Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer locking. Safe mode only.


  • This topic is locked This topic is locked
21 replies to this topic

#1 cpotter

cpotter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 31 May 2012 - 12:04 PM

Computer locks after booting windows and attempting minimal activity. Can only run in safe mode.

Had to rebuild another computer this weekend. Used this current computer to download remote dated drivers. Opened one and it seemed suspicious. Closed and deleted the file. Restarted without problem. But 2 days later, having major problems. Cannot remember name of file downloaded.

Thanks in advance for the help.




.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Chad at 11:47:45 on 2012-05-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2008.1472 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [iTunesHelper] "C:\Program Files\ITunes\iTunesHelper.exe"
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
StartupFolder: C:\Users\Chad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Chad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FAXRX.lnk - C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: coxhealth.com\sra
Trusted Zone: coxheath.com\sra
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: DhcpNameServer = 66.119.1.130 66.119.1.2
TCP: Interfaces\{1778F0C7-157C-4192-886F-C6298CECC8ED} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D642C306-7CC7-4BE1-9E3D-68C9DBFCF0BC} : DhcpNameServer = 66.119.1.130 66.119.1.2
TCP: Interfaces\{D642C306-7CC7-4BE1-9E3D-68C9DBFCF0BC}\2375942554131343 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D642C306-7CC7-4BE1-9E3D-68C9DBFCF0BC}\2377962756 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D642C306-7CC7-4BE1-9E3D-68C9DBFCF0BC}\35F657478602751405 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D642C306-7CC7-4BE1-9E3D-68C9DBFCF0BC}\C4942425142595 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{D642C306-7CC7-4BE1-9E3D-68C9DBFCF0BC}\E4F627478602751405 : DhcpNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [iTunesHelper] "C:\Program Files\ITunes\iTunesHelper.exe"
mRun-x64: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
S1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-3-14 86224]
S2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-3-14 110032]
S2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 136176]
S2 YammmSvc;Yet Another Media Meta Manager;C:\Program Files (x86)\Yammm\YammmSvc.exe [2010-8-3 14336]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 136176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\New folder\WMZuneComm.exe [2011-8-5 306400]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
.
=============== Created Last 30 ================
.
2012-05-19 19:54:22 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-10 07:42:28 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-10 07:42:27 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-10 07:42:23 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-10 07:42:22 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-10 07:42:20 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-10 07:42:20 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-10 07:41:51 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-10 07:41:39 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-10 07:41:35 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-10 07:41:35 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 07:41:34 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 07:41:34 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-10 07:41:34 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-04 18:39:39 -------- d-----w- C:\Program Files (x86)\AutoHotkey
2012-05-01 17:51:36 -------- d-----w- C:\Program Files (x86)\CDex
.
==================== Find3M ====================
.
2012-05-09 03:07:55 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-03-10 19:32:54 637848 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-03-10 19:32:54 567696 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-10 19:22:35 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-03-10 19:22:35 660368 ----a-w- C:\Windows\System32\deployJava1.dll
.
============= FINISH: 11:49:07.52 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 06 June 2012 - 12:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/455439 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 06 June 2012 - 02:45 PM

Same problems. Haven't used the computer since initial post as it only works in safe mode. Have made no changes. If need be, I should have the original Windows 7 CD.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Chad at 14:39:29 on 2012-06-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2008.1515 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [iTunesHelper] "C:\Program Files\ITunes\iTunesHelper.exe"
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
StartupFolder: C:\Users\Chad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Chad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FAXRX.lnk - C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: coxhealth.com\sra
Trusted Zone: coxheath.com\sra
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1778F0C7-157C-4192-886F-C6298CECC8ED} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D642C306-7CC7-4BE1-9E3D-68C9DBFCF0BC} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D642C306-7CC7-4BE1-9E3D-68C9DBFCF0BC}\2375942554131343 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D642C306-7CC7-4BE1-9E3D-68C9DBFCF0BC}\2377962756 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D642C306-7CC7-4BE1-9E3D-68C9DBFCF0BC}\C4942425142595 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{D642C306-7CC7-4BE1-9E3D-68C9DBFCF0BC}\E4F627478602751405 : DhcpNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [iTunesHelper] "C:\Program Files\ITunes\iTunesHelper.exe"
mRun-x64: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
S1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-3-14 86224]
S2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-3-14 110032]
S2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 136176]
S2 YammmSvc;Yet Another Media Meta Manager;C:\Program Files (x86)\Yammm\YammmSvc.exe [2010-8-3 14336]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-18 136176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\New folder\WMZuneComm.exe [2011-8-5 306400]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
.
=============== Created Last 30 ================
.
2012-05-19 19:54:22 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-10 07:42:28 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-10 07:42:27 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-10 07:42:23 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-10 07:42:22 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-10 07:42:20 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-10 07:42:20 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-10 07:41:51 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-10 07:41:39 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-10 07:41:35 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-10 07:41:35 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 07:41:34 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 07:41:34 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-10 07:41:34 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
.
==================== Find3M ====================
.
2012-05-09 03:07:55 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-03-10 19:32:54 637848 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-03-10 19:32:54 567696 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-10 19:22:35 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-03-10 19:22:35 660368 ----a-w- C:\Windows\System32\deployJava1.dll
.
============= FINISH: 14:40:54.33 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:28 PM

Posted 07 June 2012 - 03:08 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 07 June 2012 - 03:16 PM

After completing both steps, windows still running horribly slow in "regular mode". In regular mode, I tried Ctrl-Alt-Del to restart and got an unusual error. Regular mode is essentially unusuable currently. I'm currently running in safe mode. In case it helps, safe mode also acting funny. Speed is OK. But writing text is painful. Cursor randomly jumps to different locations in text box.

Ran both steps in Safe Mode.

Ran security check without problem. Log included below.

Ran Combofix. Initially told me that Avira was still running. However, Avira didn't load in safe mode (to my knowledge). I went to task manager -> services. Verified Avira scheduler & realtime protection were stopped. Didn't see any other Avira entries in tm -> services. So I proceeded with Combofix.

Combofix ran. Very slow at end as it restarted in regular Windows mode. Near end as it was preparing the log report, I got the following error:

c:\windows\system32\GfxUI.exe
"A device attached to the system is not functioning."

Otherwise Combofix ran without error. Log included below.



Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 7 Update 3
Java version out of date!
Mozilla Thunderbird 11.0.1 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````



