Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't access couple things, OTL won't run, 80% svchost.exe


  • This topic is locked This topic is locked
10 replies to this topic

#1 Morfi717

Morfi717

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 26 May 2012 - 07:38 PM

Hello!

I beg you for help. Since today I realized that svchost.exe uses 75-80% of my CPU. I did scan with Kaspersky which neautralized ~10 malicious programs: trojans, backdoors.

What changed?
1. OTL won't run! I have same error as person here: http://www.bleepingcomputer.com/forums/topic454569.html
that is "Exception EReadError in module OTL.exe at 00016A6B. Error reading DiskPartitionInfo1.Active:

2. I have couple windows widgets, some of them are showing process list and memory usage, both stopped working! Memory shows as NaN and processlist is empty (I can access task manager tho manually)

3. I could select ONLY last 3 options in GMER (services, registry, files)

Please check attached reports.


Thanks

Attached Files


Edited by Morfi717, 26 May 2012 - 09:32 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:26 AM

Posted 27 May 2012 - 06:42 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Morfi717

Morfi717
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 27 May 2012 - 08:57 AM

Hi gringo_pr,

Thanks for fast reply!

During night I've done Quick Scan with MalwareBytes Anti-Malware and Full Scan Kaspersky. (just for you to know)

I tried to run Security Check but no luck, autoit error.

I skipped it then and ran ComboFix. This took some time but...
1. OTL runs now, check log in attachements!
2. Widgets are showing properly the values now!
3. GMER still shows only 3 last but when I ran it, it displayed info about 2 rootkits! (this didn't happen before). I clicked "No" as instructed and done Scan first. (check attachement below)
4. I managed to run Security Check now! Check log in attachements!

Also I attached ComboFix log.

PS: I see that you've asked to paste, not attach logs but post is too long if pasted *it throws error*

Thanks!

Attached Files


Edited by Morfi717, 27 May 2012 - 09:35 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:26 AM

Posted 27 May 2012 - 09:36 AM

Greetings

Please only send me the reports that I ask for

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Morfi717

Morfi717
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 27 May 2012 - 10:07 AM

Hi.

