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-05-14 19:46:12 -------- d-----w- C:\Program Files\ATI Technologies
2012-05-14 19:44:57 503808 ----a-w- C:\Windows\System32\atieclxx.exe
2012-05-14 19:44:55 44544 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-05-14 19:44:55 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-05-14 19:44:54 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-05-14 19:44:51 95760 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2012-05-14 19:44:51 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-05-14 19:44:50 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-05-14 19:44:49 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-05-14 19:44:49 514560 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-05-14 05:02:08 278496 ----a-w- C:\Windows\SysWow64\exzcvgff.dll
2012-05-13 18:02:05 98040 ----a-w- C:\Windows\System32\drivers\Mkd2BthF.sys
2012-05-13 18:02:05 183544 ----a-w- C:\Windows\System32\drivers\mkd3kfnt.sys
2012-05-13 18:02:05 107768 ----a-w- C:\Windows\System32\drivers\Mkd2Nadr.sys
2012-05-13 17:58:15 -------- d-----w- C:\Program Files (x86)\AhnLab
2012-05-13 17:29:30 -------- d-----w- C:\Windows\SysWow64\drivers\ko-KR
2012-05-13 17:29:26 -------- d-----w- C:\Windows\SysWow64\wbem\ko-KR
2012-05-13 17:29:26 -------- d-----w- C:\Windows\SysWow64\ko
2012-05-13 17:29:26 -------- d-----w- C:\Windows\ko-KR
2012-05-13 17:29:24 -------- d-----w- C:\Windows\System32\drivers\UMDF\ko-KR
2012-05-13 17:29:24 -------- d-----w- C:\Windows\System32\drivers\ko-KR
2012-05-13 17:29:16 -------- d-----w- C:\Windows\System32\ko
2012-05-13 17:29:15 -------- d-----w- C:\Windows\System32\wbem\ko-KR
2012-05-13 17:18:46 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-13 17:18:46 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-13 17:18:43 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-13 17:18:42 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-13 17:18:41 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-13 17:18:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-13 17:18:40 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-13 17:17:52 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-13 17:17:37 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-13 17:17:36 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 17:17:36 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-13 17:17:36 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-13 17:17:36 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 11:38:43 -------- d-----w- C:\Users\Konishi\AppData\Roaming\NeopleInstaller
2012-05-13 11:17:26 -------- d-----w- C:\Users\Konishi\AppData\Roaming\NeopleLauncher
2012-05-13 09:48:33 -------- d-----w- C:\ProgramData\NeoplePlugin
2012-05-11 20:52:51 -------- d-----w- C:\Program Files\ESET
2012-05-11 20:12:11 -------- d-----w- C:\Users\Konishi\AppData\Local\Google
2012-05-11 09:38:31 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2012-05-11 09:37:30 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-11 06:03:18 487479 ----a-w- C:\Windows\SysWow64\SkinMagic.dll
2012-05-11 05:58:14 -------- d-----w- C:\Users\Konishi\AppData\Local\uTIPu
2012-05-11 05:58:08 -------- d-----w- C:\Program Files (x86)\uTIPu
2012-05-10 20:39:26 -------- d-----w- C:\Program Files (x86)\spotflux
2012-05-10 20:39:25 -------- d-----w- C:\Users\Konishi\AppData\Roaming\.spotflux
2012-05-07 22:51:03 -------- d-----w- C:\Program Files (x86)\Steam
2012-05-07 22:42:42 -------- d-----w- C:\Program Files (x86)\Rebellion
2012-05-07 06:04:09 -------- d-----w- C:\Program Files (x86)\JDownloader
2012-05-07 06:03:43 -------- d-----w- C:\Users\Konishi\AppData\Local\Babylon
2012-05-07 06:03:42 -------- d-----w- C:\Users\Konishi\AppData\Roaming\Babylon
2012-05-07 06:03:42 -------- d-----w- C:\ProgramData\Babylon
2012-05-06 00:25:07 -------- d-----w- C:\Users\Konishi\AppData\Roaming\Malwarebytes
2012-05-06 00:25:02 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-05 22:40:10 -------- d-----w- C:\Users\Konishi\AppData\Local\SniperV2
2012-05-05 22:39:33 -------- d-----w- C:\Users\Konishi\AppData\Local\SKIDROW
2012-04-26 10:02:56 -------- d-----w- C:\Fraps
2012-04-21 13:17:21 -------- d-----w- C:\Users\Konishi\AppData\Roaming\flatball
2012-04-21 12:58:47 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{42FA5DA3-013B-4BBA-876F-A622A9D790BA}\mpengine.dll
2012-04-21 12:56:26 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-21 12:56:26 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-21 12:56:26 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-21 12:56:26 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-21 12:56:26 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-21 12:56:26 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-21 12:56:26 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-20 09:42:46 -------- d-----w- C:\Users\Konishi\AppData\Roaming\AIMP3
.
==================== Find3M ====================
.
2012-05-14 19:46:01 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-05-14 19:44:51 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-05-13 10:06:36 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-21 13:24:59 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2012-04-21 13:24:59 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2012-04-21 13:24:59 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2012-04-14 02:59:25 2829 ----a-w- C:\Windows\DIIUnin.pif
2012-04-14 02:59:24 94208 ----a-w- C:\Windows\DIIUnin.exe
2012-04-06 01:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-04-06 01:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-04-06 01:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-04-06 01:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-04-06 01:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-04-06 01:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
2012-04-06 01:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-04-06 01:32:08 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2012-04-06 01:32:04 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-03-30 21:47:05 38624 ----a-w- C:\Windows\System32\drivers\tap0901.sys
2012-03-28 05:48:33 107832 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-03-28 05:48:24 66872 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-03-09 17:07:04 29184 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-03-09 17:06:14 24576 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2012-03-05 23:02:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-25 03:37:22 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
2012-02-25 03:31:57 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 4:36:25,95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 AM

Posted 17 May 2012 - 03:12 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Konishi

Konishi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 17 May 2012 - 04:05 AM

No problems usings the programs but the process is still there.

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Out of date HijackThis installed!
HijackThis 1.99.1
Java™ 6 Update 31
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