ComboFix 12-06-07.03 - Chad 06/07/2012 6:10.3.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2008.1405 [GMT -5:00]
Running from: c:\users\Chad\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chad\AppData\Roaming\Microsoft\Office\Recent\DXA Dictation Template.doc.LNK
c:\users\Chad\AppData\Roaming\Microsoft\Office\Recent\DXA Physican Dictation Template.doc.LNK
c:\users\Chad\AppData\Roaming\Microsoft\Office\Recent\Finishes - Detailed (Old MS Word Compatible).doc.LNK
c:\users\Chad\AppData\Roaming\Microsoft\Office\Recent\Letter for Maes (SSR).doc.LNK
c:\users\Chad\AppData\Roaming\Microsoft\Office\Recent\LGRA Benefits.doc.LNK
.
.
((((((((((((((((((((((((( Files Created from 2012-05-07 to 2012-06-07 )))))))))))))))))))))))))))))))
.
.
2012-06-07 11:15 . 2012-06-07 11:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-07 11:15 . 2012-06-07 11:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-07 11:15 . 2012-06-07 11:15 -------- d-----w- c:\users\Courtney\AppData\Local\temp
2012-05-19 19:54 . 2012-05-19 19:54 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-10 07:42 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 07:42 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 07:42 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 07:42 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 07:42 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 07:42 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 07:41 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 07:41 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 07:41 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 07:41 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 07:41 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 07:41 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 07:41 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 03:07 . 2012-03-14 13:06 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-09 03:07 . 2012-03-14 13:06 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-10 19:32 . 2012-03-10 19:33 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-03-10 19:32 . 2012-03-10 19:33 567696 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-10 19:22 . 2012-03-10 19:23 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-10 19:22 . 2010-11-05 16:59 660368 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-19 39408]
"OpenDNS Updater"="c:\program files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"iTunesHelper"="c:\program files\ITunes\iTunesHelper.exe" [2012-03-07 421736]
"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-28 1667072]
.
c:\users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
FAXRX.lnk - c:\program files (x86)\Brother\Brmfl07b\FAXRX.exe [2011-7-17 524288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-19 136176]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-19 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\New folder\WMZuneComm.exe [2011-08-05 306400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 YammmSvc;Yet Another Media Meta Manager;c:\program files (x86)\Yammm\YammmSvc.exe [2010-08-03 14336]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-19 04:23]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-19 04:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"Zune Launcher"="c:\program files\New folder\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: coxhealth.com\sra
Trusted Zone: coxheath.com\sra
TCP: DhcpNameServer = 66.119.1.130 66.119.1.2
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-7-Zip - c:\nas\OLD\7-Zip\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe
c:\program files (x86)\Brother\Brmfcmon\BrMfimon.exe
c:\program files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
.
**************************************************************************
.
Completion time: 2012-06-07 06:44:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-07 11:44
.
Pre-Run: 70,221,447,168 bytes free
Post-Run: 70,067,253,248 bytes free
.
- - End Of File - - 4319D63E53369912F87D029F34D26FD2

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:28 PM

Posted 07 June 2012 - 04:11 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 08 June 2012 - 02:55 AM

No problems running Farbar.




Scan result of Farbar Recovery Scan Tool Version: 06-06-2012 04
Ran by SYSTEM at 08-06-2012 02:22:51
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [162328 2011-02-11] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2011-02-11] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [417304 2011-02-11] (Intel Corporation)
HKLM\...\Run: [Zune Launcher] "c:\Program Files\New folder\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [346 2012-06-07] ()
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348624 2012-05-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files\ITunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1667072 2012-02-28] (AimerSoft)
HKU\Chad\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-10-18] (Google Inc.)
HKU\Chad\...\Run: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart [839680 2010-06-16] ()
HKU\Chad\...\Policies\system: [LogonHoursAction] 2
HKU\Chad\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Courtney\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-10-18] (Google Inc.)
HKU\Courtney\...\Policies\system: [LogonHoursAction] 2
HKU\Courtney\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 66.119.1.130 66.119.1.2
Startup: C:\Users\Chad\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Chad\Start Menu\Programs\Startup\FAXRX.lnk
ShortcutTarget: FAXRX.lnk -> C:\Program Files (x86)\Brother\Brmfl07b\FAXRX.exe (Brother Industries Ltd.)

==================== Services (Whitelisted) ======

2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
3 WMZuneComm; "C:\Program Files\New folder\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)
2 YammmSvc; "C:\Program Files (x86)\Yammm\YammmSvc.exe" [14336 2010-08-03] (Mikinho)
3 ZuneNetworkSvc; "C:\Program Files\New folder\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)
3 ZuneWlanCfgSvc; "C:\Program Files\New folder\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-05-08] (Avira GmbH)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [91864 2011-08-10] (Citrix Systems, Inc.)
3 tap0901; C:\Windows\System32\Drivers\tap0901.sys [29696 2008-10-06] (The OpenVPN Project)
3 WsAudio_DeviceS(1); C:\Windows\System32\Drivers\WsAudio_DeviceS(1).sys [29288 2011-12-19] (Wondershare)
3 WsAudio_DeviceS(2); C:\Windows\System32\Drivers\WsAudio_DeviceS(2).sys [29288 2011-12-19] (Wondershare)
3 WsAudio_DeviceS(3); C:\Windows\System32\Drivers\WsAudio_DeviceS(3).sys [29288 2011-12-19] (Wondershare)
3 WsAudio_DeviceS(4); C:\Windows\System32\Drivers\WsAudio_DeviceS(4).sys [29288 2011-12-19] (Wondershare)
3 WsAudio_DeviceS(5); C:\Windows\System32\Drivers\WsAudio_DeviceS(5).sys [29288 2011-12-19] (Wondershare)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
3 catchme; \??\C:\ComboFix\catchme.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-08 02:22 - 2012-06-08 02:23 - 00000000 ____D C:\FRST
2012-06-07 03:44 - 2012-06-07 03:44 - 00015994 ____A C:\ComboFix.txt
2012-06-07 03:18 - 2012-06-07 03:18 - 00000000 __SHD C:\$RECYCLE.BIN
2012-06-07 03:08 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-07 03:08 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-07 03:08 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-07 03:08 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-07 03:08 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-07 03:08 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-07 03:08 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-07 03:08 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-07 03:00 - 2012-06-07 03:44 - 00000000 ____D C:\Qoobox
2012-06-07 02:57 - 2012-06-07 02:57 - 04538022 ____R (Swearware) C:\Users\Chad\Desktop\ComboFix.exe
2012-06-07 02:52 - 2012-06-07 02:52 - 00000892 ____A C:\Users\Chad\Desktop\checkup.txt
2012-06-07 02:51 - 2012-06-07 02:51 - 00853862 ____A C:\Users\Chad\Desktop\SecurityCheck.exe
2012-06-06 11:44 - 2012-06-06 11:44 - 00011680 ____A C:\Users\Chad\Desktop\Attach.txt
2012-06-04 05:14 - 2012-06-04 05:14 - 00017920 __ASH C:\Users\Chad\Desktop\Thumbs.db
2012-05-31 08:46 - 2012-05-31 08:47 - 00000000 ____D C:\Users\Chad\Desktop\Desktop Items
2012-05-31 08:45 - 2012-05-31 08:45 - 00607260 ____R (Swearware) C:\Users\Chad\Desktop\dds.scr
2012-05-31 08:21 - 2012-06-07 22:59 - 01241400 ____A C:\Windows\ntbtlog.txt
2012-05-09 23:42 - 2012-03-30 22:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-09 23:42 - 2012-03-30 20:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-09 23:42 - 2012-03-30 20:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-09 23:42 - 2012-03-30 19:10 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-09 23:42 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-09 23:42 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-09 23:41 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-09 23:41 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