TDSSKiller
[coe]17:00:57.0072 5692 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
17:00:57.0232 5692 ============================================================
17:00:57.0232 5692 Current date / time: 2012/05/27 17:00:57.0232
17:00:57.0232 5692 SystemInfo:
17:00:57.0232 5692
17:00:57.0232 5692 OS Version: 6.1.7601 ServicePack: 1.0
17:00:57.0232 5692 Product type: Workstation
17:00:57.0232 5692 ComputerName: MIKEMAIN
17:00:57.0232 5692 UserName: Mike
17:00:57.0232 5692 Windows directory: C:\Windows
17:00:57.0232 5692 System windows directory: C:\Windows
17:00:57.0232 5692 Running under WOW64
17:00:57.0232 5692 Processor architecture: Intel x64
17:00:57.0232 5692 Number of processors: 4
17:00:57.0232 5692 Page size: 0x1000
17:00:57.0232 5692 Boot type: Normal boot
17:00:57.0232 5692 ============================================================
17:00:58.0834 5692 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:00:58.0835 5692 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:00:58.0840 5692 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:00:58.0847 5692 ============================================================
17:00:58.0847 5692 \Device\Harddisk0\DR0:
17:00:58.0847 5692 MBR partitions:
17:00:58.0847 5692 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
17:00:58.0847 5692 \Device\Harddisk2\DR2:
17:00:58.0847 5692 Invalid mbr signature
17:00:58.0847 5692 \Device\Harddisk1\DR1:
17:00:58.0858 5692 MBR partitions:
17:00:58.0858 5692 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:00:58.0858 5692 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x9CBFB04
17:00:58.0858 5692 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x9CF2304, BlocksNum 0x134D227D
17:00:58.0858 5692 ============================================================
17:00:58.0871 5692 A: <-> \Device\Harddisk0\DR0\Partition0
17:00:58.0894 5692 ============================================================
17:00:58.0894 5692 Initialize success
17:00:58.0894 5692 ============================================================
17:01:12.0238 2136 ============================================================
17:01:12.0238 2136 Scan started
17:01:12.0238 2136 Mode: Manual;
17:01:12.0238 2136 ============================================================
17:01:12.0458 2136 1394ohci - ok
17:01:12.0463 2136 ACPI - ok
17:01:12.0468 2136 AcpiPmi - ok
17:01:12.0483 2136 adfs - ok
17:01:12.0496 2136 adp94xx - ok
17:01:12.0501 2136 adpahci - ok
17:01:12.0504 2136 adpu320 - ok
17:01:12.0511 2136 AeLookupSvc - ok
17:01:12.0519 2136 AFD - ok
17:01:12.0522 2136 agp440 - ok
17:01:12.0524 2136 ALG - ok
17:01:12.0526 2136 aliide - ok
17:01:12.0536 2136 ALSysIO - ok
17:01:12.0550 2136 AMD External Events Utility - ok
17:01:12.0552 2136 amdide - ok
17:01:12.0555 2136 AmdK8 - ok
17:01:12.0569 2136 amdkmdag - ok
17:01:12.0572 2136 amdkmdap - ok
17:01:12.0574 2136 AmdPPM - ok
17:01:12.0585 2136 amdsata - ok
17:01:12.0587 2136 amdsbs - ok
17:01:12.0590 2136 amdxata - ok
17:01:12.0593 2136 AppID - ok
17:01:12.0596 2136 AppIDSvc - ok
17:01:12.0599 2136 Appinfo - ok
17:01:12.0622 2136 Apple Mobile Device - ok
17:01:12.0637 2136 AppMgmt - ok
17:01:12.0639 2136 arc - ok
17:01:12.0642 2136 arcsas - ok
17:01:12.0651 2136 AsIO - ok
17:01:12.0679 2136 aspnet_state - ok
17:01:12.0691 2136 AsSysCtrlService - ok
17:01:12.0700 2136 AsyncMac - ok
17:01:12.0703 2136 atapi - ok
17:01:12.0736 2136 AtiHDAudioService - ok
17:01:12.0747 2136 AudioEndpointBuilder - ok
17:01:12.0749 2136 AudioSrv - ok
17:01:12.0752 2136 AVP - ok
17:01:12.0755 2136 AxInstSV - ok
17:01:12.0758 2136 b06bdrv - ok
17:01:12.0768 2136 b57nd60a - ok
17:01:12.0773 2136 BDESVC - ok
17:01:12.0776 2136 Beep - ok
17:01:12.0783 2136 BFE - ok
17:01:12.0785 2136 BITS - ok
17:01:12.0793 2136 blbdrive - ok
17:01:12.0811 2136 Bonjour Service - ok
17:01:12.0814 2136 bowser - ok
17:01:12.0820 2136 BrFiltLo - ok
17:01:12.0823 2136 BrFiltUp - ok
17:01:12.0829 2136 BridgeMP - ok
17:01:12.0835 2136 Browser - ok
17:01:12.0838 2136 Brserid - ok
17:01:12.0841 2136 BrSerWdm - ok
17:01:12.0845 2136 BrUsbMdm - ok
17:01:12.0848 2136 BrUsbSer - ok
17:01:12.0858 2136 BthEnum - ok
17:01:12.0860 2136 BTHMODEM - ok
17:01:12.0865 2136 BthPan - ok
17:01:12.0876 2136 BTHPORT - ok
17:01:12.0879 2136 bthserv - ok
17:01:12.0884 2136 BTHUSB - ok
17:01:12.0901 2136 catchme - ok
17:01:12.0908 2136 cdfs - ok
17:01:12.0918 2136 cdrom - ok
17:01:12.0924 2136 CertPropSvc - ok
17:01:12.0927 2136 circlass - ok
17:01:12.0930 2136 CLFS - ok
17:01:12.0933 2136 clr_optimization_v2.0.50727_32 - ok
17:01:12.0935 2136 clr_optimization_v2.0.50727_64 - ok
17:01:12.0948 2136 clr_optimization_v4.0.30319_32 - ok
17:01:12.0951 2136 clr_optimization_v4.0.30319_64 - ok
17:01:12.0960 2136 CmBatt - ok
17:01:12.0963 2136 cmdide - ok
17:01:12.0966 2136 CNG - ok
17:01:12.0968 2136 Compbatt - ok
17:01:12.0981 2136 CompositeBus - ok
17:01:12.0986 2136 COMSysApp - ok
17:01:12.0989 2136 cpu - ok
17:01:12.0992 2136 crcdisk - ok
17:01:13.0019 2136 CryptSvc - ok
17:01:13.0022 2136 CSC - ok
17:01:13.0025 2136 CscService - ok
17:01:13.0039 2136 CV2K1 - ok
17:01:13.0052 2136 DcomLaunch - ok
17:01:13.0058 2136 DEFRAGSVC - ok
17:01:13.0060 2136 DfsC - ok
17:01:13.0064 2136 Dhcp - ok
17:01:13.0067 2136 discache - ok
17:01:13.0079 2136 Disk - ok
17:01:13.0082 2136 Dnscache - ok
17:01:13.0089 2136 dot3svc - ok
17:01:13.0092 2136 DPS - ok
17:01:13.0097 2136 drmkaud - ok
17:01:13.0111 2136 DroidCam - ok
17:01:13.0130 2136 dump_wmimmc - ok
17:01:13.0141 2136 DXGKrnl - ok
17:01:13.0144 2136 EapHost - ok
17:01:13.0146 2136 ebdrv - ok
17:01:13.0148 2136 EFS - ok
17:01:13.0151 2136 ehRecvr - ok
17:01:13.0153 2136 ehSched - ok
17:01:13.0156 2136 elxstor - ok
17:01:13.0164 2136 epmntdrv - ok
17:01:13.0166 2136 ErrDev - ok
17:01:13.0170 2136 EuGdiDrv - ok
17:01:13.0175 2136 EuMusDesignVirtualAudioCableWdm - ok
17:01:13.0181 2136 EventSystem - ok
17:01:13.0184 2136 exfat - ok
17:01:13.0186 2136 fastfat - ok
17:01:13.0188 2136 Fax - ok
17:01:13.0192 2136 fdc - ok
17:01:13.0194 2136 fdPHost - ok
17:01:13.0197 2136 FDResPub - ok
17:01:13.0200 2136 FileInfo - ok
17:01:13.0202 2136 Filetrace - ok
17:01:13.0205 2136 FLEXnet Licensing Service - ok
17:01:13.0207 2136 flpydisk - ok
17:01:13.0210 2136 FltMgr - ok
17:01:13.0212 2136 FontCache - ok
17:01:13.0215 2136 FontCache3.0.0.0 - ok
17:01:13.0218 2136 FsDepends - ok
17:01:13.0220 2136 Fs_Rec - ok
17:01:13.0226 2136 fvevol - ok
17:01:13.0229 2136 gagp30kx - ok
17:01:13.0239 2136 GearAspiWDM - ok
17:01:13.0248 2136 GGSAFERDriver - ok
17:01:13.0251 2136 gpsvc - ok