ComboFix 12-05-17.02 - Konishi 17/05/2012 5:50.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.949.82.1046.18.4095.3082 [GMT -3:00]
Running from: c:\users\Konishi\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-04-17 to 2012-05-17 )))))))))))))))))))))))))))))))
.
.
2012-05-17 08:55 . 2012-05-17 08:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-15 20:27 . 2012-05-15 20:27 -------- d-----w- c:\windows\SysWow64\xlive
2012-05-15 20:27 . 2012-05-15 20:27 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-05-15 19:46 . 2012-05-15 19:46 -------- d-----w- c:\program files (x86)\CAPCOM
2012-05-14 19:47 . 2012-05-14 19:47 -------- d-----w- c:\users\Konishi\AppData\Roaming\ATI
2012-05-14 19:47 . 2012-05-14 19:47 -------- d-----w- c:\users\Konishi\AppData\Local\ATI
2012-05-14 19:47 . 2012-05-14 19:47 -------- d-----w- c:\programdata\ATI
2012-05-14 19:47 . 2012-05-14 20:08 -------- d-----w- c:\programdata\AMD
2012-05-14 19:47 . 2012-05-14 19:47 -------- d-----w- c:\program files (x86)\AMD AVT
2012-05-14 19:47 . 2012-05-14 19:47 -------- d-----w- c:\program files (x86)\AMD APP
2012-05-14 19:47 . 2012-05-14 19:47 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-05-14 19:47 . 2012-05-14 19:47 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-05-14 19:47 . 2010-02-18 12:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2012-05-14 19:46 . 2012-05-14 19:46 -------- d-----w- c:\program files\ATI
2012-05-14 19:46 . 2012-05-14 19:46 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-05-14 19:46 . 2012-05-14 19:47 -------- d-----w- c:\program files\ATI Technologies
2012-05-14 19:44 . 2012-05-14 19:44 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-05-14 19:44 . 2012-05-14 19:45 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-05-14 19:44 . 2012-05-14 19:44 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-05-14 19:44 . 2012-05-14 19:44 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-05-14 19:44 . 2012-05-14 19:44 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-05-14 19:44 . 2012-05-14 19:44 95760 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2012-05-14 19:44 . 2012-05-14 19:44 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-05-14 19:44 . 2012-05-14 19:44 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-05-14 19:44 . 2012-05-14 19:44 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-05-14 05:02 . 2012-05-14 05:02 278496 ----a-w- c:\windows\SysWow64\exzcvgff.dll
2012-05-13 18:02 . 2012-03-07 08:10 98040 ----a-w- c:\windows\system32\drivers\Mkd2BthF.sys
2012-05-13 18:02 . 2012-03-07 08:10 183544 ----a-w- c:\windows\system32\drivers\mkd3kfnt.sys
2012-05-13 18:02 . 2012-03-07 08:10 107768 ----a-w- c:\windows\system32\drivers\Mkd2Nadr.sys
2012-05-13 17:58 . 2012-05-13 17:58 -------- d-----w- c:\program files (x86)\AhnLab
2012-05-13 17:29 . 2012-05-13 17:29 -------- d-----w- c:\windows\SysWow64\drivers\ko-KR
2012-05-13 17:29 . 2012-05-13 17:29 -------- d-----w- c:\windows\SysWow64\wbem\ko-KR
2012-05-13 17:29 . 2012-05-13 17:29 -------- d-----w- c:\windows\SysWow64\ko
2012-05-13 17:29 . 2012-05-13 17:29 -------- d-----w- c:\windows\ko-KR
2012-05-13 17:29 . 2012-05-13 17:29 -------- d-----w- c:\windows\system32\drivers\ko-KR
2012-05-13 17:29 . 2012-05-13 17:29 -------- d-----w- c:\windows\system32\drivers\UMDF\ko-KR
2012-05-13 17:29 . 2012-05-13 17:29 -------- d-----w- c:\windows\system32\ko
2012-05-13 17:29 . 2012-05-13 17:29 -------- d-----w- c:\windows\system32\wbem\ko-KR
2012-05-13 17:20 . 2009-07-13 21:15 377856 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\mshwkor.dll
2012-05-13 17:20 . 2009-07-13 21:07 13579776 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\mshwkorr.dll
2012-05-13 17:20 . 2009-07-13 23:06 3072 ----a-w- c:\windows\system32\Spool\prtprocs\x64\ko-KR\LXKPTPRC.DLL.mui
2012-05-13 17:20 . 2009-07-13 21:41 492032 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwkor.dll
2012-05-13 17:20 . 2009-07-13 21:29 13579776 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwkorr.dll
2012-05-13 17:18 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-13 17:18 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-13 17:18 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 17:18 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-13 17:18 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-13 17:18 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-13 17:18 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-13 17:17 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-13 17:17 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-13 17:17 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-13 17:17 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 17:17 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-13 17:17 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 11:38 . 2012-05-13 11:40 -------- d-----w- c:\users\Konishi\AppData\Roaming\NeopleInstaller
2012-05-13 11:17 . 2012-05-13 11:17 -------- d-----w- c:\users\Konishi\AppData\Roaming\NeopleLauncher
2012-05-13 09:48 . 2012-05-13 09:48 -------- d-----w- c:\programdata\NeoplePlugin
2012-05-11 20:52 . 2012-05-11 20:52 -------- d-----w- c:\program files\ESET
2012-05-11 20:12 . 2012-05-16 16:49 -------- d-----w- c:\users\Konishi\AppData\Local\Google
2012-05-11 09:48 . 2012-05-17 04:12 -------- d-----w- c:\users\Konishi\AppData\Roaming\Media Player Classic
2012-05-11 09:38 . 2012-05-11 09:38 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2012-05-11 09:37 . 2012-05-13 10:06 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-11 06:03 . 2006-10-18 01:29 487479 ----a-w- c:\windows\SysWow64\SkinMagic.dll
2012-05-11 05:58 . 2012-05-11 05:58 -------- d-----w- c:\users\Konishi\AppData\Local\uTIPu
2012-05-11 05:58 . 2012-05-11 05:59 -------- d-----w- c:\program files (x86)\uTIPu
2012-05-10 20:39 . 2012-05-10 20:39 -------- d-----w- c:\program files (x86)\spotflux
2012-05-10 20:39 . 2012-05-10 20:40 -------- d-----w- c:\users\Konishi\AppData\Roaming\.spotflux
2012-05-07 22:51 . 2012-05-14 20:21 -------- d-----w- c:\program files (x86)\Steam
2012-05-07 22:42 . 2012-05-07 22:42 -------- d-----w- c:\program files (x86)\Rebellion
2012-05-07 06:04 . 2012-05-11 09:31 -------- d-----w- c:\program files (x86)\JDownloader
2012-05-07 06:04 . 2012-05-07 06:04 237 ----a-w- C:\user.js
2012-05-07 06:03 . 2012-05-07 06:03 -------- d-----w- c:\users\Konishi\AppData\Local\Babylon
2012-05-07 06:03 . 2012-05-07 06:03 -------- d-----w- c:\users\Konishi\AppData\Roaming\Babylon
2012-05-07 06:03 . 2012-05-07 06:03 -------- d-----w- c:\programdata\Babylon
2012-05-06 00:25 . 2012-05-06 00:25 -------- d-----w- c:\users\Konishi\AppData\Roaming\Malwarebytes
2012-05-06 00:25 . 2012-05-06 00:25 -------- d-----w- c:\programdata\Malwarebytes
2012-05-05 22:40 . 2012-05-06 05:57 -------- d-----w- c:\users\Konishi\AppData\Local\SniperV2
2012-05-05 22:39 . 2012-05-05 22:39 -------- d-----w- c:\users\Konishi\AppData\Local\SKIDROW
2012-04-26 10:02 . 2012-04-26 18:03 -------- d-----w- C:\Fraps
2012-04-21 13:17 . 2012-04-21 13:17 -------- d-----w- c:\users\Konishi\AppData\Roaming\flatball
2012-04-21 12:58 . 2012-04-18 06:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42FA5DA3-013B-4BBA-876F-A622A9D790BA}\mpengine.dll
2012-04-21 12:56 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-21 12:56 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-21 12:56 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-21 12:56 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-21 12:56 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-21 12:56 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-21 12:56 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-20 09:42 . 2012-04-21 12:24 -------- d-----w- c:\users\Konishi\AppData\Roaming\AIMP3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 20:30 . 2009-08-18 15:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-05-15 20:30 . 2009-08-18 14:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-14 19:45 . 2011-12-06 02:18 64000 ----a-w- c:\windows\system32\coinst.dll
2012-05-14 19:45 . 2011-12-06 02:11 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-05-14 19:45 . 2011-12-06 03:17 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-05-14 19:45 . 2009-08-18 05:26 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-05-14 19:45 . 2011-12-06 02:11 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-05-14 19:45 . 2011-12-06 03:06 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-05-14 19:45 . 2011-12-06 03:16 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-05-14 19:45 . 2011-12-06 02:33 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-05-14 19:45 . 2011-12-06 02:28 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-05-14 19:44 . 2011-12-06 02:11 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-05-13 10:06 . 2012-04-13 01:45 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-21 13:24 . 2012-04-14 03:53 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2012-04-21 13:24 . 2012-04-14 03:53 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2012-04-21 13:24 . 2012-04-14 03:53 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2012-04-14 02:59 . 2012-04-14 02:59 2829 ----a-w- c:\windows\DIIUnin.pif
2012-04-14 02:59 . 2012-04-14 02:59 94208 ----a-w- c:\windows\DIIUnin.exe
2012-04-06 01:34 . 2012-04-06 01:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 01:34 . 2012-04-06 01:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 01:34 . 2012-04-06 01:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 01:33 . 2012-04-06 01:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 01:33 . 2012-04-06 01:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 01:33 . 2012-04-06 01:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 01:32 . 2012-04-06 01:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 01:32 . 2012-04-06 01:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 01:32 . 2012-04-06 01:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-30 21:47 . 2012-03-30 21:47 38624 ----a-w- c:\windows\system32\drivers\tap0901.sys
2012-03-28 05:48 . 2012-03-28 05:48 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-28 05:48 . 2012-03-28 05:48 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-09 17:07 . 2012-03-09 17:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-03-09 17:06 . 2012-03-09 17:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-03-05 23:02 . 2012-03-05 23:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-25 03:37 . 2012-02-25 03:36 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-02-25 03:31 . 2012-02-25 03:31 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-23 13:18 . 2012-02-13 22:32 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-16_16.58.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-16 16:47 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-17 08:39 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-17 08:39 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-16 16:47 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-14 00:06 . 2012-05-17 02:08 25674 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-17 02:08 29150 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-02-13 22:09 . 2012-05-16 16:55 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-13 22:09 . 2012-05-16 17:47 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-13 22:09 . 2012-05-16 16:55 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-13 22:09 . 2012-05-16 17:47 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-16 16:55 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-16 17:47 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-13 22:12 . 2012-05-16 16:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-13 22:12 . 2012-05-17 08:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-13 22:12 . 2012-05-16 16:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-13 22:12 . 2012-05-17 08:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-13 22:12 . 2012-05-16 16:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-13 22:12 . 2012-05-17 08:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-13 22:12 . 2012-05-17 08:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-13 22:12 . 2012-05-16 16:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-13 22:12 . 2012-05-17 08:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-13 22:12 . 2012-05-16 16:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-13 22:12 . 2012-05-17 02:08 8194 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-989966592-1269749742-2495231924-1001_UserData.bin
+ 2009-07-13 23:31 . 2009-07-14 01:39 6656 c:\windows\system32\ONSIO.dll
+ 2009-07-13 23:31 . 2009-07-14 01:39 6656 c:\windows\system32\clr_optimization_v2.0.50727_32.dll
- 2012-05-16 16:58 . 2012-05-16 16:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-17 08:56 . 2012-05-17 08:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-16 16:58 . 2012-05-16 16:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-17 08:56 . 2012-05-17 08:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-05-17 08:39 540672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-16 16:47 540672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 17:55 . 2012-05-16 16:46 654272 c:\windows\system32\prfh0416.dat
+ 2009-07-14 17:55 . 2012-05-17 02:12 654272 c:\windows\system32\prfh0416.dat
+ 2009-07-14 17:55 . 2012-05-17 02:12 124724 c:\windows\system32\prfc0416.dat
- 2009-07-14 17:55 . 2012-05-16 16:46 124724 c:\windows\system32\prfc0416.dat
- 2012-05-13 17:32 . 2012-05-16 16:46 402978 c:\windows\system32\perfh012.dat
+ 2012-05-13 17:32 . 2012-05-17 02:12 402978 c:\windows\system32\perfh012.dat
- 2012-02-14 00:04 . 2012-05-16 16:46 383348 c:\windows\system32\perfh011.dat
+ 2012-02-14 00:04 . 2012-05-17 02:12 383348 c:\windows\system32\perfh011.dat
+ 2009-07-14 02:36 . 2012-05-17 02:12 606992 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-16 16:46 606992 c:\windows\system32\perfh009.dat
- 2012-05-13 17:32 . 2012-05-16 16:46 101838 c:\windows\system32\perfc012.dat
+ 2012-05-13 17:32 . 2012-05-17 02:12 101838 c:\windows\system32\perfc012.dat
- 2012-02-14 00:04 . 2012-05-16 16:46 103370 c:\windows\system32\perfc011.dat
+ 2012-02-14 00:04 . 2012-05-17 02:12 103370 c:\windows\system32\perfc011.dat
+ 2009-07-14 02:36 . 2012-05-17 02:12 103370 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-16 16:46 103370 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-05-17 08:55 229152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-16 16:57 229152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-05-16 16:19 . 2012-05-16 16:47 223744 c:\windows\assembly\temp\twl.dll
+ 2012-05-16 16:19 . 2012-05-17 08:39 223744 c:\windows\assembly\temp\twl.dll
+ 2012-02-14 04:34 . 2012-05-17 08:56 27453152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-989966592-1269749742-2495231924-1001-12288.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ecojink]
2012-05-06 07:21 10752 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\ecojink.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 biafagiz;i8042 Keyboard and PS/2 Mouse Port Helper;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys [x]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [x]
R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-04-20 736104]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servico de Tecnologias de Ativacao do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 pcapsvc;ProxyCap Service;c:\program files\Proxy Labs\ProxyCap\pcapsvc.exe [2010-09-18 635904]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
biafagiz
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProxyCap"="c:\progra~1\PROXYL~1\ProxyCap\pcapui.exe" [2010-09-18 689664]
"combofix"="c:\combofix\CF17743.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
filemon701
iAimTV5
vnxservice
rnadirmultiplexor
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://df.nexon.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: pcapwsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\f8n672gz.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 0a7ec48300000000000000ff6576abc8
FF - user.js: extensions.BabylonToolbar_i.hardId - 0a7ec48300000000000000ff6576abc8
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15467
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.173:03
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-33219741.sys
SafeBoot-81024271.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,44,55,a8,6f,77,c8,40,aa,5f,d5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,44,55,a8,6f,77,c8,40,aa,5f,d5,\
.
[HKEY_USERS\S-1-5-21-989966592-1269749742-2495231924-1001\Software\Gabest\Media Player Classic\Settings\PnSPresets]
@DACL=(02 0000)
"Preset0"="Scale to 16:9 TV,0.500,0.500,1.000,1.333"
"Preset1"="Zoom To Widescreen,0.500,0.500,1.333,1.333"
"Preset2"="Zoom To Ultra-Widescreen,0.500,0.500,1.763,1.763"
.
[HKEY_USERS\S-1-5-21-989966592-1269749742-2495231924-1001\Software\Microsoft\Installer\Products\8B1A8551330FB1445BD66E56F2BAC9C9\SourceList\Media]
@DACL=(02 0000)
"1"=";"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\29EA0FB2CB3C21140966516443B2F1EA\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"="DISK1;1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5FD2CD3CCAFE55040901137F5C54DDE9\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"="DISK1;1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8B78C05791FAC3C47B19059D8CA35E27\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"="DISK1;1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B76A10F976D7F284D9F45D89A044F04D\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"="DISK1;1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"2"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"3"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"4"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"5"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"6"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"7"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"8"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"9"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"10"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"11"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\E46CD460F2A7FDF45B893E0C47B7BBC9\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"="DISK1;1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-17 06:00:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-17 09:00
ComboFix2.txt 2012-05-16 17:02
ComboFix3.txt 2012-05-16 16:46
.
Pre-Run: 140.761.292.800 bytes disponiveis
Post-Run: 140.315.037.696 bytes disponiveis
.
- - End Of File - - 65EE801A5BE2707EDD573936583CED1C