============ 3 Months Modified Files and Folders =============

2012-06-08 02:23 - 2012-06-08 02:22 - 0000000 ____D C:\FRST
2012-06-07 23:03 - 2010-10-27 22:10 - 1579438080 __ASH C:\hiberfil.sys
2012-06-07 23:03 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-07 23:03 - 2009-07-13 20:51 - 0049688 ____A C:\Windows\setupact.log
2012-06-07 22:59 - 2012-05-31 08:21 - 1241400 ____A C:\Windows\ntbtlog.txt
2012-06-07 11:40 - 2011-10-18 20:23 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-07 11:39 - 2010-10-27 21:37 - 0000000 ____D C:\Users\Chad\AppData\Roaming\Dropbox
2012-06-07 11:38 - 2011-10-18 20:23 - 0000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-07 11:38 - 2010-10-27 21:40 - 0000000 ___RD C:\My Dropbox
2012-06-07 11:37 - 2010-10-28 21:05 - 0111990 ____A C:\Windows\PFRO.log
2012-06-07 03:55 - 2010-10-27 22:13 - 1666603 ____A C:\Windows\WindowsUpdate.log
2012-06-07 03:44 - 2012-06-07 03:44 - 0015994 ____A C:\ComboFix.txt
2012-06-07 03:44 - 2012-06-07 03:00 - 0000000 ____D C:\Qoobox
2012-06-07 03:32 - 2009-07-13 20:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-07 03:32 - 2009-07-13 20:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-07 03:18 - 2012-06-07 03:18 - 0000000 __SHD C:\$RECYCLE.BIN
2012-06-07 03:18 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-06-07 03:16 - 2011-10-28 17:45 - 0000000 ____D C:\Windows\ERDNT
2012-06-07 03:16 - 2009-07-13 18:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-06-07 02:57 - 2012-06-07 02:57 - 4538022 ____R (Swearware) C:\Users\Chad\Desktop\ComboFix.exe
2012-06-07 02:52 - 2012-06-07 02:52 - 0000892 ____A C:\Users\Chad\Desktop\checkup.txt
2012-06-07 02:51 - 2012-06-07 02:51 - 0853862 ____A C:\Users\Chad\Desktop\SecurityCheck.exe
2012-06-06 11:44 - 2012-06-06 11:44 - 0011680 ____A C:\Users\Chad\Desktop\Attach.txt
2012-06-04 05:14 - 2012-06-04 05:14 - 0017920 __ASH C:\Users\Chad\Desktop\Thumbs.db
2012-05-31 08:55 - 2012-02-12 09:18 - 0000000 ____D C:\Users\Chad\AppData\Local\ElevatedDiagnostics
2012-05-31 08:47 - 2012-05-31 08:46 - 0000000 ____D C:\Users\Chad\Desktop\Desktop Items
2012-05-31 08:45 - 2012-05-31 08:45 - 0607260 ____R (Swearware) C:\Users\Chad\Desktop\dds.scr
2012-05-31 06:59 - 2012-02-07 06:15 - 0000000 ____D C:\Users\Chad\AppData\Roaming\MediaMonkey
2012-05-28 15:25 - 2012-02-20 13:09 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-28 15:25 - 2012-02-20 13:09 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-26 10:33 - 2009-07-13 21:13 - 0779266 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-24 05:46 - 2012-05-01 09:51 - 0000000 ____D C:\Program Files (x86)\CDex
2012-05-12 08:20 - 2010-11-13 15:16 - 0000426 ____A C:\Windows\BRWMARK.INI
2012-05-10 00:32 - 2009-07-13 20:45 - 0308784 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-10 00:17 - 2010-11-08 08:29 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-10 00:17 - 2010-10-28 19:58 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-10 00:01 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-08 19:07 - 2012-03-14 05:06 - 0132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-05-08 19:07 - 2012-03-14 05:06 - 0098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2012-05-04 10:39 - 2012-05-04 10:39 - 0000000 ____D C:\Program Files (x86)\AutoHotkey
2012-05-04 10:39 - 2009-07-13 23:45 - 0000000 ____D C:\Windows\ShellNew
2012-05-01 10:06 - 2012-04-30 19:43 - 0005120 ____A C:\Users\Chad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-21 06:20 - 2009-07-13 21:08 - 0032528 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-19 11:21 - 2010-10-27 21:03 - 0000000 ____D C:\Users\Chad\AppData\LocalLow
2012-04-17 08:32 - 2012-04-17 08:32 - 0000000 ____D C:\Windows\Sun
2012-04-17 06:50 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-17 05:10 - 2012-04-17 05:10 - 0000000 ____D C:\Windows\System32\ms-MY
2012-04-17 05:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-TW
2012-04-17 05:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-CN
2012-04-17 05:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sv-SE
2012-04-17 05:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ru-RU
2012-04-17 05:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-PT
2012-04-17 05:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-BR
2012-04-17 05:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pl-PL
2012-04-17 05:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nl-NL
2012-04-17 05:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nb-NO
2012-04-17 05:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ko-KR
2012-04-17 05:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ja-JP
2012-04-17 05:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\it-IT
2012-04-17 05:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hu-HU
2012-04-17 05:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fr-FR
2012-04-17 05:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fi-FI
2012-04-17 05:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-04-17 05:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\el-GR
2012-04-17 05:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\de-DE
2012-04-17 05:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-04-17 05:10 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-04-06 14:59 - 2012-04-06 14:58 - 0000000 ____D C:\Users\Chad\Desktop\Legal Case
2012-03-30 22:05 - 2012-05-09 23:42 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-09 23:42 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-09 23:42 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-09 23:42 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-09 23:41 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 00:09 - 2011-06-21 16:43 - 0773482 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-22 19:05 - 2012-03-22 19:01 - 0000000 ____D C:\Users\All Users\Yammm
2012-03-22 19:01 - 2012-03-22 19:00 - 0000000 ____D C:\Program Files (x86)\Yammm
2012-03-21 15:22 - 2012-03-21 15:22 - 0000000 ____D C:\Users\Chad\.MakeMKV
2012-03-21 15:22 - 2010-10-27 21:03 - 0000000 ____D C:\users\Chad
2012-03-21 15:21 - 2012-03-21 15:21 - 0000000 ____D C:\Program Files (x86)\MakeMKV
2012-03-19 08:57 - 2012-03-19 07:41 - 0000000 ____D C:\Eric
2012-03-16 23:58 - 2012-05-09 23:41 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-14 13:41 - 2012-03-14 13:41 - 0000000 ____D C:\Users\Courtney\AppData\Roaming\MediaMonkey
2012-03-14 13:41 - 2012-03-14 13:41 - 0000000 ____D C:\Users\Courtney\AppData\Local\Aimersoft
2012-03-14 13:02 - 2012-03-14 12:10 - 0000000 ____D C:\Users\All Users\xml_param
2012-03-14 11:44 - 2012-03-14 07:55 - 0000000 ____D C:\Users\Chad\Documents\Aimersoft DRM Media Converter
2012-03-14 07:53 - 2012-03-14 07:53 - 0000000 ____D C:\Users\Chad\AppData\Local\Aimersoft
2012-03-14 07:53 - 2012-03-14 07:53 - 0000000 ____D C:\Program Files (x86)\Aimersoft
2012-03-14 06:02 - 2012-03-14 06:01 - 0000000 ____D C:\Users\Courtney\AppData\Roaming\Google
2012-03-14 06:01 - 2012-03-14 06:01 - 0000000 ____D C:\Users\Courtney\AppData\Roaming\Macromedia
2012-03-14 06:01 - 2012-03-14 06:01 - 0000000 ____D C:\Users\Courtney\AppData\Roaming\Adobe
2012-03-14 06:01 - 2012-03-14 06:01 - 0000000 ____D C:\Users\Courtney\AppData\Local\Google
2012-03-14 06:01 - 2012-03-14 05:10 - 0000000 ____D C:\Users\Courtney\AppData\LocalLow
2012-03-14 05:57 - 2012-03-14 05:11 - 0000000 ____D C:\Users\Courtney\AppData\Roaming\Apple Computer
2012-03-14 05:50 - 2012-03-14 05:50 - 0001755 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-14 05:49 - 2012-03-14 05:49 - 0000000 ____D C:\Program Files\iTunes
2012-03-14 05:49 - 2012-03-14 05:49 - 0000000 ____D C:\Program Files\iPod
2012-03-14 05:23 - 2012-03-14 05:23 - 0000000 ____D C:\Users\Courtney\AppData\Roaming\Avira
2012-03-14 05:20 - 2012-03-14 05:20 - 0068344 ____A C:\Users\Courtney\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-14 05:20 - 2012-03-14 05:20 - 0000000 ____D C:\Users\Courtney\AppData\Local\Apple
2012-03-14 05:19 - 2012-03-14 05:19 - 0000000 ____D C:\Users\Courtney\AppData\Local\Apple Computer
2012-03-14 05:14 - 2012-03-14 05:14 - 0000000 ____D C:\Users\Chad\AppData\Roaming\Avira
2012-03-14 05:11 - 2012-03-14 05:11 - 0000000 ____D C:\Users\Courtney\AppData\Roaming\ICAClient
2012-03-14 05:11 - 2012-03-14 05:11 - 0000000 ____D C:\Users\Courtney\AppData\Local\Citrix
2012-03-14 05:10 - 2012-03-14 05:10 - 0000632 _RASH C:\Users\Courtney\ntuser.pol
2012-03-14 05:10 - 2012-03-14 05:10 - 0000020 ___SH C:\Users\Courtney\ntuser.ini
2012-03-14 05:10 - 2012-03-14 05:10 - 0000000 __SHD C:\Users\Courtney\Templates
2012-03-14 05:10 - 2012-03-14 05:10 - 0000000 __SHD C:\Users\Courtney\Start Menu
2012-03-14 05:10 - 2012-03-14 05:10 - 0000000 __SHD C:\Users\Courtney\PrintHood
2012-03-14 05:10 - 2012-03-14 05:10 - 0000000 __SHD C:\Users\Courtney\NetHood
2012-03-14 05:10 - 2012-03-14 05:10 - 0000000 __SHD C:\Users\Courtney\My Documents
2012-03-14 05:10 - 2012-03-14 05:10 - 0000000 __SHD C:\Users\Courtney\Documents\My Videos
2012-03-14 05:10 - 2012-03-14 05:10 - 0000000 __SHD C:\Users\Courtney\Documents\My Pictures
2012-03-14 05:10 - 2012-03-14 05:10 - 0000000 __SHD C:\Users\Courtney\Documents\My Music
2012-03-14 05:10 - 2012-03-14 05:10 - 0000000 __SHD C:\Users\Courtney\AppData\Local\Temporary Internet Files
2012-03-14 05:10 - 2012-03-14 05:10 - 0000000 __SHD C:\Users\Courtney\AppData\Local\History
2012-03-14 05:10 - 2012-03-14 05:10 - 0000000 ___RD C:\Users\Courtney\Podcasts
2012-03-14 05:10 - 2012-03-14 05:09 - 0000000 ____D C:\users\Courtney
2012-03-14 05:06 - 2012-03-14 05:06 - 0000000 ____D C:\Users\All Users\Avira
2012-03-14 05:06 - 2012-03-14 05:06 - 0000000 ____D C:\Program Files (x86)\Avira
2012-03-14 05:01 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\GroupPolicyUsers
2012-03-13 11:49 - 2010-10-31 06:18 - 0000000 ____D C:\Program Files (x86)\Microsoft Money Plus