17:01:13.0253 2136 gupdate - ok
17:01:13.0288 2136 gupdatem - ok
17:01:13.0300 2136 gusvc - ok
17:01:13.0310 2136 hamachi - ok
17:01:13.0319 2136 Hamachi2Svc - ok
17:01:13.0340 2136 hcmon - ok
17:01:13.0342 2136 hcw85cir - ok
17:01:13.0355 2136 HdAudAddService - ok
17:01:13.0362 2136 HDAudBus - ok
17:01:13.0364 2136 HidBatt - ok
17:01:13.0374 2136 HidBth - ok
17:01:13.0379 2136 HidIr - ok
17:01:13.0382 2136 hidserv - ok
17:01:13.0392 2136 HidUsb - ok
17:01:13.0395 2136 hkmsvc - ok
17:01:13.0398 2136 HomeGroupListener - ok
17:01:13.0400 2136 HomeGroupProvider - ok
17:01:13.0410 2136 HpSAMD - ok
17:01:13.0413 2136 HTCAND64 - ok
17:01:13.0421 2136 htcnprot - ok
17:01:13.0429 2136 HTTP - ok
17:01:13.0432 2136 hwpolicy - ok
17:01:13.0448 2136 i2p - ok
17:01:13.0454 2136 i8042prt - ok
17:01:13.0457 2136 iaStorV - ok
17:01:13.0459 2136 idsvc - ok
17:01:13.0462 2136 iirsp - ok
17:01:13.0473 2136 IKEEXT - ok
17:01:13.0477 2136 intelide - ok
17:01:13.0480 2136 intelppm - ok
17:01:13.0482 2136 IPBusEnum - ok
17:01:13.0485 2136 IpFilterDriver - ok
17:01:13.0488 2136 iphlpsvc - ok
17:01:13.0491 2136 IPMIDRV - ok
17:01:13.0494 2136 IPNAT - ok
17:01:13.0500 2136 IRENUM - ok
17:01:13.0503 2136 isapnp - ok
17:01:13.0505 2136 iScsiPrt - ok
17:01:13.0510 2136 kbdclass - ok
17:01:13.0518 2136 kbdhid - ok
17:01:13.0521 2136 KeyIso - ok
17:01:13.0525 2136 KL1 - ok
17:01:13.0545 2136 kl2 - ok
17:01:13.0547 2136 KLIF - ok
17:01:13.0561 2136 KLIM6 - ok
17:01:13.0566 2136 klmouflt - ok
17:01:13.0569 2136 KSecDD - ok
17:01:13.0572 2136 KSecPkg - ok
17:01:13.0574 2136 ksthunk - ok
17:01:13.0585 2136 KtmRm - ok
17:01:13.0588 2136 LanmanServer - ok
17:01:13.0591 2136 LanmanWorkstation - ok
17:01:13.0603 2136 LbAdapter - ok
17:01:13.0623 2136 LBTServ - ok
17:01:13.0627 2136 LHidFilt - ok
17:01:13.0640 2136 lltdio - ok
17:01:13.0643 2136 lltdsvc - ok
17:01:13.0646 2136 lmhosts - ok
17:01:13.0649 2136 LMouFilt - ok
17:01:13.0658 2136 LSI_FC - ok
17:01:13.0661 2136 LSI_SAS - ok
17:01:13.0664 2136 LSI_SAS2 - ok
17:01:13.0667 2136 LSI_SCSI - ok
17:01:13.0670 2136 luafv - ok
17:01:13.0678 2136 LUsbFilt - ok
17:01:13.0691 2136 LVUSBS64 - ok
17:01:13.0730 2136 ManyCam - ok
17:01:13.0735 2136 MBAMProtector - ok
17:01:13.0738 2136 MBAMService - ok
17:01:13.0740 2136 Mcx2Svc - ok
17:01:13.0743 2136 megasas - ok
17:01:13.0746 2136 MegaSR - ok
17:01:13.0777 2136 Microsoft Office Groove Audit Service - ok
17:01:13.0792 2136 Microsoft SharePoint Workspace Audit Service - ok
17:01:13.0795 2136 MMCSS - ok
17:01:13.0798 2136 Modem - ok
17:01:13.0801 2136 monitor - ok
17:01:13.0805 2136 mouclass - ok
17:01:13.0809 2136 mouhid - ok
17:01:13.0812 2136 mountmgr - ok
17:01:13.0815 2136 mpio - ok
17:01:13.0818 2136 mpsdrv - ok
17:01:13.0820 2136 MpsSvc - ok
17:01:13.0823 2136 MRxDAV - ok
17:01:13.0826 2136 mrxsmb - ok
17:01:13.0828 2136 mrxsmb10 - ok
17:01:13.0830 2136 mrxsmb20 - ok
17:01:13.0833 2136 msahci - ok
17:01:13.0835 2136 msdsm - ok
17:01:13.0838 2136 MSDTC - ok
17:01:13.0861 2136 MsDtsServer - ok
17:01:13.0864 2136 Msfs - ok
17:01:13.0899 2136 MsgPlusService - ok
17:01:13.0906 2136 mshidkmdf - ok
17:01:13.0908 2136 msisadrv - ok
17:01:13.0912 2136 MSiSCSI - ok
17:01:13.0914 2136 msiserver - ok
17:01:13.0930 2136 MSKSSRV - ok
17:01:13.0933 2136 MSPCLOCK - ok
17:01:13.0936 2136 MSPQM - ok
17:01:13.0939 2136 MsRPC - ok
17:01:13.0942 2136 mssmbios - ok
17:01:13.0961 2136 MSSQL$SQLEXPRESS - ok
17:01:13.0971 2136 MSSQLServerADHelper100 - ok
17:01:13.0981 2136 MSTEE - ok
17:01:13.0985 2136 MTConfig - ok
17:01:13.0997 2136 MTsensor - ok
17:01:14.0003 2136 Mup - ok
17:01:14.0005 2136 napagent - ok
17:01:14.0016 2136 NativeWifiP - ok
17:01:14.0026 2136 NDIS - ok
17:01:14.0029 2136 NdisCap - ok
17:01:14.0031 2136 NdisTapi - ok
17:01:14.0034 2136 Ndisuio - ok
17:01:14.0036 2136 NdisWan - ok
17:01:14.0039 2136 NDProxy - ok
17:01:14.0042 2136 NetBIOS - ok
17:01:14.0044 2136 NetBT - ok
17:01:14.0046 2136 Netlogon - ok
17:01:14.0056 2136 Netman - ok
17:01:14.0059 2136 NetMsmqActivator - ok
17:01:14.0061 2136 NetPipeActivator - ok
17:01:14.0064 2136 netprofm - ok
17:01:14.0067 2136 NetTcpActivator - ok
17:01:14.0070 2136 NetTcpPortSharing - ok
17:01:14.0087 2136 nfrd960 - ok
17:01:14.0097 2136 NlaSvc - ok
17:01:14.0104 2136 NLNdisMP - ok
17:01:14.0108 2136 NLNdisPT - ok
17:01:14.0123 2136 NoIPDUCService3 - ok
17:01:14.0158 2136 NPF - ok
17:01:14.0161 2136 Npfs - ok
17:01:14.0177 2136 npggsvc - ok
17:01:14.0180 2136 NPPTNT2 - ok
17:01:14.0183 2136 nsi - ok
17:01:14.0185 2136 nsiproxy - ok
17:01:14.0190 2136 Ntfs - ok
17:01:14.0193 2136 Null - ok
17:01:14.0208 2136 nvraid - ok
17:01:14.0211 2136 nvstor - ok
17:01:14.0214 2136 nv_agp - ok
17:01:14.0220 2136 NwlnkIpx - ok
17:01:14.0230 2136 odserv - ok
17:01:14.0233 2136 ohci1394 - ok
17:01:14.0240 2136 OpenVPNService - ok
17:01:14.0247 2136 ose - ok
17:01:14.0265 2136 ose64 - ok
17:01:14.0286 2136 osppsvc - ok
17:01:14.0306 2136 P17 - ok
17:01:14.0309 2136 p2pimsvc - ok
17:01:14.0312 2136 p2psvc - ok
17:01:14.0314 2136 Parport - ok
17:01:14.0317 2136 partmgr - ok
17:01:14.0323 2136 PassThru Service - ok
17:01:14.0326 2136 PcaSvc - ok
17:01:14.0329 2136 pccsmcfd - ok
17:01:14.0332 2136 pci - ok
17:01:14.0334 2136 pciide - ok
17:01:14.0337 2136 pcmcia - ok
17:01:14.0339 2136 pcw - ok
17:01:14.0341 2136 PEAUTH - ok
17:01:14.0344 2136 PeerDistSvc - ok
17:01:14.0347 2136 PerfHost - ok
17:01:14.0353 2136 PID_0928 - ok
17:01:14.0355 2136 pla - ok
17:01:14.0358 2136 PlugPlay - ok
17:01:14.0371 2136 PnkBstrA - ok
17:01:14.0374 2136 PNRPAutoReg - ok
17:01:14.0376 2136 PNRPsvc - ok
17:01:14.0379 2136 PolicyAgent - ok
17:01:14.0406 2136 Power - ok
17:01:14.0408 2136 PptpMiniport - ok
17:01:14.0411 2136 Processor - ok
17:01:14.0413 2136 ProfSvc - ok
17:01:14.0416 2136 ProtectedStorage - ok
17:01:14.0419 2136 Psched - ok
17:01:14.0440 2136 ql2300 - ok
17:01:14.0443 2136 ql40xx - ok
17:01:14.0446 2136 QWAVE - ok
17:01:14.0448 2136 QWAVEdrv - ok
17:01:14.0477 2136 RapiMgr - ok
17:01:14.0479 2136 RasAcd - ok
17:01:14.0488 2136 RasAgileVpn - ok
17:01:14.0492 2136 RasAuto - ok
17:01:14.0495 2136 Rasl2tp - ok
17:01:14.0507 2136 RasMan - ok
17:01:14.0510 2136 RasPppoe - ok
17:01:14.0513 2136 RasSstp - ok
17:01:14.0516 2136 rdbss - ok
17:01:14.0518 2136 rdpbus - ok
17:01:14.0522 2136 RDPCDD - ok
17:01:14.0526 2136 RDPDR - ok
17:01:14.0529 2136 RDPENCDD - ok
17:01:14.0533 2136 RDPREFMP - ok
17:01:14.0551 2136 RdpVideoMiniport - ok
17:01:14.0554 2136 RDPWD - ok
17:01:14.0558 2136 rdyboost - ok
17:01:14.0561 2136 RemoteAccess - ok