Edited by Konishi, 17 May 2012 - 04:07 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 AM

Posted 17 May 2012 - 07:37 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Konishi

Konishi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 17 May 2012 - 05:27 PM

19:07:33.0894 0656 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
19:07:34.0534 0656 ============================================================
19:07:34.0534 0656 Current date / time: 2012/05/17 19:07:34.0534
19:07:34.0534 0656 SystemInfo:
19:07:34.0534 0656
19:07:34.0534 0656 OS Version: 6.1.7601 ServicePack: 1.0
19:07:34.0534 0656 Product type: Workstation
19:07:34.0534 0656 ComputerName: KONISHI-PC
19:07:34.0534 0656 UserName: Konishi
19:07:34.0534 0656 Windows directory: C:\Windows
19:07:34.0534 0656 System windows directory: C:\Windows
19:07:34.0534 0656 Running under WOW64
19:07:34.0534 0656 Processor architecture: Intel x64
19:07:34.0534 0656 Number of processors: 4
19:07:34.0534 0656 Page size: 0x1000
19:07:34.0534 0656 Boot type: Normal boot
19:07:34.0534 0656 ============================================================
19:07:36.0312 0656 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:07:36.0328 0656 Drive \Device\Harddisk1\DR1 - Size: 0x953C94000 (37.31 Gb), SectorSize: 0x200, Cylinders: 0x1306, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:07:36.0328 0656 ============================================================
19:07:36.0328 0656 \Device\Harddisk0\DR0:
19:07:36.0328 0656 MBR partitions:
19:07:36.0328 0656 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x31ACFAE7
19:07:36.0328 0656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x31AD0000, BlocksNum 0x887F030
19:07:36.0328 0656 \Device\Harddisk1\DR1:
19:07:36.0328 0656 MBR partitions:
19:07:36.0328 0656 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A98C86
19:07:36.0328 0656 ============================================================
19:07:36.0359 0656 C: <-> \Device\Harddisk0\DR0\Partition0
19:07:36.0375 0656 D: <-> \Device\Harddisk1\DR1\Partition0
19:07:36.0422 0656 E: <-> \Device\Harddisk0\DR0\Partition1
19:07:36.0422 0656 ============================================================
19:07:36.0422 0656 Initialize success
19:07:36.0422 0656 ============================================================
19:07:37.0919 3684 ============================================================
19:07:37.0919 3684 Scan started
19:07:37.0919 3684 Mode: Manual;
19:07:37.0919 3684 ============================================================
19:07:39.0994 3684 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:07:39.0994 3684 1394ohci - ok
19:07:40.0041 3684 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:07:40.0041 3684 ACPI - ok
19:07:40.0056 3684 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:07:40.0056 3684 AcpiPmi - ok
19:07:40.0103 3684 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:07:40.0119 3684 adp94xx - ok
19:07:40.0134 3684 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:07:40.0150 3684 adpahci - ok
19:07:40.0166 3684 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:07:40.0166 3684 adpu320 - ok
19:07:40.0197 3684 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:07:40.0197 3684 AeLookupSvc - ok
19:07:40.0259 3684 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:07:40.0275 3684 AFD - ok
19:07:40.0290 3684 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:07:40.0290 3684 agp440 - ok
19:07:40.0322 3684 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:07:40.0322 3684 ALG - ok
19:07:40.0322 3684 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:07:40.0322 3684 aliide - ok
19:07:40.0384 3684 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
19:07:40.0384 3684 AMD External Events Utility - ok
19:07:40.0446 3684 AMD FUEL Service - ok
19:07:40.0446 3684 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:07:40.0446 3684 amdide - ok
19:07:40.0478 3684 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
19:07:40.0478 3684 amdiox64 - ok
19:07:40.0493 3684 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:07:40.0493 3684 AmdK8 - ok
19:07:40.0961 3684 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
19:07:41.0102 3684 amdkmdag - ok
19:07:41.0242 3684 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
19:07:41.0242 3684 amdkmdap - ok
19:07:41.0273 3684 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:07:41.0273 3684 AmdPPM - ok
19:07:41.0304 3684 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:07:41.0304 3684 amdsata - ok
19:07:41.0336 3684 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:07:41.0336 3684 amdsbs - ok
19:07:41.0336 3684 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:07:41.0336 3684 amdxata - ok
19:07:41.0414 3684 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:07:41.0414 3684 AODDriver4.1 - ok
19:07:41.0476 3684 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:07:41.0476 3684 AppID - ok
19:07:41.0507 3684 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:07:41.0507 3684 AppIDSvc - ok
19:07:41.0538 3684 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:07:41.0538 3684 Appinfo - ok
19:07:41.0585 3684 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
19:07:41.0585 3684 AppMgmt - ok
19:07:41.0601 3684 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:07:41.0601 3684 arc - ok
19:07:41.0616 3684 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:07:41.0632 3684 arcsas - ok
19:07:41.0648 3684 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:07:41.0648 3684 AsyncMac - ok
19:07:41.0679 3684 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:07:41.0679 3684 atapi - ok
19:07:41.0741 3684 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
19:07:41.0741 3684 AtiHDAudioService - ok
19:07:42.0209 3684 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
19:07:42.0272 3684 atikmdag - ok
19:07:42.0412 3684 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:07:42.0412 3684 AudioEndpointBuilder - ok
19:07:42.0428 3684 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:07:42.0428 3684 AudioSrv - ok
19:07:42.0474 3684 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:07:42.0474 3684 AxInstSV - ok
19:07:42.0537 3684 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:07:42.0537 3684 b06bdrv - ok
19:07:42.0584 3684 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:07:42.0599 3684 b57nd60a - ok
19:07:42.0615 3684 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:07:42.0615 3684 BDESVC - ok
19:07:42.0630 3684 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:07:42.0630 3684 Beep - ok
19:07:42.0693 3684 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:07:42.0693 3684 BFE - ok
19:07:42.0708 3684 biafagiz - ok
19:07:42.0755 3684 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
19:07:42.0771 3684 BITS - ok
19:07:42.0786 3684 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:07:42.0786 3684 blbdrive - ok
19:07:42.0818 3684 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:07:42.0818 3684 bowser - ok
19:07:42.0833 3684 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:07:42.0833 3684 BrFiltLo - ok
19:07:42.0849 3684 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:07:42.0849 3684 BrFiltUp - ok
19:07:42.0896 3684 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:07:42.0896 3684 BridgeMP - ok
19:07:42.0927 3684 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:07:42.0927 3684 Browser - ok
19:07:42.0958 3684 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:07:42.0958 3684 Brserid - ok
19:07:42.0989 3684 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:07:42.0989 3684 BrSerWdm - ok
19:07:42.0989 3684 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:07:42.0989 3684 BrUsbMdm - ok
19:07:43.0005 3684 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:07:43.0005 3684 BrUsbSer - ok
19:07:43.0036 3684 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:07:43.0036 3684 BTHMODEM - ok
19:07:43.0052 3684 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:07:43.0052 3684 bthserv - ok
19:07:43.0145 3684 catchme - ok
19:07:43.0176 3684 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:07:43.0176 3684 cdfs - ok
19:07:43.0239 3684 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:07:43.0239 3684 cdrom - ok
19:07:43.0254 3684 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:07:43.0254 3684 CertPropSvc - ok
19:07:43.0270 3684 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:07:43.0270 3684 circlass - ok
19:07:43.0301 3684 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:07:43.0301 3684 CLFS - ok
19:07:43.0364 3684 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:07:43.0364 3684 clr_optimization_v2.0.50727_32 - ok
19:07:43.0410 3684 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:07:43.0410 3684 clr_optimization_v2.0.50727_64 - ok
19:07:43.0426 3684 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:07:43.0426 3684 CmBatt - ok
19:07:43.0457 3684 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:07:43.0457 3684 cmdide - ok
19:07:43.0504 3684 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:07:43.0504 3684 CNG - ok
19:07:43.0520 3684 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:07:43.0520 3684 Compbatt - ok
19:07:43.0535 3684 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:07:43.0535 3684 CompositeBus - ok
19:07:43.0551 3684 COMSysApp - ok
19:07:43.0551 3684 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:07:43.0551 3684 crcdisk - ok
19:07:43.0613 3684 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
19:07:43.0613 3684 CryptSvc - ok
19:07:43.0660 3684 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
19:07:43.0660 3684 CSC - ok
19:07:43.0691 3684 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
19:07:43.0707 3684 CscService - ok
19:07:43.0754 3684 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:07:43.0754 3684 DcomLaunch - ok
19:07:43.0800 3684 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:07:43.0800 3684 defragsvc - ok
19:07:43.0847 3684 dfmirage (178a6e9a0dce42959fc5ad129f60cba9) C:\Windows\system32\DRIVERS\dfmirage.sys
19:07:43.0847 3684 dfmirage - ok
19:07:43.0878 3684 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:07:43.0878 3684 DfsC - ok
19:07:43.0910 3684 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:07:43.0910 3684 Dhcp - ok
19:07:43.0910 3684 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:07:43.0925 3684 discache - ok
19:07:43.0941 3684 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:07:43.0941 3684 Disk - ok
19:07:43.0972 3684 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:07:43.0972 3684 Dnscache - ok
19:07:44.0019 3684 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:07:44.0019 3684 dot3svc - ok
19:07:44.0050 3684 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:07:44.0050 3684 DPS - ok
19:07:44.0081 3684 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:07:44.0081 3684 drmkaud - ok
19:07:44.0128 3684 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:07:44.0128 3684 dtsoftbus01 - ok
19:07:44.0159 3684 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:07:44.0159 3684 DXGKrnl - ok
19:07:44.0175 3684 EagleX64 - ok
19:07:44.0206 3684 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:07:44.0206 3684 EapHost - ok
19:07:44.0346 3684 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:07:44.0393 3684 ebdrv - ok
19:07:44.0502 3684 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:07:44.0502 3684 EFS - ok
19:07:44.0565 3684 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:07:44.0580 3684 ehRecvr - ok
19:07:44.0612 3684 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:07:44.0612 3684 ehSched - ok
19:07:44.0643 3684 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:07:44.0658 3684 elxstor - ok
19:07:44.0690 3684 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:07:44.0690 3684 ErrDev - ok
19:07:44.0721 3684 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:07:44.0736 3684 EventSystem - ok
19:07:44.0736 3684 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:07:44.0736 3684 exfat - ok