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 36%
Total physical RAM: 2008.36 MB
Available physical RAM: 1273.79 MB
Total Pagefile: 2008.36 MB
Available Pagefile: 1264.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:224.2 GB) (Free:66.01 GB) NTFS
4 Drive g: () (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (RECOVERY) (Fixed) (Total:8.61 GB) (Free:3.86 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 78 MB 31 KB
Partition 2 Primary 8 GB 79 MB
Partition 3 Primary 224 GB 8 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 78 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 8 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 224 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3820 MB 4032 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3820 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-29 05:24

======================= End Of Log ==========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:28 PM

Posted 08 June 2012 - 03:04 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 08 June 2012 - 05:15 AM

No problems running either item.

04:48:09.0087 0620 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
04:48:10.0132 0620 ============================================================
04:48:10.0132 0620 Current date / time: 2012/06/08 04:48:10.0132
04:48:10.0132 0620 SystemInfo:
04:48:10.0132 0620
04:48:10.0132 0620 OS Version: 6.1.7601 ServicePack: 1.0
04:48:10.0132 0620 Product type: Workstation
04:48:10.0132 0620 ComputerName: CHAD-LAPTOP
04:48:10.0132 0620 UserName: Chad
04:48:10.0132 0620 Windows directory: C:\Windows
04:48:10.0132 0620 System windows directory: C:\Windows
04:48:10.0132 0620 Running under WOW64
04:48:10.0132 0620 Processor architecture: Intel x64
04:48:10.0132 0620 Number of processors: 2
04:48:10.0132 0620 Page size: 0x1000
04:48:10.0132 0620 Boot type: Safe boot with network
04:48:10.0132 0620 ============================================================
04:48:10.0943 0620 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:48:10.0959 0620 Drive \Device\Harddisk1\DR1 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
04:48:10.0959 0620 ============================================================
04:48:10.0959 0620 \Device\Harddisk0\DR0:
04:48:10.0959 0620 MBR partitions:
04:48:10.0959 0620 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x1139000
04:48:10.0959 0620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1160800, BlocksNum 0x1C064800
04:48:10.0959 0620 \Device\Harddisk1\DR1:
04:48:10.0959 0620 MBR partitions:
04:48:10.0959 0620 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0x776080
04:48:10.0959 0620 ============================================================
04:48:11.0006 0620 C: <-> \Device\Harddisk0\DR0\Partition1
04:48:11.0006 0620 ============================================================
04:48:11.0006 0620 Initialize success
04:48:11.0006 0620 ============================================================
04:48:35.0498 0596 ============================================================
04:48:35.0498 0596 Scan started
04:48:35.0498 0596 Mode: Manual;
04:48:35.0498 0596 ============================================================
04:48:35.0919 0596 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
04:48:35.0934 0596 1394ohci - ok
04:48:35.0997 0596 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
04:48:35.0997 0596 ACPI - ok
04:48:36.0059 0596 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
04:48:36.0059 0596 AcpiPmi - ok
04:48:36.0137 0596 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
04:48:36.0153 0596 adp94xx - ok
04:48:36.0184 0596 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
04:48:36.0184 0596 adpahci - ok
04:48:36.0215 0596 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
04:48:36.0215 0596 adpu320 - ok
04:48:36.0262 0596 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
04:48:36.0278 0596 AeLookupSvc - ok
04:48:36.0371 0596 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
04:48:36.0387 0596 AFD - ok
04:48:36.0434 0596 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
04:48:36.0434 0596 agp440 - ok
04:48:36.0480 0596 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
04:48:36.0480 0596 ALG - ok
04:48:36.0512 0596 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
04:48:36.0543 0596 aliide - ok
04:48:36.0574 0596 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
04:48:36.0574 0596 amdide - ok
04:48:36.0621 0596 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
04:48:36.0621 0596 AmdK8 - ok
04:48:36.0652 0596 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
04:48:36.0652 0596 AmdPPM - ok
04:48:36.0730 0596 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
04:48:36.0730 0596 amdsata - ok
04:48:36.0792 0596 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
04:48:36.0839 0596 amdsbs - ok
04:48:36.0855 0596 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
04:48:36.0870 0596 amdxata - ok
04:48:37.0026 0596 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
04:48:37.0026 0596 AntiVirSchedulerService - ok
04:48:37.0089 0596 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
04:48:37.0104 0596 AntiVirService - ok
04:48:37.0167 0596 ApfiltrService (98449a2957778a6f025c418438a380f4) C:\Windows\system32\DRIVERS\Apfiltr.sys
04:48:37.0167 0596 ApfiltrService - ok
04:48:37.0229 0596 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
04:48:37.0229 0596 AppID - ok
04:48:37.0276 0596 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
04:48:37.0292 0596 AppIDSvc - ok
04:48:37.0338 0596 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
04:48:37.0338 0596 Appinfo - ok
04:48:37.0479 0596 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
04:48:37.0479 0596 Apple Mobile Device - ok
04:48:37.0557 0596 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
04:48:37.0557 0596 arc - ok
04:48:37.0572 0596 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
04:48:37.0572 0596 arcsas - ok
04:48:37.0728 0596 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
04:48:37.0775 0596 aspnet_state - ok
04:48:37.0806 0596 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
04:48:37.0806 0596 AsyncMac - ok
04:48:37.0869 0596 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
04:48:37.0869 0596 atapi - ok
04:48:37.0947 0596 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
04:48:37.0947 0596 AudioEndpointBuilder - ok
04:48:37.0962 0596 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
04:48:37.0962 0596 AudioSrv - ok
04:48:38.0040 0596 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
04:48:38.0040 0596 avgntflt - ok
04:48:38.0072 0596 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
04:48:38.0072 0596 avipbb - ok
04:48:38.0118 0596 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
04:48:38.0118 0596 avkmgr - ok
04:48:38.0181 0596 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
04:48:38.0181 0596 AxInstSV - ok
04:48:38.0243 0596 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
04:48:38.0259 0596 b06bdrv - ok
04:48:38.0306 0596 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
04:48:38.0306 0596 b57nd60a - ok
04:48:38.0477 0596 BCM43XX (fb4fda64f2e8552eaeb5986c3f34462c) C:\Windows\system32\DRIVERS\bcmwl664.sys
04:48:38.0493 0596 BCM43XX - ok
04:48:38.0618 0596 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
04:48:38.0633 0596 BDESVC - ok
04:48:38.0696 0596 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
04:48:38.0696 0596 Beep - ok
04:48:38.0774 0596 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
04:48:38.0774 0596 BFE - ok
04:48:38.0805 0596 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
04:48:38.0945 0596 BITS - ok
04:48:39.0008 0596 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
04:48:39.0008 0596 blbdrive - ok
04:48:39.0117 0596 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
04:48:39.0117 0596 Bonjour Service - ok
04:48:39.0164 0596 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
04:48:39.0164 0596 bowser - ok
04:48:39.0210 0596 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
04:48:39.0210 0596 BrFiltLo - ok
04:48:39.0226 0596 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