17:01:14.0564 2136 RemoteRegistry - ok
17:01:14.0588 2136 RFCOMM - ok
17:01:14.0605 2136 rpcapd - ok
17:01:14.0608 2136 RpcEptMapper - ok
17:01:14.0610 2136 RpcLocator - ok
17:01:14.0614 2136 RpcSs - ok
17:01:14.0617 2136 RsFx0103 - ok
17:01:14.0620 2136 rspndr - ok
17:01:14.0641 2136 rt61x64 - ok
17:01:14.0649 2136 RTL8167 - ok
17:01:14.0659 2136 s3cap - ok
17:01:14.0662 2136 SamSs - ok
17:01:14.0664 2136 sbp2port - ok
17:01:14.0666 2136 SCardSvr - ok
17:01:14.0669 2136 scfilter - ok
17:01:14.0671 2136 Schedule - ok
17:01:14.0674 2136 SCPolicySvc - ok
17:01:14.0676 2136 SDRSVC - ok
17:01:14.0679 2136 secdrv - ok
17:01:14.0682 2136 seclogon - ok
17:01:14.0685 2136 SENS - ok
17:01:14.0687 2136 SensrSvc - ok
17:01:14.0690 2136 Serenum - ok
17:01:14.0693 2136 Serial - ok
17:01:14.0695 2136 sermouse - ok
17:01:14.0701 2136 SessionEnv - ok
17:01:14.0703 2136 sffdisk - ok
17:01:14.0706 2136 sffp_mmc - ok
17:01:14.0708 2136 sffp_sd - ok
17:01:14.0711 2136 sfloppy - ok
17:01:14.0713 2136 SharedAccess - ok
17:01:14.0715 2136 ShellHWDetection - ok
17:01:14.0745 2136 SiSRaid2 - ok
17:01:14.0748 2136 SiSRaid4 - ok
17:01:14.0758 2136 SkypeUpdate - ok
17:01:14.0761 2136 Smb - ok
17:01:14.0767 2136 SNMPTRAP - ok
17:01:14.0769 2136 spldr - ok
17:01:14.0771 2136 Spooler - ok
17:01:14.0774 2136 sppsvc - ok
17:01:14.0776 2136 sppuinotify - ok
17:01:14.0779 2136 sptd - ok
17:01:14.0781 2136 SQLAgent$SQLEXPRESS - ok
17:01:14.0784 2136 SQLBrowser - ok
17:01:14.0795 2136 SQLWriter - ok
17:01:14.0797 2136 srv - ok
17:01:14.0799 2136 srv2 - ok
17:01:14.0802 2136 srvnet - ok
17:01:14.0814 2136 SSDPSRV - ok
17:01:14.0817 2136 SstpSvc - ok
17:01:14.0825 2136 StarOpen - ok
17:01:14.0827 2136 Steam Client Service - ok
17:01:14.0830 2136 stexstor - ok
17:01:14.0833 2136 stisvc - ok
17:01:14.0836 2136 storflt - ok
17:01:14.0838 2136 storvsc - ok
17:01:14.0841 2136 swenum - ok
17:01:14.0860 2136 SwitchBoard - ok
17:01:14.0863 2136 swprv - ok
17:01:14.0865 2136 Synth3dVsc - ok
17:01:14.0868 2136 SysMain - ok
17:01:14.0871 2136 TabletInputService - ok
17:01:14.0875 2136 tap0901 - ok
17:01:14.0877 2136 TapiSrv - ok
17:01:14.0882 2136 tapoas - ok
17:01:14.0886 2136 TBS - ok
17:01:14.0888 2136 Tcpip - ok
17:01:14.0901 2136 TCPIP6 - ok
17:01:14.0904 2136 tcpipreg - ok
17:01:14.0908 2136 TDPIPE - ok
17:01:14.0933 2136 TdsNordecr - ok
17:01:14.0936 2136 TDTCP - ok
17:01:14.0938 2136 tdx - ok
17:01:14.0958 2136 TeamViewer6 - ok
17:01:14.0970 2136 TeamViewer7 - ok
17:01:14.0973 2136 teamviewervpn - ok
17:01:14.0976 2136 TermDD - ok
17:01:14.0988 2136 TermService - ok
17:01:14.0991 2136 Themes - ok
17:01:14.0993 2136 THREADORDER - ok
17:01:15.0002 2136 TlntSvr - ok
17:01:15.0005 2136 TrkWks - ok
17:01:15.0010 2136 truecrypt - ok
17:01:15.0013 2136 TrustedInstaller - ok
17:01:15.0017 2136 tssecsrv - ok
17:01:15.0021 2136 TsUsbFlt - ok
17:01:15.0023 2136 tsusbhub - ok
17:01:15.0033 2136 tunnel - ok
17:01:15.0036 2136 uagp35 - ok
17:01:15.0039 2136 udfs - ok
17:01:15.0044 2136 UI0Detect - ok
17:01:15.0055 2136 uliagpkx - ok
17:01:15.0057 2136 umbus - ok
17:01:15.0060 2136 UmPass - ok
17:01:15.0063 2136 UmRdpService - ok
17:01:15.0090 2136 UnsignedThemes - ok
17:01:15.0093 2136 upnphost - ok
17:01:15.0097 2136 usbaudio - ok
17:01:15.0100 2136 usbccgp - ok
17:01:15.0110 2136 usbcir - ok
17:01:15.0114 2136 usbehci - ok
17:01:15.0118 2136 usbhub - ok
17:01:15.0121 2136 usbohci - ok
17:01:15.0123 2136 USBPNPA - ok
17:01:15.0131 2136 usbprint - ok
17:01:15.0136 2136 usbscan - ok
17:01:15.0147 2136 usbser - ok
17:01:15.0150 2136 USBSTOR - ok
17:01:15.0152 2136 usbuhci - ok
17:01:15.0162 2136 usbvideo - ok
17:01:15.0171 2136 usb_rndisx - ok
17:01:15.0190 2136 uxpatch - ok
17:01:15.0193 2136 UxSms - ok
17:01:15.0195 2136 VaultSvc - ok
17:01:15.0199 2136 VBoxDrv - ok
17:01:15.0202 2136 VBoxNetAdp - ok
17:01:15.0204 2136 VBoxNetFlt - ok
17:01:15.0213 2136 VBoxUSB - ok
17:01:15.0227 2136 VBoxUSBMon - ok
17:01:15.0239 2136 vdrvroot - ok
17:01:15.0243 2136 vds - ok
17:01:15.0246 2136 vga - ok
17:01:15.0249 2136 VgaSave - ok
17:01:15.0252 2136 VGPU - ok
17:01:15.0255 2136 vhdmp - ok
17:01:15.0258 2136 viaide - ok
17:01:15.0261 2136 VMAuthdService - ok
17:01:15.0264 2136 vmbus - ok
17:01:15.0266 2136 VMBusHID - ok
17:01:15.0277 2136 vmci - ok
17:01:15.0280 2136 VMnetAdapter - ok
17:01:15.0290 2136 VMnetBridge - ok
17:01:15.0295 2136 VMnetDHCP - ok
17:01:15.0299 2136 VMnetuserif - ok
17:01:15.0303 2136 vmusb - ok
17:01:15.0310 2136 VMUSBArbService - ok
17:01:15.0316 2136 VMware NAT Service - ok
17:01:15.0320 2136 VMwareHostd - ok
17:01:15.0332 2136 vmx86 - ok
17:01:15.0335 2136 vncmirror - ok
17:01:15.0337 2136 volmgr - ok
17:01:15.0340 2136 volmgrx - ok
17:01:15.0342 2136 volsnap - ok
17:01:15.0354 2136 vsmraid - ok
17:01:15.0357 2136 VSS - ok
17:01:15.0367 2136 vstor2-mntapi10-shared - ok
17:01:15.0370 2136 vwifibus - ok
17:01:15.0373 2136 vwififlt - ok
17:01:15.0378 2136 vwifimp - ok
17:01:15.0381 2136 W32Time - ok
17:01:15.0385 2136 WacomPen - ok
17:01:15.0393 2136 WANARP - ok
17:01:15.0405 2136 Wanarpv6 - ok
17:01:15.0415 2136 WatAdminSvc - ok
17:01:15.0417 2136 wbengine - ok
17:01:15.0420 2136 WbioSrvc - ok
17:01:15.0425 2136 WcesComm - ok
17:01:15.0428 2136 wcncsvc - ok
17:01:15.0431 2136 WcsPlugInService - ok
17:01:15.0433 2136 Wd - ok
17:01:15.0436 2136 Wdf01000 - ok
17:01:15.0438 2136 WdiServiceHost - ok
17:01:15.0441 2136 WdiSystemHost - ok
17:01:15.0444 2136 WebClient - ok
17:01:15.0447 2136 Wecsvc - ok
17:01:15.0449 2136 wercplsupport - ok
17:01:15.0456 2136 WerSvc - ok
17:01:15.0459 2136 WfpLwf - ok
17:01:15.0461 2136 WIMMount - ok
17:01:15.0464 2136 WinDefend - ok
17:01:15.0469 2136 WinHttpAutoProxySvc - ok
17:01:15.0471 2136 Winmgmt - ok
17:01:15.0474 2136 WinRM - ok
17:01:15.0508 2136 WinUsb - ok
17:01:15.0511 2136 Wlansvc - ok
17:01:15.0517 2136 wlidsvc - ok
17:01:15.0520 2136 WmiAcpi - ok
17:01:15.0524 2136 wmiApSrv - ok
17:01:15.0535 2136 WMPNetworkSvc - ok
17:01:15.0538 2136 WPCSvc - ok
17:01:15.0540 2136 WPDBusEnum - ok
17:01:15.0543 2136 ws2ifsl - ok
17:01:15.0561 2136 wscsvc - ok
17:01:15.0564 2136 WSearch - ok
17:01:15.0567 2136 wuauserv - ok
17:01:15.0570 2136 WudfPf - ok
17:01:15.0573 2136 WUDFRd - ok
17:01:15.0576 2136 wudfsvc - ok
17:01:15.0579 2136 WwanSvc - ok
17:01:15.0581 2136 XAMPP - ok
17:01:15.0633 2136 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:01:15.0637 2136 \Device\Harddisk0\DR0 - ok
17:01:15.0639 2136 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
17:01:15.0661 2136 \Device\Harddisk2\DR2 - ok
17:01:15.0676 2136 MBR (0x1B8) (9c58313c5dda6d94904a3d60ad87b6bb) \Device\Harddisk1\DR1