19:07:44.0768 3684 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:07:44.0783 3684 fastfat - ok
19:07:44.0861 3684 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:07:44.0861 3684 Fax - ok
19:07:44.0877 3684 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:07:44.0877 3684 fdc - ok
19:07:44.0892 3684 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:07:44.0892 3684 fdPHost - ok
19:07:44.0908 3684 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:07:44.0908 3684 FDResPub - ok
19:07:44.0924 3684 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:07:44.0924 3684 FileInfo - ok
19:07:44.0924 3684 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:07:44.0924 3684 Filetrace - ok
19:07:44.0924 3684 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:07:44.0939 3684 flpydisk - ok
19:07:44.0955 3684 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:07:44.0955 3684 FltMgr - ok
19:07:45.0033 3684 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:07:45.0048 3684 FontCache - ok
19:07:45.0111 3684 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:07:45.0111 3684 FontCache3.0.0.0 - ok
19:07:45.0158 3684 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:07:45.0158 3684 FsDepends - ok
19:07:45.0173 3684 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:07:45.0173 3684 Fs_Rec - ok
19:07:45.0236 3684 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:07:45.0236 3684 fvevol - ok
19:07:45.0236 3684 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:07:45.0236 3684 gagp30kx - ok
19:07:45.0298 3684 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:07:45.0298 3684 gpsvc - ok
19:07:45.0314 3684 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:07:45.0314 3684 hcw85cir - ok
19:07:45.0360 3684 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:07:45.0360 3684 HdAudAddService - ok
19:07:45.0392 3684 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:07:45.0392 3684 HDAudBus - ok
19:07:45.0392 3684 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:07:45.0392 3684 HidBatt - ok
19:07:45.0407 3684 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:07:45.0407 3684 HidBth - ok
19:07:45.0423 3684 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:07:45.0423 3684 HidIr - ok
19:07:45.0454 3684 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:07:45.0454 3684 hidserv - ok
19:07:45.0501 3684 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:07:45.0501 3684 HidUsb - ok
19:07:45.0516 3684 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:07:45.0516 3684 hkmsvc - ok
19:07:45.0548 3684 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:07:45.0548 3684 HomeGroupListener - ok
19:07:45.0594 3684 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:07:45.0594 3684 HomeGroupProvider - ok
19:07:45.0610 3684 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:07:45.0626 3684 HpSAMD - ok
19:07:45.0672 3684 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:07:45.0688 3684 HTTP - ok
19:07:45.0704 3684 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:07:45.0704 3684 hwpolicy - ok
19:07:45.0735 3684 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:07:45.0750 3684 i8042prt - ok
19:07:45.0782 3684 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:07:45.0782 3684 iaStorV - ok
19:07:45.0891 3684 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:07:45.0906 3684 idsvc - ok
19:07:45.0922 3684 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:07:45.0922 3684 iirsp - ok
19:07:45.0984 3684 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:07:46.0000 3684 IKEEXT - ok
19:07:46.0031 3684 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:07:46.0031 3684 intelide - ok
19:07:46.0062 3684 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:07:46.0062 3684 intelppm - ok
19:07:46.0094 3684 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:07:46.0094 3684 IPBusEnum - ok
19:07:46.0125 3684 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:07:46.0125 3684 IpFilterDriver - ok
19:07:46.0203 3684 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:07:46.0203 3684 iphlpsvc - ok
19:07:46.0234 3684 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:07:46.0234 3684 IPMIDRV - ok
19:07:46.0234 3684 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:07:46.0234 3684 IPNAT - ok
19:07:46.0265 3684 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:07:46.0265 3684 IRENUM - ok
19:07:46.0281 3684 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:07:46.0281 3684 isapnp - ok
19:07:46.0328 3684 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:07:46.0328 3684 iScsiPrt - ok
19:07:46.0359 3684 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:07:46.0359 3684 kbdclass - ok
19:07:46.0390 3684 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:07:46.0390 3684 kbdhid - ok
19:07:46.0421 3684 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:07:46.0421 3684 KeyIso - ok
19:07:46.0437 3684 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:07:46.0437 3684 KSecDD - ok
19:07:46.0452 3684 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:07:46.0452 3684 KSecPkg - ok
19:07:46.0468 3684 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:07:46.0468 3684 ksthunk - ok
19:07:46.0515 3684 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:07:46.0515 3684 KtmRm - ok
19:07:46.0546 3684 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
19:07:46.0546 3684 LanmanServer - ok
19:07:46.0562 3684 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:07:46.0562 3684 LanmanWorkstation - ok
19:07:46.0593 3684 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:07:46.0593 3684 lltdio - ok
19:07:46.0624 3684 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:07:46.0624 3684 lltdsvc - ok
19:07:46.0655 3684 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:07:46.0655 3684 lmhosts - ok
19:07:46.0686 3684 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:07:46.0702 3684 LSI_FC - ok
19:07:46.0718 3684 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:07:46.0718 3684 LSI_SAS - ok
19:07:46.0733 3684 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:07:46.0733 3684 LSI_SAS2 - ok
19:07:46.0749 3684 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:07:46.0749 3684 LSI_SCSI - ok
19:07:46.0764 3684 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:07:46.0764 3684 luafv - ok
19:07:46.0796 3684 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:07:46.0796 3684 Mcx2Svc - ok
19:07:46.0796 3684 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:07:46.0796 3684 megasas - ok
19:07:46.0827 3684 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:07:46.0827 3684 MegaSR - ok
19:07:46.0874 3684 Mkd2Bthf (2674143660bace99bd8de96c171c8c30) C:\Windows\system32\drivers\Mkd2Bthf.sys
19:07:46.0874 3684 Mkd2Bthf - ok
19:07:46.0905 3684 Mkd2Nadr (d9263c3227963caf09f279d952218b1c) C:\Windows\system32\drivers\Mkd2Nadr.sys
19:07:46.0905 3684 Mkd2Nadr - ok
19:07:46.0952 3684 Mkd3kfNt (73fe0efe7fd7679c4bf2f7e4f999f55a) C:\Windows\system32\drivers\Mkd3kfNt.sys
19:07:46.0952 3684 Mkd3kfNt - ok
19:07:46.0967 3684 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:07:46.0967 3684 MMCSS - ok
19:07:46.0983 3684 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:07:46.0983 3684 Modem - ok
19:07:47.0030 3684 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:07:47.0030 3684 monitor - ok
19:07:47.0061 3684 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:07:47.0061 3684 mouclass - ok
19:07:47.0076 3684 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:07:47.0076 3684 mouhid - ok
19:07:47.0108 3684 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:07:47.0108 3684 mountmgr - ok
19:07:47.0201 3684 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:07:47.0201 3684 MozillaMaintenance - ok
19:07:47.0248 3684 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:07:47.0248 3684 mpio - ok
19:07:47.0279 3684 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:07:47.0279 3684 mpsdrv - ok
19:07:47.0342 3684 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:07:47.0388 3684 MpsSvc - ok
19:07:47.0420 3684 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:07:47.0420 3684 MRxDAV - ok
19:07:47.0451 3684 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:07:47.0451 3684 mrxsmb - ok
19:07:47.0466 3684 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:07:47.0482 3684 mrxsmb10 - ok
19:07:47.0498 3684 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:07:47.0498 3684 mrxsmb20 - ok
19:07:47.0513 3684 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:07:47.0513 3684 msahci - ok
19:07:47.0544 3684 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:07:47.0544 3684 msdsm - ok
19:07:47.0576 3684 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:07:47.0591 3684 MSDTC - ok
19:07:47.0607 3684 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:07:47.0607 3684 Msfs - ok
19:07:47.0622 3684 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:07:47.0622 3684 mshidkmdf - ok
19:07:47.0654 3684 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:07:47.0654 3684 msisadrv - ok
19:07:47.0669 3684 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:07:47.0685 3684 MSiSCSI - ok
19:07:47.0685 3684 msiserver - ok
19:07:47.0716 3684 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:07:47.0716 3684 MSKSSRV - ok
19:07:47.0747 3684 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:07:47.0747 3684 MSPCLOCK - ok
19:07:47.0778 3684 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:07:47.0778 3684 MSPQM - ok
19:07:47.0810 3684 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:07:47.0825 3684 MsRPC - ok
19:07:47.0841 3684 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:07:47.0841 3684 mssmbios - ok
19:07:47.0841 3684 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:07:47.0856 3684 MSTEE - ok
19:07:47.0872 3684 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:07:47.0872 3684 MTConfig - ok
19:07:47.0934 3684 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
19:07:47.0934 3684 MTsensor - ok
19:07:47.0950 3684 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:07:47.0950 3684 Mup - ok
19:07:47.0997 3684 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:07:47.0997 3684 napagent - ok
19:07:48.0028 3684 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:07:48.0028 3684 NativeWifiP - ok
19:07:48.0090 3684 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:07:48.0122 3684 NDIS - ok
19:07:48.0137 3684 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:07:48.0137 3684 NdisCap - ok
19:07:48.0168 3684 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:07:48.0168 3684 NdisTapi - ok
19:07:48.0200 3684 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:07:48.0200 3684 Ndisuio - ok
19:07:48.0215 3684 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:07:48.0231 3684 NdisWan - ok
19:07:48.0246 3684 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:07:48.0262 3684 NDProxy - ok
19:07:48.0278 3684 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:07:48.0278 3684 NetBIOS - ok
19:07:48.0293 3684 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:07:48.0309 3684 NetBT - ok
19:07:48.0324 3684 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:07:48.0324 3684 Netlogon - ok
19:07:48.0371 3684 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:07:48.0387 3684 Netman - ok
19:07:48.0402 3684 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:07:48.0402 3684 netprofm - ok
19:07:48.0621 3684 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:07:48.0652 3684 NetTcpPortSharing - ok
19:07:48.0730 3684 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:07:49.0089 3684 nfrd960 - ok
19:07:49.0260 3684 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:07:49.0260 3684 NlaSvc - ok
19:07:49.0276 3684 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:07:49.0276 3684 Npfs - ok
19:07:49.0292 3684 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:07:49.0292 3684 nsi - ok
19:07:49.0307 3684 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:07:49.0307 3684 nsiproxy - ok