04:48:39.0226 0596 BrFiltUp - ok
04:48:39.0242 0596 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
04:48:39.0242 0596 BridgeMP - ok
04:48:39.0288 0596 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
04:48:39.0304 0596 Browser - ok
04:48:39.0351 0596 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys
04:48:39.0366 0596 BrSerIb - ok
04:48:39.0382 0596 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
04:48:39.0382 0596 Brserid - ok
04:48:39.0413 0596 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
04:48:39.0413 0596 BrSerWdm - ok
04:48:39.0444 0596 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
04:48:39.0444 0596 BrUsbMdm - ok
04:48:39.0444 0596 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
04:48:39.0444 0596 BrUsbSer - ok
04:48:39.0476 0596 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
04:48:39.0476 0596 BrUsbSIb - ok
04:48:39.0507 0596 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
04:48:39.0507 0596 BTHMODEM - ok
04:48:39.0554 0596 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
04:48:39.0554 0596 bthserv - ok
04:48:39.0554 0596 catchme - ok
04:48:39.0616 0596 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
04:48:39.0616 0596 cdfs - ok
04:48:39.0678 0596 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
04:48:39.0678 0596 cdrom - ok
04:48:39.0725 0596 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
04:48:39.0741 0596 CertPropSvc - ok
04:48:39.0788 0596 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
04:48:39.0788 0596 circlass - ok
04:48:39.0835 0596 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
04:48:39.0835 0596 CLFS - ok
04:48:39.0928 0596 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:48:39.0928 0596 clr_optimization_v2.0.50727_32 - ok
04:48:40.0006 0596 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:48:40.0022 0596 clr_optimization_v2.0.50727_64 - ok
04:48:40.0115 0596 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:48:40.0287 0596 clr_optimization_v4.0.30319_32 - ok
04:48:40.0349 0596 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:48:40.0443 0596 clr_optimization_v4.0.30319_64 - ok
04:48:40.0490 0596 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
04:48:40.0490 0596 CmBatt - ok
04:48:40.0537 0596 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
04:48:40.0537 0596 cmdide - ok
04:48:40.0599 0596 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
04:48:40.0599 0596 CNG - ok
04:48:40.0677 0596 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
04:48:40.0677 0596 Compbatt - ok
04:48:40.0708 0596 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
04:48:40.0708 0596 CompositeBus - ok
04:48:40.0724 0596 COMSysApp - ok
04:48:40.0739 0596 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
04:48:40.0755 0596 crcdisk - ok
04:48:40.0817 0596 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
04:48:40.0817 0596 CryptSvc - ok
04:48:40.0911 0596 ctxusbm (bf62ff663ae55e4ed99de76881c2c0f1) C:\Windows\system32\DRIVERS\ctxusbm.sys
04:48:40.0911 0596 ctxusbm - ok
04:48:40.0973 0596 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
04:48:40.0973 0596 DcomLaunch - ok
04:48:41.0036 0596 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
04:48:41.0036 0596 defragsvc - ok
04:48:41.0083 0596 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
04:48:41.0083 0596 DfsC - ok
04:48:41.0145 0596 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
04:48:41.0161 0596 Dhcp - ok
04:48:41.0192 0596 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
04:48:41.0192 0596 discache - ok
04:48:41.0223 0596 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
04:48:41.0223 0596 Disk - ok
04:48:41.0270 0596 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
04:48:41.0270 0596 Dnscache - ok
04:48:41.0332 0596 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
04:48:41.0348 0596 dot3svc - ok
04:48:41.0395 0596 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
04:48:41.0395 0596 DPS - ok
04:48:41.0426 0596 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
04:48:41.0426 0596 drmkaud - ok
04:48:41.0488 0596 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
04:48:41.0504 0596 DXGKrnl - ok
04:48:41.0551 0596 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
04:48:41.0551 0596 EapHost - ok
04:48:41.0691 0596 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
04:48:41.0800 0596 ebdrv - ok
04:48:41.0941 0596 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
04:48:41.0941 0596 EFS - ok
04:48:42.0050 0596 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
04:48:42.0065 0596 ehRecvr - ok
04:48:42.0112 0596 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
04:48:42.0112 0596 ehSched - ok
04:48:42.0190 0596 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
04:48:42.0190 0596 elxstor - ok
04:48:42.0237 0596 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
04:48:42.0237 0596 ErrDev - ok
04:48:42.0299 0596 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
04:48:42.0315 0596 EventSystem - ok
04:48:42.0346 0596 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
04:48:42.0346 0596 exfat - ok
04:48:42.0377 0596 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
04:48:42.0377 0596 fastfat - ok
04:48:42.0440 0596 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
04:48:42.0455 0596 Fax - ok
04:48:42.0502 0596 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
04:48:42.0502 0596 fdc - ok
04:48:42.0549 0596 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
04:48:42.0549 0596 fdPHost - ok
04:48:42.0565 0596 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
04:48:42.0565 0596 FDResPub - ok
04:48:42.0580 0596 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
04:48:42.0580 0596 FileInfo - ok
04:48:42.0596 0596 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
04:48:42.0596 0596 Filetrace - ok
04:48:42.0658 0596 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
04:48:42.0658 0596 flpydisk - ok
04:48:42.0705 0596 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
04:48:42.0705 0596 FltMgr - ok
04:48:42.0783 0596 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
04:48:42.0783 0596 FontCache - ok
04:48:42.0877 0596 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:48:42.0877 0596 FontCache3.0.0.0 - ok
04:48:42.0939 0596 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
04:48:42.0939 0596 FsDepends - ok
04:48:42.0970 0596 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
04:48:42.0970 0596 Fs_Rec - ok
04:48:43.0033 0596 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
04:48:43.0033 0596 fvevol - ok
04:48:43.0095 0596 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
04:48:43.0095 0596 gagp30kx - ok
04:48:43.0157 0596 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:48:43.0157 0596 GEARAspiWDM - ok
04:48:43.0235 0596 GoToAssist (8f6ae606eb0cc884ee12c41948424422) C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
04:48:43.0235 0596 GoToAssist - ok
04:48:43.0298 0596 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
04:48:43.0313 0596 gpsvc - ok
04:48:43.0407 0596 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:48:43.0423 0596 gupdate - ok
04:48:43.0438 0596 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:48:43.0438 0596 gupdatem - ok
04:48:43.0485 0596 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
04:48:43.0485 0596 gusvc - ok
04:48:43.0532 0596 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
04:48:43.0532 0596 hcw85cir - ok
04:48:43.0610 0596 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
04:48:43.0610 0596 HdAudAddService - ok
04:48:43.0641 0596 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
04:48:43.0641 0596 HDAudBus - ok
04:48:43.0688 0596 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
04:48:43.0688 0596 HidBatt - ok
04:48:43.0703 0596 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
04:48:43.0703 0596 HidBth - ok
04:48:43.0719 0596 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
04:48:43.0719 0596 HidIr - ok
04:48:43.0750 0596 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
04:48:43.0766 0596 hidserv - ok
04:48:43.0813 0596 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