17:01:15.0925 2136 \Device\Harddisk1\DR1 - ok
17:01:15.0927 2136 Boot (0x1200) (243e096927f05df99ec9a05244bdc8fe) \Device\Harddisk0\DR0\Partition0
17:01:15.0928 2136 \Device\Harddisk0\DR0\Partition0 - ok
17:01:15.0943 2136 Boot (0x1200) (3f70ec5e3ff43b623f61e07f9ae60905) \Device\Harddisk1\DR1\Partition0
17:01:15.0944 2136 \Device\Harddisk1\DR1\Partition0 - ok
17:01:15.0954 2136 Boot (0x1200) (1f99622e78f5856c084d82dfac66c043) \Device\Harddisk1\DR1\Partition1
17:01:15.0954 2136 \Device\Harddisk1\DR1\Partition1 - ok
17:01:15.0969 2136 Boot (0x1200) (78f24a029318ac5e94310a1268790e42) \Device\Harddisk1\DR1\Partition2
17:01:15.0970 2136 \Device\Harddisk1\DR1\Partition2 - ok
17:01:15.0970 2136 ============================================================
17:01:15.0971 2136 Scan finished
17:01:15.0971 2136 ============================================================
17:01:15.0978 6124 Detected object count: 0
17:01:15.0978 6124 Actual detected object count: 0
17:01:29.0411 5240 ============================================================
17:01:29.0411 5240 Scan started
17:01:29.0411 5240 Mode: Manual;
17:01:29.0411 5240 ============================================================
17:01:29.0598 5240 1394ohci - ok
17:01:29.0600 5240 ACPI - ok
17:01:29.0602 5240 AcpiPmi - ok
17:01:29.0605 5240 adfs - ok
17:01:29.0607 5240 adp94xx - ok
17:01:29.0609 5240 adpahci - ok
17:01:29.0612 5240 adpu320 - ok
17:01:29.0615 5240 AeLookupSvc - ok
17:01:29.0617 5240 AFD - ok
17:01:29.0619 5240 agp440 - ok
17:01:29.0622 5240 ALG - ok
17:01:29.0624 5240 aliide - ok
17:01:29.0626 5240 ALSysIO - ok
17:01:29.0629 5240 AMD External Events Utility - ok
17:01:29.0631 5240 amdide - ok
17:01:29.0633 5240 AmdK8 - ok
17:01:29.0635 5240 amdkmdag - ok
17:01:29.0637 5240 amdkmdap - ok
17:01:29.0640 5240 AmdPPM - ok
17:01:29.0642 5240 amdsata - ok
17:01:29.0644 5240 amdsbs - ok
17:01:29.0647 5240 amdxata - ok
17:01:29.0649 5240 AppID - ok
17:01:29.0651 5240 AppIDSvc - ok
17:01:29.0653 5240 Appinfo - ok
17:01:29.0656 5240 Apple Mobile Device - ok
17:01:29.0658 5240 AppMgmt - ok
17:01:29.0660 5240 arc - ok
17:01:29.0663 5240 arcsas - ok
17:01:29.0665 5240 AsIO - ok
17:01:29.0672 5240 aspnet_state - ok
17:01:29.0675 5240 AsSysCtrlService - ok
17:01:29.0677 5240 AsyncMac - ok
17:01:29.0679 5240 atapi - ok
17:01:29.0683 5240 AtiHDAudioService - ok
17:01:29.0686 5240 AudioEndpointBuilder - ok
17:01:29.0688 5240 AudioSrv - ok
17:01:29.0690 5240 AVP - ok
17:01:29.0702 5240 AxInstSV - ok
17:01:29.0705 5240 b06bdrv - ok
17:01:29.0707 5240 b57nd60a - ok
17:01:29.0710 5240 BDESVC - ok
17:01:29.0712 5240 Beep - ok
17:01:29.0715 5240 BFE - ok
17:01:29.0717 5240 BITS - ok
17:01:29.0719 5240 blbdrive - ok
17:01:29.0721 5240 Bonjour Service - ok
17:01:29.0724 5240 bowser - ok
17:01:29.0726 5240 BrFiltLo - ok
17:01:29.0729 5240 BrFiltUp - ok
17:01:29.0731 5240 BridgeMP - ok
17:01:29.0733 5240 Browser - ok
17:01:29.0735 5240 Brserid - ok
17:01:29.0738 5240 BrSerWdm - ok
17:01:29.0740 5240 BrUsbMdm - ok
17:01:29.0742 5240 BrUsbSer - ok
17:01:29.0745 5240 BthEnum - ok
17:01:29.0747 5240 BTHMODEM - ok
17:01:29.0749 5240 BthPan - ok
17:01:29.0751 5240 BTHPORT - ok
17:01:29.0754 5240 bthserv - ok
17:01:29.0756 5240 BTHUSB - ok
17:01:29.0758 5240 catchme - ok
17:01:29.0760 5240 cdfs - ok
17:01:29.0762 5240 cdrom - ok
17:01:29.0765 5240 CertPropSvc - ok
17:01:29.0767 5240 circlass - ok
17:01:29.0769 5240 CLFS - ok
17:01:29.0772 5240 clr_optimization_v2.0.50727_32 - ok
17:01:29.0774 5240 clr_optimization_v2.0.50727_64 - ok
17:01:29.0776 5240 clr_optimization_v4.0.30319_32 - ok
17:01:29.0779 5240 clr_optimization_v4.0.30319_64 - ok
17:01:29.0781 5240 CmBatt - ok
17:01:29.0783 5240 cmdide - ok
17:01:29.0786 5240 CNG - ok
17:01:29.0788 5240 Compbatt - ok
17:01:29.0790 5240 CompositeBus - ok
17:01:29.0793 5240 COMSysApp - ok
17:01:29.0795 5240 cpu - ok
17:01:29.0797 5240 crcdisk - ok
17:01:29.0801 5240 CryptSvc - ok
17:01:29.0803 5240 CSC - ok
17:01:29.0806 5240 CscService - ok
17:01:29.0808 5240 CV2K1 - ok
17:01:29.0811 5240 DcomLaunch - ok
17:01:29.0814 5240 DEFRAGSVC - ok
17:01:29.0816 5240 DfsC - ok
17:01:29.0819 5240 Dhcp - ok
17:01:29.0821 5240 discache - ok
17:01:29.0827 5240 Disk - ok
17:01:29.0829 5240 Dnscache - ok
17:01:29.0831 5240 dot3svc - ok
17:01:29.0833 5240 DPS - ok
17:01:29.0836 5240 drmkaud - ok
17:01:29.0838 5240 DroidCam - ok
17:01:29.0842 5240 dump_wmimmc - ok
17:01:29.0845 5240 DXGKrnl - ok
17:01:29.0847 5240 EapHost - ok
17:01:29.0849 5240 ebdrv - ok
17:01:29.0852 5240 EFS - ok
17:01:29.0854 5240 ehRecvr - ok
17:01:29.0856 5240 ehSched - ok
17:01:29.0858 5240 elxstor - ok
17:01:29.0861 5240 epmntdrv - ok
17:01:29.0863 5240 ErrDev - ok
17:01:29.0866 5240 EuGdiDrv - ok
17:01:29.0868 5240 EuMusDesignVirtualAudioCableWdm - ok
17:01:29.0872 5240 EventSystem - ok
17:01:29.0874 5240 exfat - ok
17:01:29.0877 5240 fastfat - ok
17:01:29.0879 5240 Fax - ok
17:01:29.0881 5240 fdc - ok
17:01:29.0883 5240 fdPHost - ok
17:01:29.0885 5240 FDResPub - ok
17:01:29.0888 5240 FileInfo - ok
17:01:29.0890 5240 Filetrace - ok
17:01:29.0892 5240 FLEXnet Licensing Service - ok
17:01:29.0895 5240 flpydisk - ok
17:01:29.0897 5240 FltMgr - ok
17:01:29.0899 5240 FontCache - ok
17:01:29.0902 5240 FontCache3.0.0.0 - ok
17:01:29.0904 5240 FsDepends - ok
17:01:29.0906 5240 Fs_Rec - ok
17:01:29.0909 5240 fvevol - ok
17:01:29.0911 5240 gagp30kx - ok
17:01:29.0913 5240 GearAspiWDM - ok
17:01:29.0916 5240 GGSAFERDriver - ok
17:01:29.0918 5240 gpsvc - ok
17:01:29.0920 5240 gupdate - ok
17:01:29.0922 5240 gupdatem - ok
17:01:29.0925 5240 gusvc - ok
17:01:29.0927 5240 hamachi - ok
17:01:29.0930 5240 Hamachi2Svc - ok
17:01:29.0932 5240 hcmon - ok
17:01:29.0934 5240 hcw85cir - ok
17:01:29.0937 5240 HdAudAddService - ok
17:01:29.0939 5240 HDAudBus - ok
17:01:29.0942 5240 HidBatt - ok
17:01:29.0944 5240 HidBth - ok
17:01:29.0954 5240 HidIr - ok
17:01:29.0956 5240 hidserv - ok
17:01:29.0959 5240 HidUsb - ok
17:01:29.0961 5240 hkmsvc - ok
17:01:29.0963 5240 HomeGroupListener - ok
17:01:29.0966 5240 HomeGroupProvider - ok
17:01:29.0968 5240 HpSAMD - ok
17:01:29.0970 5240 HTCAND64 - ok
17:01:29.0973 5240 htcnprot - ok
17:01:29.0975 5240 HTTP - ok
17:01:29.0977 5240 hwpolicy - ok
17:01:29.0980 5240 i2p - ok
17:01:29.0982 5240 i8042prt - ok
17:01:29.0984 5240 iaStorV - ok
17:01:29.0986 5240 idsvc - ok
17:01:29.0988 5240 iirsp - ok
17:01:29.0991 5240 IKEEXT - ok
17:01:29.0994 5240 intelide - ok
17:01:29.0996 5240 intelppm - ok
17:01:29.0999 5240 IPBusEnum - ok
17:01:30.0001 5240 IpFilterDriver - ok