19:07:49.0385 3684 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:07:49.0416 3684 Ntfs - ok
19:07:49.0510 3684 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:07:49.0510 3684 Null - ok
19:07:49.0541 3684 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:07:49.0541 3684 nvraid - ok
19:07:49.0588 3684 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:07:49.0588 3684 nvstor - ok
19:07:49.0635 3684 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:07:49.0635 3684 nv_agp - ok
19:07:49.0666 3684 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:07:49.0666 3684 ohci1394 - ok
19:07:49.0697 3684 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:07:49.0697 3684 p2pimsvc - ok
19:07:49.0713 3684 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:07:49.0728 3684 p2psvc - ok
19:07:49.0744 3684 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:07:49.0744 3684 Parport - ok
19:07:49.0760 3684 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:07:49.0760 3684 partmgr - ok
19:07:49.0853 3684 pcapsvc (85eac582e1479154a405a6c47f8ddfbd) C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe
19:07:49.0853 3684 pcapsvc - ok
19:07:49.0869 3684 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:07:49.0884 3684 PcaSvc - ok
19:07:49.0900 3684 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:07:49.0900 3684 pci - ok
19:07:49.0916 3684 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:07:49.0916 3684 pciide - ok
19:07:49.0947 3684 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:07:49.0947 3684 pcmcia - ok
19:07:49.0962 3684 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:07:49.0962 3684 pcw - ok
19:07:49.0994 3684 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:07:50.0009 3684 PEAUTH - ok
19:07:50.0072 3684 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
19:07:50.0103 3684 PeerDistSvc - ok
19:07:50.0181 3684 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:07:50.0181 3684 PerfHost - ok
19:07:50.0306 3684 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:07:50.0337 3684 pla - ok
19:07:50.0384 3684 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:07:50.0384 3684 PlugPlay - ok
19:07:50.0415 3684 PnkBstrA - ok
19:07:50.0415 3684 PnkBstrB - ok
19:07:50.0430 3684 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:07:50.0430 3684 PNRPAutoReg - ok
19:07:50.0462 3684 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:07:50.0462 3684 PNRPsvc - ok
19:07:50.0508 3684 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:07:50.0508 3684 PolicyAgent - ok
19:07:50.0524 3684 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:07:50.0524 3684 Power - ok
19:07:50.0571 3684 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:07:50.0571 3684 PptpMiniport - ok
19:07:50.0586 3684 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:07:50.0602 3684 Processor - ok
19:07:50.0618 3684 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
19:07:50.0618 3684 ProfSvc - ok
19:07:50.0649 3684 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:07:50.0649 3684 ProtectedStorage - ok
19:07:50.0680 3684 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:07:50.0680 3684 Psched - ok
19:07:50.0742 3684 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:07:50.0789 3684 ql2300 - ok
19:07:50.0867 3684 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:07:50.0867 3684 ql40xx - ok
19:07:50.0898 3684 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:07:50.0898 3684 QWAVE - ok
19:07:50.0914 3684 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:07:50.0914 3684 QWAVEdrv - ok
19:07:50.0930 3684 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:07:50.0930 3684 RasAcd - ok
19:07:50.0961 3684 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:07:50.0961 3684 RasAgileVpn - ok
19:07:50.0976 3684 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:07:50.0976 3684 RasAuto - ok
19:07:50.0992 3684 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:07:50.0992 3684 Rasl2tp - ok
19:07:51.0023 3684 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:07:51.0023 3684 RasMan - ok
19:07:51.0054 3684 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:07:51.0054 3684 RasPppoe - ok
19:07:51.0086 3684 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:07:51.0086 3684 RasSstp - ok
19:07:51.0117 3684 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:07:51.0117 3684 rdbss - ok
19:07:51.0132 3684 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:07:51.0132 3684 rdpbus - ok
19:07:51.0132 3684 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:07:51.0132 3684 RDPCDD - ok
19:07:51.0179 3684 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
19:07:51.0179 3684 RDPDR - ok
19:07:51.0195 3684 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:07:51.0195 3684 RDPENCDD - ok
19:07:51.0210 3684 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:07:51.0210 3684 RDPREFMP - ok
19:07:51.0257 3684 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
19:07:51.0257 3684 RdpVideoMiniport - ok
19:07:51.0304 3684 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
19:07:51.0304 3684 RDPWD - ok
19:07:51.0335 3684 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:07:51.0335 3684 rdyboost - ok
19:07:51.0351 3684 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:07:51.0366 3684 RemoteAccess - ok
19:07:51.0382 3684 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:07:51.0382 3684 RemoteRegistry - ok
19:07:51.0398 3684 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:07:51.0398 3684 RpcEptMapper - ok
19:07:51.0429 3684 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:07:51.0429 3684 RpcLocator - ok
19:07:51.0460 3684 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:07:51.0476 3684 RpcSs - ok
19:07:51.0476 3684 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:07:51.0476 3684 rspndr - ok
19:07:51.0538 3684 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:07:51.0538 3684 RTL8167 - ok
19:07:51.0569 3684 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
19:07:51.0569 3684 s3cap - ok
19:07:51.0600 3684 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:07:51.0600 3684 SamSs - ok
19:07:51.0616 3684 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:07:51.0616 3684 sbp2port - ok
19:07:51.0632 3684 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:07:51.0647 3684 SCardSvr - ok
19:07:51.0663 3684 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:07:51.0663 3684 scfilter - ok
19:07:51.0741 3684 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:07:51.0772 3684 Schedule - ok
19:07:51.0803 3684 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:07:51.0803 3684 SCPolicySvc - ok
19:07:51.0834 3684 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:07:51.0834 3684 SDRSVC - ok
19:07:51.0866 3684 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:07:51.0866 3684 secdrv - ok
19:07:51.0897 3684 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:07:51.0897 3684 seclogon - ok
19:07:51.0912 3684 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:07:51.0912 3684 SENS - ok
19:07:51.0928 3684 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:07:51.0944 3684 SensrSvc - ok
19:07:51.0944 3684 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:07:51.0959 3684 Serenum - ok
19:07:51.0959 3684 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:07:51.0959 3684 Serial - ok
19:07:51.0990 3684 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:07:51.0990 3684 sermouse - ok
19:07:52.0037 3684 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:07:52.0037 3684 SessionEnv - ok
19:07:52.0053 3684 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:07:52.0053 3684 sffdisk - ok
19:07:52.0053 3684 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:07:52.0068 3684 sffp_mmc - ok
19:07:52.0068 3684 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:07:52.0068 3684 sffp_sd - ok
19:07:52.0084 3684 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:07:52.0084 3684 sfloppy - ok
19:07:52.0146 3684 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:07:52.0146 3684 SharedAccess - ok
19:07:52.0193 3684 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:07:52.0193 3684 ShellHWDetection - ok
19:07:52.0209 3684 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:07:52.0209 3684 SiSRaid2 - ok
19:07:52.0224 3684 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:07:52.0224 3684 SiSRaid4 - ok
19:07:52.0240 3684 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:07:52.0240 3684 Smb - ok
19:07:52.0271 3684 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:07:52.0271 3684 SNMPTRAP - ok
19:07:52.0287 3684 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:07:52.0287 3684 spldr - ok
19:07:52.0334 3684 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:07:52.0334 3684 Spooler - ok
19:07:52.0490 3684 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:07:52.0536 3684 sppsvc - ok
19:07:52.0646 3684 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:07:52.0646 3684 sppuinotify - ok
19:07:52.0677 3684 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:07:52.0677 3684 srv - ok
19:07:52.0708 3684 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:07:52.0724 3684 srv2 - ok
19:07:52.0739 3684 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:07:52.0739 3684 srvnet - ok
19:07:52.0770 3684 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:07:52.0786 3684 SSDPSRV - ok
19:07:52.0786 3684 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:07:52.0786 3684 SstpSvc - ok
19:07:52.0864 3684 Steam Client Service - ok
19:07:52.0880 3684 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:07:52.0895 3684 stexstor - ok
19:07:52.0958 3684 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:07:52.0973 3684 stisvc - ok
19:07:52.0989 3684 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
19:07:52.0989 3684 storflt - ok
19:07:53.0020 3684 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
19:07:53.0020 3684 storvsc - ok
19:07:53.0051 3684 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:07:53.0051 3684 swenum - ok
19:07:53.0082 3684 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:07:53.0082 3684 swprv - ok
19:07:53.0098 3684 Synth3dVsc - ok
19:07:53.0192 3684 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:07:53.0223 3684 SysMain - ok
19:07:53.0332 3684 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:07:53.0332 3684 TabletInputService - ok
19:07:53.0379 3684 tap0901 (a8d3f11bc8f37c3d7d026c3e1219b5ac) C:\Windows\system32\DRIVERS\tap0901.sys
19:07:53.0379 3684 tap0901 - ok
19:07:53.0410 3684 tap0901t (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys
19:07:53.0410 3684 tap0901t - ok
19:07:53.0457 3684 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:07:53.0457 3684 TapiSrv - ok
19:07:53.0488 3684 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:07:53.0488 3684 TBS - ok
19:07:53.0582 3684 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:07:53.0613 3684 Tcpip - ok
19:07:53.0722 3684 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:07:53.0722 3684 TCPIP6 - ok
19:07:53.0769 3684 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:07:53.0784 3684 tcpipreg - ok
19:07:53.0800 3684 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:07:53.0800 3684 TDPIPE - ok
19:07:53.0831 3684 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:07:53.0831 3684 TDTCP - ok
19:07:53.0862 3684 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:07:53.0862 3684 tdx - ok
19:07:53.0894 3684 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:07:53.0894 3684 TermDD - ok
19:07:53.0925 3684 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:07:53.0940 3684 TermService - ok
19:07:53.0956 3684 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:07:53.0972 3684 Themes - ok
19:07:53.0987 3684 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:07:53.0987 3684 THREADORDER - ok
19:07:54.0003 3684 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:07:54.0003 3684 TrkWks - ok