04:48:43.0813 0596 HidUsb - ok
04:48:43.0859 0596 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
04:48:43.0859 0596 hkmsvc - ok
04:48:43.0906 0596 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
04:48:43.0906 0596 HomeGroupListener - ok
04:48:43.0953 0596 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
04:48:43.0969 0596 HomeGroupProvider - ok
04:48:44.0015 0596 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
04:48:44.0031 0596 HpSAMD - ok
04:48:44.0093 0596 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
04:48:44.0093 0596 HTTP - ok
04:48:44.0140 0596 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
04:48:44.0140 0596 hwpolicy - ok
04:48:44.0187 0596 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
04:48:44.0187 0596 i8042prt - ok
04:48:44.0249 0596 iaStor (4f6fb2cdbdeefc47e7d2066e78254580) C:\Windows\system32\DRIVERS\iaStor.sys
04:48:44.0249 0596 iaStor - ok
04:48:44.0312 0596 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
04:48:44.0327 0596 iaStorV - ok
04:48:44.0499 0596 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:48:44.0515 0596 idsvc - ok
04:48:44.0873 0596 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
04:48:45.0139 0596 igfx - ok
04:48:45.0295 0596 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
04:48:45.0295 0596 iirsp - ok
04:48:45.0373 0596 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
04:48:45.0388 0596 IKEEXT - ok
04:48:45.0419 0596 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
04:48:45.0419 0596 intelide - ok
04:48:45.0482 0596 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
04:48:45.0482 0596 intelppm - ok
04:48:45.0513 0596 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
04:48:45.0513 0596 IPBusEnum - ok
04:48:45.0560 0596 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:48:45.0560 0596 IpFilterDriver - ok
04:48:45.0591 0596 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
04:48:45.0591 0596 iphlpsvc - ok
04:48:45.0638 0596 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
04:48:45.0638 0596 IPMIDRV - ok
04:48:45.0685 0596 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
04:48:45.0685 0596 IPNAT - ok
04:48:45.0825 0596 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
04:48:45.0841 0596 iPod Service - ok
04:48:45.0887 0596 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
04:48:45.0887 0596 IRENUM - ok
04:48:45.0934 0596 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
04:48:45.0934 0596 isapnp - ok
04:48:45.0950 0596 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
04:48:45.0965 0596 iScsiPrt - ok
04:48:45.0997 0596 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
04:48:45.0997 0596 kbdclass - ok
04:48:46.0059 0596 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
04:48:46.0059 0596 kbdhid - ok
04:48:46.0090 0596 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:48:46.0090 0596 KeyIso - ok
04:48:46.0106 0596 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
04:48:46.0106 0596 KSecDD - ok
04:48:46.0121 0596 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
04:48:46.0121 0596 KSecPkg - ok
04:48:46.0184 0596 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
04:48:46.0184 0596 ksthunk - ok
04:48:46.0215 0596 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
04:48:46.0231 0596 KtmRm - ok
04:48:46.0277 0596 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
04:48:46.0293 0596 LanmanServer - ok
04:48:46.0340 0596 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
04:48:46.0340 0596 LanmanWorkstation - ok
04:48:46.0418 0596 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
04:48:46.0418 0596 lltdio - ok
04:48:46.0465 0596 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
04:48:46.0480 0596 lltdsvc - ok
04:48:46.0496 0596 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
04:48:46.0496 0596 lmhosts - ok
04:48:46.0527 0596 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
04:48:46.0527 0596 LSI_FC - ok
04:48:46.0589 0596 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
04:48:46.0589 0596 LSI_SAS - ok
04:48:46.0636 0596 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
04:48:46.0636 0596 LSI_SAS2 - ok
04:48:46.0699 0596 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
04:48:46.0714 0596 LSI_SCSI - ok
04:48:46.0730 0596 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
04:48:46.0745 0596 luafv - ok
04:48:46.0808 0596 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
04:48:46.0808 0596 Mcx2Svc - ok
04:48:46.0823 0596 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
04:48:46.0839 0596 megasas - ok
04:48:46.0870 0596 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
04:48:46.0870 0596 MegaSR - ok
04:48:46.0917 0596 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
04:48:46.0917 0596 MMCSS - ok
04:48:46.0933 0596 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
04:48:46.0964 0596 Modem - ok
04:48:46.0979 0596 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
04:48:46.0979 0596 monitor - ok
04:48:47.0026 0596 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
04:48:47.0026 0596 mouclass - ok
04:48:47.0057 0596 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
04:48:47.0073 0596 mouhid - ok
04:48:47.0104 0596 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
04:48:47.0104 0596 mountmgr - ok
04:48:47.0151 0596 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
04:48:47.0151 0596 mpio - ok
04:48:47.0182 0596 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
04:48:47.0182 0596 mpsdrv - ok
04:48:47.0260 0596 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
04:48:47.0260 0596 MpsSvc - ok
04:48:47.0307 0596 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
04:48:47.0307 0596 MRxDAV - ok
04:48:47.0354 0596 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:48:47.0354 0596 mrxsmb - ok
04:48:47.0401 0596 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:48:47.0401 0596 mrxsmb10 - ok
04:48:47.0416 0596 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:48:47.0432 0596 mrxsmb20 - ok
04:48:47.0463 0596 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
04:48:47.0479 0596 msahci - ok
04:48:47.0510 0596 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
04:48:47.0510 0596 msdsm - ok
04:48:47.0541 0596 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
04:48:47.0557 0596 MSDTC - ok
04:48:47.0603 0596 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
04:48:47.0603 0596 Msfs - ok
04:48:47.0619 0596 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
04:48:47.0619 0596 mshidkmdf - ok
04:48:47.0650 0596 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
04:48:47.0650 0596 msisadrv - ok
04:48:47.0713 0596 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
04:48:47.0713 0596 MSiSCSI - ok
04:48:47.0713 0596 msiserver - ok
04:48:47.0775 0596 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
04:48:47.0775 0596 MSKSSRV - ok
04:48:47.0791 0596 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
04:48:47.0791 0596 MSPCLOCK - ok
04:48:47.0806 0596 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
04:48:47.0806 0596 MSPQM - ok
04:48:47.0853 0596 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
04:48:47.0869 0596 MsRPC - ok
04:48:47.0915 0596 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
04:48:47.0915 0596 mssmbios - ok
04:48:47.0947 0596 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
04:48:47.0947 0596 MSTEE - ok
04:48:47.0962 0596 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
04:48:47.0962 0596 MTConfig - ok
04:48:47.0993 0596 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
04:48:47.0993 0596 Mup - ok
04:48:48.0040 0596 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
04:48:48.0056 0596 napagent - ok
04:48:48.0118 0596 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
04:48:48.0134 0596 NativeWifiP - ok
04:48:48.0212 0596 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
04:48:48.0212 0596 NDIS - ok
04:48:48.0259 0596 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
04:48:48.0259 0596 NdisCap - ok
04:48:48.0274 0596 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
04:48:48.0274 0596 NdisTapi - ok