17:01:30.0003 5240 iphlpsvc - ok
17:01:30.0006 5240 IPMIDRV - ok
17:01:30.0008 5240 IPNAT - ok
17:01:30.0011 5240 IRENUM - ok
17:01:30.0013 5240 isapnp - ok
17:01:30.0015 5240 iScsiPrt - ok
17:01:30.0018 5240 kbdclass - ok
17:01:30.0020 5240 kbdhid - ok
17:01:30.0022 5240 KeyIso - ok
17:01:30.0037 5240 KL1 - ok
17:01:30.0040 5240 kl2 - ok
17:01:30.0042 5240 KLIF - ok
17:01:30.0050 5240 KLIM6 - ok
17:01:30.0053 5240 klmouflt - ok
17:01:30.0055 5240 KSecDD - ok
17:01:30.0057 5240 KSecPkg - ok
17:01:30.0060 5240 ksthunk - ok
17:01:30.0062 5240 KtmRm - ok
17:01:30.0065 5240 LanmanServer - ok
17:01:30.0067 5240 LanmanWorkstation - ok
17:01:30.0070 5240 LbAdapter - ok
17:01:30.0072 5240 LBTServ - ok
17:01:30.0079 5240 LHidFilt - ok
17:01:30.0082 5240 lltdio - ok
17:01:30.0085 5240 lltdsvc - ok
17:01:30.0087 5240 lmhosts - ok
17:01:30.0089 5240 LMouFilt - ok
17:01:30.0093 5240 LSI_FC - ok
17:01:30.0095 5240 LSI_SAS - ok
17:01:30.0097 5240 LSI_SAS2 - ok
17:01:30.0100 5240 LSI_SCSI - ok
17:01:30.0102 5240 luafv - ok
17:01:30.0104 5240 LUsbFilt - ok
17:01:30.0107 5240 LVUSBS64 - ok
17:01:30.0109 5240 ManyCam - ok
17:01:30.0113 5240 MBAMProtector - ok
17:01:30.0115 5240 MBAMService - ok
17:01:30.0117 5240 Mcx2Svc - ok
17:01:30.0120 5240 megasas - ok
17:01:30.0122 5240 MegaSR - ok
17:01:30.0124 5240 Microsoft Office Groove Audit Service - ok
17:01:30.0127 5240 Microsoft SharePoint Workspace Audit Service - ok
17:01:30.0129 5240 MMCSS - ok
17:01:30.0132 5240 Modem - ok
17:01:30.0134 5240 monitor - ok
17:01:30.0136 5240 mouclass - ok
17:01:30.0139 5240 mouhid - ok
17:01:30.0141 5240 mountmgr - ok
17:01:30.0143 5240 mpio - ok
17:01:30.0146 5240 mpsdrv - ok
17:01:30.0148 5240 MpsSvc - ok
17:01:30.0150 5240 MRxDAV - ok
17:01:30.0152 5240 mrxsmb - ok
17:01:30.0155 5240 mrxsmb10 - ok
17:01:30.0157 5240 mrxsmb20 - ok
17:01:30.0159 5240 msahci - ok
17:01:30.0161 5240 msdsm - ok
17:01:30.0164 5240 MSDTC - ok
17:01:30.0168 5240 MsDtsServer - ok
17:01:30.0171 5240 Msfs - ok
17:01:30.0173 5240 MsgPlusService - ok
17:01:30.0175 5240 mshidkmdf - ok
17:01:30.0177 5240 msisadrv - ok
17:01:30.0180 5240 MSiSCSI - ok
17:01:30.0182 5240 msiserver - ok
17:01:30.0185 5240 MSKSSRV - ok
17:01:30.0187 5240 MSPCLOCK - ok
17:01:30.0190 5240 MSPQM - ok
17:01:30.0192 5240 MsRPC - ok
17:01:30.0196 5240 mssmbios - ok
17:01:30.0198 5240 MSSQL$SQLEXPRESS - ok
17:01:30.0206 5240 MSSQLServerADHelper100 - ok
17:01:30.0209 5240 MSTEE - ok
17:01:30.0211 5240 MTConfig - ok
17:01:30.0214 5240 MTsensor - ok
17:01:30.0217 5240 Mup - ok
17:01:30.0219 5240 napagent - ok
17:01:30.0221 5240 NativeWifiP - ok
17:01:30.0224 5240 NDIS - ok
17:01:30.0226 5240 NdisCap - ok
17:01:30.0228 5240 NdisTapi - ok
17:01:30.0231 5240 Ndisuio - ok
17:01:30.0234 5240 NdisWan - ok
17:01:30.0236 5240 NDProxy - ok
17:01:30.0238 5240 NetBIOS - ok
17:01:30.0241 5240 NetBT - ok
17:01:30.0243 5240 Netlogon - ok
17:01:30.0246 5240 Netman - ok
17:01:30.0248 5240 NetMsmqActivator - ok
17:01:30.0250 5240 NetPipeActivator - ok
17:01:30.0253 5240 netprofm - ok
17:01:30.0255 5240 NetTcpActivator - ok
17:01:30.0258 5240 NetTcpPortSharing - ok
17:01:30.0260 5240 nfrd960 - ok
17:01:30.0262 5240 NlaSvc - ok
17:01:30.0265 5240 NLNdisMP - ok
17:01:30.0267 5240 NLNdisPT - ok
17:01:30.0270 5240 NoIPDUCService3 - ok
17:01:30.0272 5240 NPF - ok
17:01:30.0274 5240 Npfs - ok
17:01:30.0276 5240 npggsvc - ok
17:01:30.0279 5240 NPPTNT2 - ok
17:01:30.0281 5240 nsi - ok
17:01:30.0283 5240 nsiproxy - ok
17:01:30.0286 5240 Ntfs - ok
17:01:30.0288 5240 Null - ok
17:01:30.0291 5240 nvraid - ok
17:01:30.0293 5240 nvstor - ok
17:01:30.0295 5240 nv_agp - ok
17:01:30.0298 5240 NwlnkIpx - ok
17:01:30.0301 5240 odserv - ok
17:01:30.0303 5240 ohci1394 - ok
17:01:30.0306 5240 OpenVPNService - ok
17:01:30.0308 5240 ose - ok
17:01:30.0310 5240 ose64 - ok
17:01:30.0313 5240 osppsvc - ok
17:01:30.0316 5240 P17 - ok
17:01:30.0319 5240 p2pimsvc - ok
17:01:30.0321 5240 p2psvc - ok
17:01:30.0324 5240 Parport - ok
17:01:30.0330 5240 partmgr - ok
17:01:30.0332 5240 PassThru Service - ok
17:01:30.0335 5240 PcaSvc - ok
17:01:30.0337 5240 pccsmcfd - ok
17:01:30.0339 5240 pci - ok
17:01:30.0342 5240 pciide - ok
17:01:30.0344 5240 pcmcia - ok
17:01:30.0346 5240 pcw - ok
17:01:30.0349 5240 PEAUTH - ok
17:01:30.0351 5240 PeerDistSvc - ok
17:01:30.0354 5240 PerfHost - ok
17:01:30.0360 5240 PID_0928 - ok
17:01:30.0362 5240 pla - ok
17:01:30.0365 5240 PlugPlay - ok
17:01:30.0367 5240 PnkBstrA - ok
17:01:30.0369 5240 PNRPAutoReg - ok
17:01:30.0371 5240 PNRPsvc - ok
17:01:30.0374 5240 PolicyAgent - ok
17:01:30.0377 5240 Power - ok
17:01:30.0379 5240 PptpMiniport - ok
17:01:30.0382 5240 Processor - ok
17:01:30.0384 5240 ProfSvc - ok
17:01:30.0386 5240 ProtectedStorage - ok
17:01:30.0389 5240 Psched - ok
17:01:30.0391 5240 ql2300 - ok
17:01:30.0393 5240 ql40xx - ok
17:01:30.0395 5240 QWAVE - ok
17:01:30.0398 5240 QWAVEdrv - ok
17:01:30.0400 5240 RapiMgr - ok
17:01:30.0402 5240 RasAcd - ok
17:01:30.0405 5240 RasAgileVpn - ok
17:01:30.0407 5240 RasAuto - ok
17:01:30.0410 5240 Rasl2tp - ok
17:01:30.0412 5240 RasMan - ok
17:01:30.0415 5240 RasPppoe - ok
17:01:30.0417 5240 RasSstp - ok
17:01:30.0419 5240 rdbss - ok
17:01:30.0421 5240 rdpbus - ok
17:01:30.0424 5240 RDPCDD - ok
17:01:30.0427 5240 RDPDR - ok
17:01:30.0430 5240 RDPENCDD - ok
17:01:30.0433 5240 RDPREFMP - ok
17:01:30.0437 5240 RdpVideoMiniport - ok
17:01:30.0440 5240 RDPWD - ok
17:01:30.0442 5240 rdyboost - ok
17:01:30.0444 5240 RemoteAccess - ok
17:01:30.0447 5240 RemoteRegistry - ok
17:01:30.0449 5240 RFCOMM - ok
17:01:30.0455 5240 rpcapd - ok
17:01:30.0457 5240 RpcEptMapper - ok
17:01:30.0459 5240 RpcLocator - ok
17:01:30.0462 5240 RpcSs - ok
17:01:30.0464 5240 RsFx0103 - ok
17:01:30.0466 5240 rspndr - ok
17:01:30.0468 5240 rt61x64 - ok
17:01:30.0471 5240 RTL8167 - ok
17:01:30.0473 5240 s3cap - ok
17:01:30.0475 5240 SamSs - ok
17:01:30.0478 5240 sbp2port - ok
17:01:30.0480 5240 SCardSvr - ok
17:01:30.0482 5240 scfilter - ok
17:01:30.0485 5240 Schedule - ok
17:01:30.0487 5240 SCPolicySvc - ok
17:01:30.0490 5240 SDRSVC - ok
17:01:30.0492 5240 secdrv - ok
17:01:30.0494 5240 seclogon - ok
17:01:30.0497 5240 SENS - ok
17:01:30.0499 5240 SensrSvc - ok
17:01:30.0502 5240 Serenum - ok
17:01:30.0504 5240 Serial - ok
17:01:30.0507 5240 sermouse - ok
17:01:30.0512 5240 SessionEnv - ok
17:01:30.0515 5240 sffdisk - ok
17:01:30.0517 5240 sffp_mmc - ok
17:01:30.0519 5240 sffp_sd - ok
17:01:30.0522 5240 sfloppy - ok
17:01:30.0524 5240 SharedAccess - ok
17:01:30.0527 5240 ShellHWDetection - ok