19:07:54.0050 3684 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:07:54.0050 3684 TrustedInstaller - ok
19:07:54.0065 3684 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:07:54.0065 3684 tssecsrv - ok
19:07:54.0096 3684 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:07:54.0096 3684 TsUsbFlt - ok
19:07:54.0112 3684 tsusbhub - ok
19:07:54.0159 3684 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:07:54.0159 3684 tunnel - ok
19:07:54.0284 3684 TunngleService (eb2252371a7a4b26b8ab2c6df0b4eeff) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
19:07:54.0299 3684 TunngleService - ok
19:07:54.0315 3684 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:07:54.0315 3684 uagp35 - ok
19:07:54.0362 3684 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:07:54.0362 3684 udfs - ok
19:07:54.0393 3684 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:07:54.0393 3684 UI0Detect - ok
19:07:54.0408 3684 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:07:54.0424 3684 uliagpkx - ok
19:07:54.0455 3684 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:07:54.0455 3684 umbus - ok
19:07:54.0455 3684 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:07:54.0455 3684 UmPass - ok
19:07:54.0486 3684 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
19:07:54.0486 3684 UmRdpService - ok
19:07:54.0518 3684 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:07:54.0533 3684 upnphost - ok
19:07:54.0549 3684 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:07:54.0549 3684 usbccgp - ok
19:07:54.0564 3684 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:07:54.0564 3684 usbcir - ok
19:07:54.0580 3684 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:07:54.0580 3684 usbehci - ok
19:07:54.0611 3684 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:07:54.0611 3684 usbhub - ok
19:07:54.0627 3684 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:07:54.0627 3684 usbohci - ok
19:07:54.0658 3684 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:07:54.0658 3684 usbprint - ok
19:07:54.0689 3684 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:07:54.0689 3684 usbscan - ok
19:07:54.0705 3684 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:07:54.0705 3684 USBSTOR - ok
19:07:54.0720 3684 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:07:54.0720 3684 usbuhci - ok
19:07:54.0736 3684 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:07:54.0736 3684 UxSms - ok
19:07:54.0752 3684 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:07:54.0752 3684 VaultSvc - ok
19:07:54.0783 3684 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:07:54.0783 3684 vdrvroot - ok
19:07:54.0830 3684 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:07:54.0830 3684 vds - ok
19:07:54.0861 3684 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:07:54.0861 3684 vga - ok
19:07:54.0861 3684 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:07:54.0861 3684 VgaSave - ok
19:07:54.0876 3684 VGPU - ok
19:07:54.0908 3684 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:07:54.0908 3684 vhdmp - ok
19:07:54.0923 3684 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:07:54.0923 3684 viaide - ok
19:07:54.0954 3684 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
19:07:54.0954 3684 vmbus - ok
19:07:54.0970 3684 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
19:07:54.0970 3684 VMBusHID - ok
19:07:55.0048 3684 vnxservice (5f22132c9153639762708909f156b33d) C:\Windows\system32\ONSIO.dll
19:07:55.0048 3684 vnxservice ( Backdoor.Multi.ZAccess.gen ) - infected
19:07:55.0048 3684 vnxservice - detected Backdoor.Multi.ZAccess.gen (0)
19:07:55.0079 3684 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:07:55.0079 3684 volmgr - ok
19:07:55.0095 3684 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:07:55.0110 3684 volmgrx - ok
19:07:55.0126 3684 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:07:55.0126 3684 volsnap - ok
19:07:55.0157 3684 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:07:55.0157 3684 vsmraid - ok
19:07:55.0235 3684 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:07:55.0266 3684 VSS - ok
19:07:55.0360 3684 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:07:55.0360 3684 vwifibus - ok
19:07:55.0407 3684 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:07:55.0407 3684 W32Time - ok
19:07:55.0422 3684 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:07:55.0422 3684 WacomPen - ok
19:07:55.0454 3684 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:07:55.0454 3684 WANARP - ok
19:07:55.0454 3684 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:07:55.0454 3684 Wanarpv6 - ok
19:07:55.0547 3684 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:07:55.0563 3684 WatAdminSvc - ok
19:07:55.0656 3684 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:07:55.0656 3684 wbengine - ok
19:07:55.0719 3684 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:07:55.0719 3684 WbioSrvc - ok
19:07:55.0766 3684 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:07:55.0766 3684 wcncsvc - ok
19:07:55.0797 3684 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:07:55.0797 3684 WcsPlugInService - ok
19:07:55.0812 3684 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:07:55.0812 3684 Wd - ok
19:07:55.0859 3684 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:07:55.0859 3684 Wdf01000 - ok
19:07:55.0875 3684 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:07:55.0875 3684 WdiServiceHost - ok
19:07:55.0875 3684 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:07:55.0890 3684 WdiSystemHost - ok
19:07:55.0906 3684 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:07:55.0922 3684 WebClient - ok
19:07:55.0937 3684 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:07:55.0937 3684 Wecsvc - ok
19:07:55.0968 3684 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:07:55.0968 3684 wercplsupport - ok
19:07:55.0984 3684 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:07:55.0984 3684 WerSvc - ok
19:07:56.0000 3684 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:07:56.0000 3684 WfpLwf - ok
19:07:56.0015 3684 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:07:56.0015 3684 WIMMount - ok
19:07:56.0078 3684 WinDefend - ok
19:07:56.0093 3684 WinHttpAutoProxySvc - ok
19:07:56.0140 3684 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:07:56.0140 3684 Winmgmt - ok
19:07:56.0249 3684 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:07:56.0265 3684 WinRM - ok
19:07:56.0421 3684 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:07:56.0452 3684 Wlansvc - ok
19:07:56.0624 3684 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:07:56.0655 3684 wlidsvc - ok
19:07:56.0702 3684 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:07:56.0702 3684 WmiAcpi - ok
19:07:56.0748 3684 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:07:56.0748 3684 wmiApSrv - ok
19:07:56.0764 3684 WMPNetworkSvc - ok
19:07:56.0780 3684 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:07:56.0795 3684 WPCSvc - ok
19:07:56.0811 3684 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:07:56.0811 3684 WPDBusEnum - ok
19:07:56.0842 3684 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:07:56.0842 3684 ws2ifsl - ok
19:07:56.0873 3684 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
19:07:56.0889 3684 wscsvc - ok
19:07:56.0889 3684 WSearch - ok
19:07:57.0014 3684 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
19:07:57.0045 3684 wuauserv - ok
19:07:57.0092 3684 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:07:57.0092 3684 WudfPf - ok
19:07:57.0123 3684 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:07:57.0123 3684 WUDFRd - ok
19:07:57.0154 3684 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:07:57.0154 3684 wudfsvc - ok
19:07:57.0185 3684 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:07:57.0185 3684 WwanSvc - ok
19:07:57.0216 3684 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:07:57.0528 3684 \Device\Harddisk0\DR0 - ok
19:07:57.0528 3684 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:07:57.0591 3684 \Device\Harddisk1\DR1 - ok
19:07:57.0591 3684 Boot (0x1200) (c897f3bfcb3abad47135dea6d8dae80f) \Device\Harddisk0\DR0\Partition0
19:07:57.0591 3684 \Device\Harddisk0\DR0\Partition0 - ok
19:07:57.0606 3684 Boot (0x1200) (85eb68b814503b9c7cf63d65991ee425) \Device\Harddisk0\DR0\Partition1
19:07:57.0606 3684 \Device\Harddisk0\DR0\Partition1 - ok
19:07:57.0622 3684 Boot (0x1200) (13574288616e2761da41e9614b558412) \Device\Harddisk1\DR1\Partition0
19:07:57.0622 3684 \Device\Harddisk1\DR1\Partition0 - ok
19:07:57.0622 3684 ============================================================
19:07:57.0622 3684 Scan finished
19:07:57.0622 3684 ============================================================
19:07:57.0638 3676 Detected object count: 1
19:07:57.0638 3676 Actual detected object count: 1
19:08:44.0844 3676 C:\Windows\system32\ONSIO.dll - copied to quarantine
19:08:44.0844 3676 HKLM\SYSTEM\ControlSet001\services\vnxservice - will be deleted on reboot
19:08:44.0891 3676 HKLM\SYSTEM\ControlSet002\services\vnxservice - will be deleted on reboot
19:08:45.0000 3676 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
19:08:45.0031 3676 C:\Windows\system32\ONSIO.dll - will be deleted on reboot
19:08:45.0031 3676 vnxservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
19:09:25.0701 3632 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-17 19:23:15
-----------------------------
19:23:15.551 OS Version: Windows x64 6.1.7601 Service Pack 1
19:23:15.551 Number of processors: 4 586 0x502
19:23:15.551 ComputerName: KONISHI-PC UserName: Konishi
19:23:16.411 Initialize success
19:23:21.231 AVAST engine defs: 12051701
19:23:25.601 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:23:25.601 Disk 0 Vendor: WDC_WD5000AADS-00L4B1 05.04C05 Size: 476940MB BusType: 3
19:23:25.601 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-6
19:23:25.611 Disk 1 Vendor: SAMSUNG_SP0411N TW100-13 Size: 38204MB BusType: 3
19:23:25.621 Disk 0 MBR read successfully
19:23:25.621 Disk 0 MBR scan
19:23:25.621 Disk 0 Windows 7 default MBR code
19:23:25.631 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 406943 MB offset 63
19:23:25.661 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 69886 MB offset 833421312
19:23:25.681 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS 100 MB offset 976549888
19:23:25.711 Disk 0 scanning C:\Windows\system32\drivers
19:23:34.411 Service scanning
19:23:38.641 Service CTSYN C:\Windows\system32\mcsysmon.dll **INFECTED** Win64:ZAccess-E [Rtk]
19:23:51.174 Modules scanning
19:23:51.182 Disk 0 trace - called modules:
19:23:51.201 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:23:51.206 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a3f060]
19:23:51.209 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa80047d7520]
19:23:51.214 5 ACPI.sys[fffff88000f767a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047b6060]
19:23:53.078 AVAST engine scan C:\Windows
19:23:55.684 AVAST engine scan C:\Windows\system32
19:24:03.696 File: C:\Windows\system32\clr_optimization_v2.0.50727_32.dll **INFECTED** Win64:ZAccess-E [Rtk]
19:24:05.255 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
19:24:17.586 File: C:\Windows\system32\EAWDMFD.dll **INFECTED** Win64:ZAccess-E [Rtk]
19:24:30.816 File: C:\Windows\system32\mcsysmon.dll **INFECTED** Win64:ZAccess-E [Rtk]
19:24:48.654 File: C:\Windows\system32\NWSAP.dll **INFECTED** Win64:ZAccess-E [Rtk]
19:25:23.532 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
19:25:25.309 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
19:26:06.122 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
19:26:06.150 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
19:26:07.015 AVAST engine scan C:\Windows\system32\drivers
19:26:19.296 AVAST engine scan C:\Users\Konishi
19:26:53.760 Disk 0 MBR has been saved successfully to "C:\Users\Konishi\Desktop\MBR.dat"
19:26:53.768 The log file has been saved successfully to "C:\Users\Konishi\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 AM