04:48:48.0321 0596 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
04:48:48.0337 0596 Ndisuio - ok
04:48:48.0383 0596 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
04:48:48.0383 0596 NdisWan - ok
04:48:48.0430 0596 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
04:48:48.0430 0596 NDProxy - ok
04:48:48.0477 0596 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
04:48:48.0477 0596 NetBIOS - ok
04:48:48.0524 0596 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
04:48:48.0524 0596 NetBT - ok
04:48:48.0571 0596 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:48:48.0571 0596 Netlogon - ok
04:48:48.0649 0596 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
04:48:48.0649 0596 Netman - ok
04:48:48.0773 0596 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:48:48.0805 0596 NetMsmqActivator - ok
04:48:48.0820 0596 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:48:48.0820 0596 NetPipeActivator - ok
04:48:48.0883 0596 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
04:48:48.0883 0596 netprofm - ok
04:48:48.0883 0596 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:48:48.0883 0596 NetTcpActivator - ok
04:48:48.0898 0596 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:48:48.0898 0596 NetTcpPortSharing - ok
04:48:48.0961 0596 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
04:48:48.0961 0596 nfrd960 - ok
04:48:49.0023 0596 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
04:48:49.0023 0596 NlaSvc - ok
04:48:49.0039 0596 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
04:48:49.0039 0596 Npfs - ok
04:48:49.0070 0596 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
04:48:49.0070 0596 nsi - ok
04:48:49.0117 0596 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
04:48:49.0117 0596 nsiproxy - ok
04:48:49.0210 0596 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
04:48:49.0226 0596 Ntfs - ok
04:48:49.0366 0596 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
04:48:49.0366 0596 Null - ok
04:48:49.0413 0596 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
04:48:49.0413 0596 nvraid - ok
04:48:49.0444 0596 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
04:48:49.0444 0596 nvstor - ok
04:48:49.0507 0596 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
04:48:49.0507 0596 nv_agp - ok
04:48:49.0694 0596 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
04:48:49.0694 0596 odserv - ok
04:48:49.0725 0596 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
04:48:49.0741 0596 ohci1394 - ok
04:48:49.0819 0596 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:48:49.0819 0596 ose - ok
04:48:49.0865 0596 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
04:48:49.0881 0596 p2pimsvc - ok
04:48:49.0897 0596 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
04:48:49.0897 0596 p2psvc - ok
04:48:49.0943 0596 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
04:48:49.0943 0596 Parport - ok
04:48:50.0006 0596 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
04:48:50.0006 0596 partmgr - ok
04:48:50.0053 0596 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
04:48:50.0053 0596 PcaSvc - ok
04:48:50.0099 0596 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
04:48:50.0099 0596 pci - ok
04:48:50.0115 0596 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
04:48:50.0115 0596 pciide - ok
04:48:50.0162 0596 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
04:48:50.0162 0596 pcmcia - ok
04:48:50.0177 0596 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
04:48:50.0177 0596 pcw - ok
04:48:50.0209 0596 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
04:48:50.0209 0596 PEAUTH - ok
04:48:50.0302 0596 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
04:48:50.0333 0596 PerfHost - ok
04:48:50.0443 0596 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
04:48:50.0458 0596 pla - ok
04:48:50.0521 0596 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
04:48:50.0521 0596 PlugPlay - ok
04:48:50.0567 0596 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
04:48:50.0567 0596 PNRPAutoReg - ok
04:48:50.0599 0596 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
04:48:50.0599 0596 PNRPsvc - ok
04:48:50.0645 0596 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
04:48:50.0645 0596 PolicyAgent - ok
04:48:50.0692 0596 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
04:48:50.0692 0596 Power - ok
04:48:50.0770 0596 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
04:48:50.0770 0596 PptpMiniport - ok
04:48:50.0801 0596 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
04:48:50.0801 0596 Processor - ok
04:48:50.0833 0596 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
04:48:50.0833 0596 ProfSvc - ok
04:48:50.0879 0596 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:48:50.0879 0596 ProtectedStorage - ok
04:48:50.0926 0596 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
04:48:50.0926 0596 Psched - ok
04:48:50.0989 0596 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
04:48:51.0004 0596 ql2300 - ok
04:48:51.0129 0596 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
04:48:51.0129 0596 ql40xx - ok
04:48:51.0176 0596 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
04:48:51.0191 0596 QWAVE - ok
04:48:51.0191 0596 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
04:48:51.0191 0596 QWAVEdrv - ok
04:48:51.0207 0596 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
04:48:51.0207 0596 RasAcd - ok
04:48:51.0254 0596 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
04:48:51.0254 0596 RasAgileVpn - ok
04:48:51.0301 0596 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
04:48:51.0301 0596 RasAuto - ok
04:48:51.0363 0596 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:48:51.0363 0596 Rasl2tp - ok
04:48:51.0410 0596 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
04:48:51.0410 0596 RasMan - ok
04:48:51.0457 0596 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
04:48:51.0457 0596 RasPppoe - ok
04:48:51.0488 0596 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
04:48:51.0488 0596 RasSstp - ok
04:48:51.0535 0596 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
04:48:51.0550 0596 rdbss - ok
04:48:51.0581 0596 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
04:48:51.0581 0596 rdpbus - ok
04:48:51.0597 0596 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:48:51.0597 0596 RDPCDD - ok
04:48:51.0628 0596 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
04:48:51.0628 0596 RDPENCDD - ok
04:48:51.0644 0596 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
04:48:51.0644 0596 RDPREFMP - ok
04:48:51.0691 0596 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
04:48:51.0691 0596 RDPWD - ok
04:48:51.0737 0596 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
04:48:51.0753 0596 rdyboost - ok
04:48:51.0784 0596 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
04:48:51.0784 0596 RemoteAccess - ok
04:48:51.0831 0596 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
04:48:51.0847 0596 RemoteRegistry - ok
04:48:51.0878 0596 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
04:48:51.0878 0596 RpcEptMapper - ok
04:48:51.0909 0596 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
04:48:51.0909 0596 RpcLocator - ok
04:48:51.0956 0596 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
04:48:51.0971 0596 RpcSs - ok
04:48:52.0003 0596 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
04:48:52.0018 0596 rspndr - ok
04:48:52.0049 0596 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:48:52.0049 0596 SamSs - ok
04:48:52.0096 0596 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
04:48:52.0096 0596 sbp2port - ok
04:48:52.0143 0596 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
04:48:52.0143 0596 SCardSvr - ok
04:48:52.0190 0596 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
04:48:52.0190 0596 scfilter - ok
04:48:52.0268 0596 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
04:48:52.0283 0596 Schedule - ok
04:48:52.0346 0596 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
04:48:52.0346 0596 SCPolicySvc - ok
04:48:52.0361 0596 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
04:48:52.0361 0596 SDRSVC - ok