17:01:30.0529 5240 SiSRaid2 - ok
17:01:30.0532 5240 SiSRaid4 - ok
17:01:30.0534 5240 SkypeUpdate - ok
17:01:30.0537 5240 Smb - ok
17:01:30.0541 5240 SNMPTRAP - ok
17:01:30.0544 5240 spldr - ok
17:01:30.0546 5240 Spooler - ok
17:01:30.0549 5240 sppsvc - ok
17:01:30.0551 5240 sppuinotify - ok
17:01:30.0556 5240 sptd - ok
17:01:30.0558 5240 SQLAgent$SQLEXPRESS - ok
17:01:30.0561 5240 SQLBrowser - ok
17:01:30.0564 5240 SQLWriter - ok
17:01:30.0566 5240 srv - ok
17:01:30.0569 5240 srv2 - ok
17:01:30.0572 5240 srvnet - ok
17:01:30.0574 5240 SSDPSRV - ok
17:01:30.0577 5240 SstpSvc - ok
17:01:30.0579 5240 StarOpen - ok
17:01:30.0582 5240 Steam Client Service - ok
17:01:30.0585 5240 stexstor - ok
17:01:30.0587 5240 stisvc - ok
17:01:30.0591 5240 storflt - ok
17:01:30.0594 5240 storvsc - ok
17:01:30.0596 5240 swenum - ok
17:01:30.0599 5240 SwitchBoard - ok
17:01:30.0601 5240 swprv - ok
17:01:30.0603 5240 Synth3dVsc - ok
17:01:30.0606 5240 SysMain - ok
17:01:30.0608 5240 TabletInputService - ok
17:01:30.0610 5240 tap0901 - ok
17:01:30.0613 5240 TapiSrv - ok
17:01:30.0615 5240 tapoas - ok
17:01:30.0617 5240 TBS - ok
17:01:30.0620 5240 Tcpip - ok
17:01:30.0622 5240 TCPIP6 - ok
17:01:30.0625 5240 tcpipreg - ok
17:01:30.0628 5240 TDPIPE - ok
17:01:30.0631 5240 TdsNordecr - ok
17:01:30.0633 5240 TDTCP - ok
17:01:30.0635 5240 tdx - ok
17:01:30.0637 5240 TeamViewer6 - ok
17:01:30.0640 5240 TeamViewer7 - ok
17:01:30.0642 5240 teamviewervpn - ok
17:01:30.0645 5240 TermDD - ok
17:01:30.0647 5240 TermService - ok
17:01:30.0649 5240 Themes - ok
17:01:30.0652 5240 THREADORDER - ok
17:01:30.0654 5240 TlntSvr - ok
17:01:30.0657 5240 TrkWks - ok
17:01:30.0659 5240 truecrypt - ok
17:01:30.0662 5240 TrustedInstaller - ok
17:01:30.0665 5240 tssecsrv - ok
17:01:30.0667 5240 TsUsbFlt - ok
17:01:30.0670 5240 tsusbhub - ok
17:01:30.0672 5240 tunnel - ok
17:01:30.0674 5240 uagp35 - ok
17:01:30.0677 5240 udfs - ok
17:01:30.0681 5240 UI0Detect - ok
17:01:30.0684 5240 uliagpkx - ok
17:01:30.0687 5240 umbus - ok
17:01:30.0689 5240 UmPass - ok
17:01:30.0692 5240 UmRdpService - ok
17:01:30.0694 5240 UnsignedThemes - ok
17:01:30.0697 5240 upnphost - ok
17:01:30.0699 5240 usbaudio - ok
17:01:30.0702 5240 usbccgp - ok
17:01:30.0707 5240 usbcir - ok
17:01:30.0710 5240 usbehci - ok
17:01:30.0712 5240 usbhub - ok
17:01:30.0714 5240 usbohci - ok
17:01:30.0716 5240 USBPNPA - ok
17:01:30.0718 5240 usbprint - ok
17:01:30.0721 5240 usbscan - ok
17:01:30.0724 5240 usbser - ok
17:01:30.0726 5240 USBSTOR - ok
17:01:30.0728 5240 usbuhci - ok
17:01:30.0731 5240 usbvideo - ok
17:01:30.0733 5240 usb_rndisx - ok
17:01:30.0735 5240 uxpatch - ok
17:01:30.0738 5240 UxSms - ok
17:01:30.0740 5240 VaultSvc - ok
17:01:30.0742 5240 VBoxDrv - ok
17:01:30.0745 5240 VBoxNetAdp - ok
17:01:30.0747 5240 VBoxNetFlt - ok
17:01:30.0749 5240 VBoxUSB - ok
17:01:30.0751 5240 VBoxUSBMon - ok
17:01:30.0754 5240 vdrvroot - ok
17:01:30.0757 5240 vds - ok
17:01:30.0759 5240 vga - ok
17:01:30.0761 5240 VgaSave - ok
17:01:30.0764 5240 VGPU - ok
17:01:30.0766 5240 vhdmp - ok
17:01:30.0768 5240 viaide - ok
17:01:30.0771 5240 VMAuthdService - ok
17:01:30.0773 5240 vmbus - ok
17:01:30.0776 5240 VMBusHID - ok
17:01:30.0778 5240 vmci - ok
17:01:30.0780 5240 VMnetAdapter - ok
17:01:30.0783 5240 VMnetBridge - ok
17:01:30.0785 5240 VMnetDHCP - ok
17:01:30.0788 5240 VMnetuserif - ok
17:01:30.0790 5240 vmusb - ok
17:01:30.0793 5240 VMUSBArbService - ok
17:01:30.0796 5240 VMware NAT Service - ok
17:01:30.0799 5240 VMwareHostd - ok
17:01:30.0801 5240 vmx86 - ok
17:01:30.0803 5240 vncmirror - ok
17:01:30.0806 5240 volmgr - ok
17:01:30.0809 5240 volmgrx - ok
17:01:30.0811 5240 volsnap - ok
17:01:30.0814 5240 vsmraid - ok
17:01:30.0816 5240 VSS - ok
17:01:30.0819 5240 vstor2-mntapi10-shared - ok
17:01:30.0822 5240 vwifibus - ok
17:01:30.0824 5240 vwififlt - ok
17:01:30.0826 5240 vwifimp - ok
17:01:30.0829 5240 W32Time - ok
17:01:30.0833 5240 WacomPen - ok
17:01:30.0835 5240 WANARP - ok
17:01:30.0838 5240 Wanarpv6 - ok
17:01:30.0840 5240 WatAdminSvc - ok
17:01:30.0843 5240 wbengine - ok
17:01:30.0845 5240 WbioSrvc - ok
17:01:30.0848 5240 WcesComm - ok
17:01:30.0850 5240 wcncsvc - ok
17:01:30.0852 5240 WcsPlugInService - ok
17:01:30.0855 5240 Wd - ok
17:01:30.0858 5240 Wdf01000 - ok
17:01:30.0860 5240 WdiServiceHost - ok
17:01:30.0863 5240 WdiSystemHost - ok
17:01:30.0866 5240 WebClient - ok
17:01:30.0868 5240 Wecsvc - ok
17:01:30.0871 5240 wercplsupport - ok
17:01:30.0873 5240 WerSvc - ok
17:01:30.0876 5240 WfpLwf - ok
17:01:30.0878 5240 WIMMount - ok
17:01:30.0881 5240 WinDefend - ok
17:01:30.0886 5240 WinHttpAutoProxySvc - ok
17:01:30.0888 5240 Winmgmt - ok
17:01:30.0891 5240 WinRM - ok
17:01:30.0895 5240 WinUsb - ok
17:01:30.0898 5240 Wlansvc - ok
17:01:30.0900 5240 wlidsvc - ok
17:01:30.0903 5240 WmiAcpi - ok
17:01:30.0907 5240 wmiApSrv - ok
17:01:30.0909 5240 WMPNetworkSvc - ok
17:01:30.0911 5240 WPCSvc - ok
17:01:30.0914 5240 WPDBusEnum - ok
17:01:30.0916 5240 ws2ifsl - ok
17:01:30.0919 5240 wscsvc - ok
17:01:30.0921 5240 WSearch - ok
17:01:30.0925 5240 wuauserv - ok
17:01:30.0927 5240 WudfPf - ok
17:01:30.0930 5240 WUDFRd - ok
17:01:30.0933 5240 wudfsvc - ok
17:01:30.0936 5240 WwanSvc - ok
17:01:30.0938 5240 XAMPP - ok
17:01:30.0960 5240 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:01:30.0962 5240 \Device\Harddisk0\DR0 - ok
17:01:30.0964 5240 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
17:01:30.0986 5240 \Device\Harddisk2\DR2 - ok
17:01:30.0995 5240 MBR (0x1B8) (9c58313c5dda6d94904a3d60ad87b6bb) \Device\Harddisk1\DR1
17:01:31.0250 5240 \Device\Harddisk1\DR1 - ok
17:01:31.0253 5240 Boot (0x1200) (243e096927f05df99ec9a05244bdc8fe) \Device\Harddisk0\DR0\Partition0
17:01:31.0254 5240 \Device\Harddisk0\DR0\Partition0 - ok
17:01:31.0256 5240 Boot (0x1200) (3f70ec5e3ff43b623f61e07f9ae60905) \Device\Harddisk1\DR1\Partition0
17:01:31.0256 5240 \Device\Harddisk1\DR1\Partition0 - ok
17:01:31.0265 5240 Boot (0x1200) (1f99622e78f5856c084d82dfac66c043) \Device\Harddisk1\DR1\Partition1
17:01:31.0265 5240 \Device\Harddisk1\DR1\Partition1 - ok
17:01:31.0280 5240 Boot (0x1200) (78f24a029318ac5e94310a1268790e42) \Device\Harddisk1\DR1\Partition2
17:01:31.0280 5240 \Device\Harddisk1\DR1\Partition2 - ok
17:01:31.0281 5240 ============================================================
17:01:31.0281 5240 Scan finished
17:01:31.0281 5240 ============================================================
17:01:31.0286 1644 Detected object count: 0
17:01:31.0286 1644 Actual detected object count: 0
17:01:35.0486 5540 Deinitialize success
[/code]