Posted 17 May 2012 - 08:53 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\Windows\assembly\temp\U
c:\users\Konishi\AppData\Local\Babylon
c:\users\Konishi\AppData\Roaming\Babylon
c:\programdata\Babylon

File::
C:\Windows\system32\mcsysmon.dll 
C:\Windows\system32\clr_optimization_v2.0.50727_32.dll 
C:\Windows\system32\consrv.dll
C:\Windows\system32\EAWDMFD.dll
C:\Windows\system32\NWSAP.dll
C:\Windows\assembly\GAC_32\Desktop.ini 
C:\Windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\exzcvgff.dll
C:\user.js

FireFox::
FF - ProfilePath - c:\users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\f8n672gz.default\
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 0a7ec48300000000000000ff6576abc8
FF - user.js: extensions.BabylonToolbar_i.hardId - 0a7ec48300000000000000ff6576abc8
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15467
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.173:03
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Konishi

Konishi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 17 May 2012 - 09:38 PM

When combofix started some mesages showed like "can't open something", i can't remember exactly i just thought it'll be in log, sorry for this :(.
About the process, apparently it's gone.

ComboFix 12-05-17.07 - Konishi 17/05/2012 23:18:47.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.949.82.1046.18.4095.2929 [GMT -3:00]
Running from: c:\users\Konishi\Desktop\ComboFix.exe
Command switches used :: c:\users\Konishi\Desktop\CFScript.txt.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"C:\user.js"
"c:\windows\assembly\GAC_32\Desktop.ini"
"c:\windows\assembly\GAC_64\Desktop.ini"
"c:\windows\system32\clr_optimization_v2.0.50727_32.dll"
"c:\windows\system32\consrv.dll"
"c:\windows\system32\EAWDMFD.dll"
"c:\windows\system32\mcsysmon.dll"
"c:\windows\system32\NWSAP.dll"
"c:\windows\SysWow64\exzcvgff.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Babylon
c:\programdata\TEMP
C:\user.js
c:\users\Konishi\AppData\Local\Babylon
c:\users\Konishi\AppData\Local\Babylon\Setup\bab033.tbinst.dat
c:\users\Konishi\AppData\Local\Babylon\Setup\bab091.norecovericon.dat
c:\users\Konishi\AppData\Local\Babylon\Setup\Babylon.dat
c:\users\Konishi\AppData\Local\Babylon\Setup\BExternal.dll
c:\users\Konishi\AppData\Local\Babylon\Setup\HtmlScreens\blueStar.png
c:\users\Konishi\AppData\Local\Babylon\Setup\HtmlScreens\eula.html
c:\users\Konishi\AppData\Local\Babylon\Setup\HtmlScreens\globe.png
c:\users\Konishi\AppData\Local\Babylon\Setup\HtmlScreens\options.js
c:\users\Konishi\AppData\Local\Babylon\Setup\HtmlScreens\page0.html
c:\users\Konishi\AppData\Local\Babylon\Setup\HtmlScreens\page2.css
c:\users\Konishi\AppData\Local\Babylon\Setup\HtmlScreens\page2.html
c:\users\Konishi\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css
c:\users\Konishi\AppData\Local\Babylon\Setup\HtmlScreens\page3.css
c:\users\Konishi\AppData\Local\Babylon\Setup\HtmlScreens\page3.html
c:\users\Konishi\AppData\Local\Babylon\Setup\HtmlScreens\page3Lrg.css
c:\users\Konishi\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif
c:\users\Konishi\AppData\Local\Babylon\Setup\HtmlScreens\progress.png
c:\users\Konishi\AppData\Local\Babylon\Setup\HtmlScreens\setup.js
c:\users\Konishi\AppData\Local\Babylon\Setup\HtmlScreens\title.png
c:\users\Konishi\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg
c:\users\Konishi\AppData\Local\Babylon\Setup\IECookieLow.dll
c:\users\Konishi\AppData\Local\Babylon\Setup\Setup-latest-30b.zpb
c:\users\Konishi\AppData\Local\Babylon\Setup\Setup-tbmntr903.zpb
c:\users\Konishi\AppData\Local\Babylon\Setup\Setup.exe
c:\users\Konishi\AppData\Local\Babylon\Setup\SetupStrings.dat
c:\users\Konishi\AppData\Local\Babylon\Setup\sign
c:\users\Konishi\AppData\Local\Babylon\Setup\sqlite3.dll
c:\users\Konishi\AppData\Roaming\Babylon
c:\users\Konishi\AppData\Roaming\Babylon\log_file.txt
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\U
c:\windows\assembly\temp\U\00000001.@
c:\windows\assembly\temp\U\00000002.@
c:\windows\assembly\temp\U\00000004.@
c:\windows\assembly\temp\U\000000c0.@
c:\windows\assembly\temp\U\000000cb.@
c:\windows\assembly\temp\U\000000cf.@
c:\windows\assembly\temp\U\80000000.@
c:\windows\assembly\temp\U\80000004.@
c:\windows\assembly\temp\U\80000032.@
c:\windows\assembly\temp\U\80000064.@
c:\windows\assembly\temp\U\800000c0.@
c:\windows\assembly\temp\U\800000cb.@
c:\windows\assembly\temp\U\800000cf.@
c:\windows\system32\clr_optimization_v2.0.50727_32.dll
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\EAWDMFD.dll
c:\windows\system32\mcsysmon.dll
c:\windows\system32\NWSAP.dll
c:\windows\SysWow64\exzcvgff.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_CTSYN
.
.
((((((((((((((((((((((((( Files Created from 2012-04-18 to 2012-05-18 )))))))))))))))))))))))))))))))
.
.
2012-05-16 17:22 . 2012-05-17 22:08 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-15 20:27 . 2012-05-15 20:27 -------- d-----w- c:\windows\SysWow64\xlive
2012-05-15 20:27 . 2012-05-15 20:27 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-05-15 19:46 . 2012-05-15 19:46 -------- d-----w- c:\program files (x86)\CAPCOM
2012-05-14 19:47 . 2012-05-14 19:47 -------- d-----w- c:\program files (x86)\AMD AVT
2012-05-14 19:47 . 2012-05-14 19:47 -------- d-----w- c:\program files (x86)\AMD APP
2012-05-14 19:47 . 2012-05-14 19:47 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-05-14 19:47 . 2012-05-14 19:47 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-05-14 19:47 . 2010-02-18 12:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2012-05-14 19:46 . 2012-05-14 19:46 -------- d-----w- c:\program files\ATI
2012-05-14 19:46 . 2012-05-14 19:46 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-05-14 19:46 . 2012-05-14 19:47 -------- d-----w- c:\program files\ATI Technologies
2012-05-14 19:44 . 2012-05-14 19:44 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-05-14 19:44 . 2012-05-14 19:45 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-05-14 19:44 . 2012-05-14 19:44 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-05-14 19:44 . 2012-05-14 19:44 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-05-14 19:44 . 2012-05-14 19:44 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-05-14 19:44 . 2012-05-14 19:44 95760 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2012-05-14 19:44 . 2012-05-14 19:44 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-05-14 19:44 . 2012-05-14 19:44 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-05-14 19:44 . 2012-05-14 19:44 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-05-13 18:02 . 2012-03-07 08:10 98040 ----a-w- c:\windows\system32\drivers\Mkd2BthF.sys
2012-05-13 18:02 . 2012-03-07 08:10 183544 ----a-w- c:\windows\system32\drivers\mkd3kfnt.sys
2012-05-13 18:02 . 2012-03-07 08:10 107768 ----a-w- c:\windows\system32\drivers\Mkd2Nadr.sys
2012-05-13 17:58 . 2012-05-13 17:58 -------- d-----w- c:\program files (x86)\AhnLab
2012-05-13 17:29 . 2012-05-13 17:29 -------- d-----w- c:\windows\SysWow64\drivers\ko-KR
2012-05-13 17:29 . 2012-05-13 17:29 -------- d-----w- c:\windows\SysWow64\wbem\ko-KR
2012-05-13 17:29 . 2012-05-13 17:29 -------- d-----w- c:\windows\SysWow64\ko
2012-05-13 17:29 . 2012-05-13 17:29 -------- d-----w- c:\windows\ko-KR
2012-05-13 17:29 . 2012-05-13 17:29 -------- d-----w- c:\windows\system32\drivers\ko-KR
2012-05-13 17:29 . 2012-05-13 17:29 -------- d-----w- c:\windows\system32\drivers\UMDF\ko-KR
2012-05-13 17:29 . 2012-05-13 17:29 -------- d-----w- c:\windows\system32\ko
2012-05-13 17:29 . 2012-05-13 17:29 -------- d-----w- c:\windows\system32\wbem\ko-KR
2012-05-13 17:20 . 2009-07-13 21:15 377856 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\mshwkor.dll
2012-05-13 17:20 . 2009-07-13 21:07 13579776 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\mshwkorr.dll
2012-05-13 17:20 . 2009-07-13 23:06 3072 ----a-w- c:\windows\system32\Spool\prtprocs\x64\ko-KR\LXKPTPRC.DLL.mui
2012-05-13 17:20 . 2009-07-13 21:41 492032 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwkor.dll
2012-05-13 17:20 . 2009-07-13 21:29 13579776 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwkorr.dll
2012-05-13 17:18 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-13 17:18 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-13 17:18 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 17:18 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-13 17:18 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-13 17:18 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-13 17:18 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-13 17:17 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-13 17:17 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-13 17:17 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-13 17:17 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 17:17 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-13 17:17 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 20:52 . 2012-05-11 20:52 -------- d-----w- c:\program files\ESET
2012-05-11 09:38 . 2012-05-11 09:38 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2012-05-11 09:37 . 2012-05-13 10:06 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-11 06:03 . 2006-10-18 01:29 487479 ----a-w- c:\windows\SysWow64\SkinMagic.dll
2012-05-11 05:58 . 2012-05-11 05:59 -------- d-----w- c:\program files (x86)\uTIPu
2012-05-10 20:39 . 2012-05-10 20:39 -------- d-----w- c:\program files (x86)\spotflux
2012-05-07 22:51 . 2012-05-14 20:21 -------- d-----w- c:\program files (x86)\Steam
2012-05-07 22:42 . 2012-05-07 22:42 -------- d-----w- c:\program files (x86)\Rebellion
2012-05-07 06:04 . 2012-05-11 09:31 -------- d-----w- c:\program files (x86)\JDownloader
2012-04-26 10:02 . 2012-04-26 18:03 -------- d-----w- C:\Fraps
2012-04-21 12:56 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-21 12:56 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-21 12:56 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-21 12:56 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-21 12:56 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-21 12:56 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-21 12:56 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-14 19:45 . 2011-12-06 02:18 64000 ----a-w- c:\windows\system32\coinst.dll
2012-05-14 19:45 . 2011-12-06 02:11 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-05-14 19:45 . 2011-12-06 03:17 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-05-14 19:45 . 2009-08-18 05:26 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-05-14 19:45 . 2011-12-06 02:11 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-05-14 19:45 . 2011-12-06 03:06 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-05-14 19:45 . 2011-12-06 03:16 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-05-14 19:45 . 2011-12-06 02:33 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-05-14 19:45 . 2011-12-06 02:28 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-05-14 19:44 . 2011-12-06 02:11 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-05-13 10:06 . 2012-04-13 01:45 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-21 13:24 . 2012-04-14 03:53 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2012-04-21 13:24 . 2012-04-14 03:53 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2012-04-21 13:24 . 2012-04-14 03:53 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2012-04-14 02:59 . 2012-04-14 02:59 2829 ----a-w- c:\windows\DIIUnin.pif
2012-04-14 02:59 . 2012-04-14 02:59 94208 ----a-w- c:\windows\DIIUnin.exe
2012-04-06 01:34 . 2012-04-06 01:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 01:34 . 2012-04-06 01:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 01:34 . 2012-04-06 01:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 01:33 . 2012-04-06 01:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 01:33 . 2012-04-06 01:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 01:33 . 2012-04-06 01:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 01:32 . 2012-04-06 01:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 01:32 . 2012-04-06 01:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 01:32 . 2012-04-06 01:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-30 21:47 . 2012-03-30 21:47 38624 ----a-w- c:\windows\system32\drivers\tap0901.sys
2012-03-28 05:48 . 2012-03-28 05:48 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-28 05:48 . 2012-03-28 05:48 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-09 17:07 . 2012-03-09 17:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-03-09 17:06 . 2012-03-09 17:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-03-05 23:02 . 2012-03-05 23:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-25 03:37 . 2012-02-25 03:36 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-02-25 03:31 . 2012-02-25 03:31 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-23 13:18 . 2012-02-13 22:32 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-16_16.58.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-16 16:47 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-18 00:08 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-18 00:08 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-16 16:47 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-14 00:06 . 2012-05-17 22:11 25938 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-17 22:11 29244 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-05-10 21:41 . 2012-05-10 21:10 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2012-05-10 21:41 . 2012-05-17 21:32 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2012-02-13 22:09 . 2012-05-16 16:55 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-13 22:09 . 2012-05-17 22:05 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-13 22:09 . 2012-05-17 22:05 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-13 22:09 . 2012-05-16 16:55 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-16 16:55 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-17 22:05 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-13 22:12 . 2012-05-18 02:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-13 22:12 . 2012-05-16 16:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-13 22:12 . 2012-05-18 02:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-13 22:12 . 2012-05-16 16:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-13 22:12 . 2012-05-16 16:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-13 22:12 . 2012-05-18 02:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-13 22:12 . 2012-05-18 02:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-13 22:12 . 2012-05-16 16:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-13 22:12 . 2012-05-18 02:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-13 22:12 . 2012-05-16 16:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-16 06:16 . 2012-05-17 09:56 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-02-13 22:12 . 2012-05-17 22:11 8234 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-989966592-1269749742-2495231924-1001_UserData.bin
- 2012-05-16 16:58 . 2012-05-16 16:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-18 02:24 . 2012-05-18 02:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-18 02:24 . 2012-05-18 02:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-16 16:58 . 2012-05-16 16:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-05-16 16:47 540672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-18 00:08 540672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 17:55 . 2012-05-16 16:46 654272 c:\windows\system32\prfh0416.dat
+ 2009-07-14 17:55 . 2012-05-17 22:14 654272 c:\windows\system32\prfh0416.dat
- 2009-07-14 17:55 . 2012-05-16 16:46 124724 c:\windows\system32\prfc0416.dat
+ 2009-07-14 17:55 . 2012-05-17 22:14 124724 c:\windows\system32\prfc0416.dat
- 2012-05-13 17:32 . 2012-05-16 16:46 402978 c:\windows\system32\perfh012.dat
+ 2012-05-13 17:32 . 2012-05-17 22:14 402978 c:\windows\system32\perfh012.dat
+ 2012-02-14 00:04 . 2012-05-17 22:14 383348 c:\windows\system32\perfh011.dat
- 2012-02-14 00:04 . 2012-05-16 16:46 383348 c:\windows\system32\perfh011.dat
+ 2009-07-14 02:36 . 2012-05-17 22:14 606992 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-16 16:46 606992 c:\windows\system32\perfh009.dat
+ 2012-05-13 17:32 . 2012-05-17 22:14 101838 c:\windows\system32\perfc012.dat
- 2012-05-13 17:32 . 2012-05-16 16:46 101838 c:\windows\system32\perfc012.dat
- 2012-02-14 00:04 . 2012-05-16 16:46 103370 c:\windows\system32\perfc011.dat
+ 2012-02-14 00:04 . 2012-05-17 22:14 103370 c:\windows\system32\perfc011.dat
+ 2009-07-14 02:36 . 2012-05-17 22:14 103370 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-16 16:46 103370 c:\windows\system32\perfc009.dat
- 2009-07-14 05:38 . 2012-02-13 22:04 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:38 . 2012-05-17 22:03 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-07-14 05:01 . 2012-05-18 02:24 229152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-16 16:57 229152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-16 16:19 . 2012-05-18 00:08 223744 c:\windows\assembly\temp\twl.dll
- 2012-05-16 16:19 . 2012-05-16 16:47 223744 c:\windows\assembly\temp\twl.dll
+ 2012-02-14 04:34 . 2012-05-18 02:24 27453152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-989966592-1269749742-2495231924-1001-12288.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ecojink]
2012-05-06 07:21 10752 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\ecojink.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 biafagiz;i8042 Keyboard and PS/2 Mouse Port Helper;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys [x]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [x]
R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-04-20 736104]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servico de Tecnologias de Ativacao do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 pcapsvc;ProxyCap Service;c:\program files\Proxy Labs\ProxyCap\pcapsvc.exe [2010-09-18 635904]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
biafagiz
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProxyCap"="c:\progra~1\PROXYL~1\ProxyCap\pcapui.exe" [2010-09-18 689664]
"combofix"="c:\combofix\CF26658.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
filemon701
iAimTV5
CTSYN
rnadirmultiplexor
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://df.nexon.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: pcapwsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Konishi\AppData\Roaming\Mozilla\Firefox\Profiles\f8n672gz.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-52048396.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,44,55,a8,6f,77,c8,40,aa,5f,d5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,44,55,a8,6f,77,c8,40,aa,5f,d5,\
.
[HKEY_USERS\S-1-5-21-989966592-1269749742-2495231924-1001\Software\Gabest\Media Player Classic\Settings\PnSPresets]
@DACL=(02 0000)
"Preset0"="Scale to 16:9 TV,0.500,0.500,1.000,1.333"
"Preset1"="Zoom To Widescreen,0.500,0.500,1.333,1.333"
"Preset2"="Zoom To Ultra-Widescreen,0.500,0.500,1.763,1.763"
.
[HKEY_USERS\S-1-5-21-989966592-1269749742-2495231924-1001\Software\Microsoft\Installer\Products\8B1A8551330FB1445BD66E56F2BAC9C9\SourceList\Media]
@DACL=(02 0000)
"1"=";"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\29EA0FB2CB3C21140966516443B2F1EA\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"="DISK1;1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\5FD2CD3CCAFE55040901137F5C54DDE9\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"="DISK1;1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\8B78C05791FAC3C47B19059D8CA35E27\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"="DISK1;1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B76A10F976D7F284D9F45D89A044F04D\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"="DISK1;1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"2"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"3"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"4"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"5"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"6"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"7"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"8"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"9"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"10"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
"11"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\E46CD460F2A7FDF45B893E0C47B7BBC9\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt"="[1]"
"1"="DISK1;1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-17 23:28:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-18 02:28
ComboFix2.txt 2012-05-17 09:00
ComboFix3.txt 2012-05-16 17:02
ComboFix4.txt 2012-05-16 16:46
.
Pre-Run: 139.167.420.416 bytes disponiveis
Post-Run: 138.907.840.512 bytes disponiveis
.
- - End Of File - - 32F95EA2A29221DD140A506C8D05911C

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 AM

Posted 17 May 2012 - 09:46 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 31
¥ìTorrent
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Konishi

Konishi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 18 May 2012 - 02:15 AM

I think it's much better now, the process not returned.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.18.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Konishi :: KONISHI-PC [administrator]

Protection: Disabled

18/05/2012 04:08:51
mbam-log-2012-05-18 (04-08-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200724
Time elapsed: 1 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 04:06:15, on 18/05/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Tunngle\Tunngle.exe
C:\Fraps\fraps.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O10 - Unknown file in Winsock LSP: pcapwsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: pcapwsp.dll
O10 - Unknown file in Winsock LSP: pcapwsp.dll
O10 - Unknown file in Winsock LSP: pcapwsp.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: ecojink - C:\Windows\system32\config\systemprofile\AppData\Local\ecojink.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProxyCap Service (pcapsvc) - Proxy Labs - C:\Program Files\Proxy Labs\ProxyCap\pcapsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5281 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 AM

Posted 18 May 2012 - 03:01 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Konishi

Konishi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 18 May 2012 - 12:16 PM

I fixed the java thing with hijackthis, must i post the log of this too?

C:\Nexon\Mabinogi_test\Client.exe a variant of Win32/Packed.Themida application
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.DN trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.G trojan
C:\Qoobox\Quarantine\C\Windows\assembly\temp\U\80000000.@.vir Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Windows\assembly\temp\U\80000032.@.vir a variant of Win32/Sirefef.EU trojan
C:\Qoobox\Quarantine\C\Windows\assembly\temp\U\80000064.@.vir Win64/Sirefef.AC trojan
C:\Qoobox\Quarantine\C\Windows\System32\clr_optimization_v2.0.50727_32.dll.vir Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan
C:\Qoobox\Quarantine\C\Windows\System32\EAWDMFD.dll.vir Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Windows\System32\mcsysmon.dll.vir Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Windows\System32\NWSAP.dll.vir Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Windows\SysWOW64\exzcvgff.dll.vir Win32/Boaxxe.A trojan
C:\TDSSKiller_Quarantine\16.05.2012_14.20.36\zaea0000\svc0000\tsk0000.dta Win64/Sirefef.W trojan
C:\TDSSKiller_Quarantine\16.05.2012_14.46.17\zaea0000\svc0000\tsk0000.dta Win64/Sirefef.W trojan
C:\TDSSKiller_Quarantine\17.05.2012_19.07.34\zaea0000\svc0000\tsk0000.dta Win64/Sirefef.W trojan
C:\Windows\System32\config\systemprofile\AppData\Local\ecojink.dll Win32/TrojanProxy.Agent.NIN trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ecojink.dll Win32/TrojanProxy.Agent.NIN trojan

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 AM

Posted 18 May 2012 - 04:28 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    rd /s /q "C:\TDSSKiller_Quarantine\"
    del /f /s /q "C:\Nexon\Mabinogi_test\Client.exe"
    del /f /s /q "C:\Windows\System32\config\systemprofile\AppData\Local\ecojink.dll"
    del /f /s /q "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ecojink.dll"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Konishi

Konishi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 19 May 2012 - 09:12 PM

Computer seems pretty good now, and i think there's no more problems.
Thanks so much for help me and sorry for alte reply :)

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 AM

Posted 19 May 2012 - 09:19 PM

you are morethan welcome and glad i was able to help



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 AM

Posted 21 May 2012 - 11:23 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users