aswMBR
[code=auto:0]aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-27 17:02:09
-----------------------------
17:02:09.923 OS Version: Windows x64 6.1.7601 Service Pack 1
17:02:09.924 Number of processors: 4 586 0x1E05
17:02:09.924 ComputerName: MIKEMAIN UserName: Mike
17:02:14.744 Initialize success
17:05:26.817 AVAST engine defs: 12052700
17:06:13.248 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-7
17:06:13.250 Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
17:06:13.252 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-4
17:06:13.254 Disk 1 Vendor: ST3250410AS 3.AAA Size: 238475MB BusType: 3
17:06:13.256 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T1L0-b
17:06:13.258 Disk 2 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
17:06:13.274 Disk 1 MBR read successfully
17:06:13.277 Disk 1 MBR scan
17:06:13.281 Disk 1 unknown MBR code
17:06:13.292 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS 100 MB offset 2048
17:06:13.303 Disk 1 Partition 2 00 07 HPFS/NTFS 80255 MB offset 206848
17:06:13.318 Disk 1 Partition 3 00 07 HPFS/NTFS 158116 MB offset 164569860
17:06:13.325 Disk 1 scanning C:\Windows\system32\drivers
17:06:13.330 Service scanning
17:06:42.915 Modules scanning
17:06:42.920 Disk 1 trace - called modules:
17:06:42.938 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800460a2c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:06:42.942 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004e5f060]
17:06:42.946 3 CLASSPNP.SYS[fffff8800200143f] -> nt!IofCallDriver -> [0xfffffa8004b6e9b0]
17:06:42.950 5 ACPI.sys[fffff88000f7f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8004b88060]
17:06:42.954 \Driver\atapi[0xfffffa8004b6bad0] -> IRP_MJ_CREATE -> 0xfffffa800460a2c0
17:06:43.454 AVAST engine scan C:\Windows
17:06:43.471 AVAST engine scan C:\Windows\system32
17:06:43.478 AVAST engine scan C:\Windows\system32\drivers
17:06:43.483 AVAST engine scan C:\Users\Mike
17:06:43.490 AVAST engine scan C:\ProgramData
17:06:43.493 Scan finished successfully
17:07:29.297 Disk 1 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat"
17:07:29.367 The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR.txt"


[/de]

Edited by gringo_pr, 27 May 2012 - 10:33 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:26 AM

Posted 27 May 2012 - 10:38 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\nr67vci7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: network.proxy.ftp - localhost
FF - prefs.js: network.proxy.ftp_port - 3389
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 3389
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 3389
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 3389
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Morfi717

Morfi717
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 27 May 2012 - 10:43 AM

Hi.

I have fixed those things from CFScript manually and not all. Some of them are intended.

The thing which I want to ask you is why you didn't say anything about those 2 rootkits which gmer detected?
Shall I run combofix again just in case? (w/o the script)

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:26 AM

Posted 27 May 2012 - 11:09 AM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:26 AM

Posted 29 May 2012 - 11:27 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Morfi717

Morfi717
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 30 May 2012 - 06:32 AM

I understand that you have many topics to carry and appreciate your help.

However, your replies are too schematic, you ignore my questions copy pasting some ready formulas/

Topic may be closed/trashed. thanks

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:26 AM

Posted 30 May 2012 - 07:40 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users