04:48:52.0455 0596 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
04:48:52.0455 0596 secdrv - ok
04:48:52.0502 0596 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
04:48:52.0502 0596 seclogon - ok
04:48:52.0549 0596 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
04:48:52.0549 0596 SENS - ok
04:48:52.0564 0596 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
04:48:52.0580 0596 SensrSvc - ok
04:48:52.0595 0596 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
04:48:52.0595 0596 Serenum - ok
04:48:52.0642 0596 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
04:48:52.0642 0596 Serial - ok
04:48:52.0689 0596 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
04:48:52.0689 0596 sermouse - ok
04:48:52.0736 0596 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
04:48:52.0736 0596 SessionEnv - ok
04:48:52.0767 0596 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
04:48:52.0783 0596 sffdisk - ok
04:48:52.0783 0596 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
04:48:52.0783 0596 sffp_mmc - ok
04:48:52.0798 0596 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
04:48:52.0798 0596 sffp_sd - ok
04:48:52.0845 0596 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
04:48:52.0845 0596 sfloppy - ok
04:48:52.0907 0596 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
04:48:52.0907 0596 SharedAccess - ok
04:48:52.0954 0596 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
04:48:52.0954 0596 ShellHWDetection - ok
04:48:53.0017 0596 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
04:48:53.0017 0596 SiSRaid2 - ok
04:48:53.0032 0596 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
04:48:53.0032 0596 SiSRaid4 - ok
04:48:53.0063 0596 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
04:48:53.0063 0596 Smb - ok
04:48:53.0126 0596 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
04:48:53.0126 0596 SNMPTRAP - ok
04:48:53.0173 0596 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
04:48:53.0173 0596 spldr - ok
04:48:53.0235 0596 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
04:48:53.0235 0596 Spooler - ok
04:48:53.0391 0596 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
04:48:53.0469 0596 sppsvc - ok
04:48:53.0594 0596 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
04:48:53.0594 0596 sppuinotify - ok
04:48:53.0656 0596 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
04:48:53.0656 0596 srv - ok
04:48:53.0687 0596 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
04:48:53.0703 0596 srv2 - ok
04:48:53.0719 0596 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
04:48:53.0734 0596 srvnet - ok
04:48:53.0797 0596 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
04:48:53.0812 0596 SSDPSRV - ok
04:48:53.0828 0596 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
04:48:53.0828 0596 SstpSvc - ok
04:48:53.0859 0596 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
04:48:53.0859 0596 stexstor - ok
04:48:53.0906 0596 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
04:48:53.0906 0596 StillCam - ok
04:48:53.0984 0596 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
04:48:53.0984 0596 stisvc - ok
04:48:54.0031 0596 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
04:48:54.0031 0596 swenum - ok
04:48:54.0077 0596 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
04:48:54.0093 0596 swprv - ok
04:48:54.0171 0596 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
04:48:54.0202 0596 SysMain - ok
04:48:54.0327 0596 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
04:48:54.0327 0596 TabletInputService - ok
04:48:54.0389 0596 tap0901 (0110c9a4a4601b034689c7ffca34c71c) C:\Windows\system32\DRIVERS\tap0901.sys
04:48:54.0389 0596 tap0901 - ok
04:48:54.0421 0596 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
04:48:54.0436 0596 TapiSrv - ok
04:48:54.0467 0596 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
04:48:54.0467 0596 TBS - ok
04:48:54.0561 0596 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
04:48:54.0577 0596 Tcpip - ok
04:48:54.0779 0596 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
04:48:54.0795 0596 TCPIP6 - ok
04:48:54.0935 0596 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
04:48:54.0935 0596 tcpipreg - ok
04:48:54.0998 0596 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
04:48:54.0998 0596 TDPIPE - ok
04:48:55.0029 0596 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
04:48:55.0029 0596 TDTCP - ok
04:48:55.0091 0596 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
04:48:55.0091 0596 tdx - ok
04:48:55.0138 0596 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
04:48:55.0138 0596 TermDD - ok
04:48:55.0201 0596 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
04:48:55.0201 0596 TermService - ok
04:48:55.0247 0596 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
04:48:55.0247 0596 Themes - ok
04:48:55.0294 0596 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
04:48:55.0294 0596 THREADORDER - ok
04:48:55.0325 0596 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
04:48:55.0325 0596 TrkWks - ok
04:48:55.0403 0596 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
04:48:55.0403 0596 TrustedInstaller - ok
04:48:55.0450 0596 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:48:55.0450 0596 tssecsrv - ok
04:48:55.0497 0596 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
04:48:55.0497 0596 TsUsbFlt - ok
04:48:55.0575 0596 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
04:48:55.0575 0596 tunnel - ok
04:48:55.0622 0596 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
04:48:55.0622 0596 uagp35 - ok
04:48:55.0669 0596 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
04:48:55.0669 0596 udfs - ok
04:48:55.0715 0596 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
04:48:55.0715 0596 UI0Detect - ok
04:48:55.0762 0596 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
04:48:55.0762 0596 uliagpkx - ok
04:48:55.0793 0596 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
04:48:55.0793 0596 umbus - ok
04:48:55.0825 0596 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
04:48:55.0825 0596 UmPass - ok
04:48:55.0871 0596 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
04:48:55.0887 0596 upnphost - ok
04:48:55.0918 0596 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
04:48:55.0918 0596 USBAAPL64 - ok
04:48:55.0981 0596 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
04:48:55.0996 0596 usbaudio - ok
04:48:56.0043 0596 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
04:48:56.0043 0596 usbccgp - ok
04:48:56.0090 0596 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
04:48:56.0090 0596 usbcir - ok
04:48:56.0121 0596 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
04:48:56.0121 0596 usbehci - ok
04:48:56.0152 0596 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
04:48:56.0152 0596 usbhub - ok
04:48:56.0199 0596 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
04:48:56.0199 0596 usbohci - ok
04:48:56.0230 0596 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
04:48:56.0230 0596 usbprint - ok
04:48:56.0293 0596 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
04:48:56.0293 0596 usbscan - ok
04:48:56.0308 0596 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:48:56.0308 0596 USBSTOR - ok
04:48:56.0339 0596 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
04:48:56.0339 0596 usbuhci - ok
04:48:56.0386 0596 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
04:48:56.0386 0596 UxSms - ok
04:48:56.0433 0596 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
04:48:56.0433 0596 VaultSvc - ok
04:48:56.0449 0596 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
04:48:56.0449 0596 vdrvroot - ok
04:48:56.0511 0596 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
04:48:56.0511 0596 vds - ok
04:48:56.0589 0596 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
04:48:56.0589 0596 vga - ok
04:48:56.0605 0596 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
04:48:56.0605 0596 VgaSave - ok
04:48:56.0651 0596 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
04:48:56.0651 0596 vhdmp - ok
04:48:56.0683 0596 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
04:48:56.0683 0596 viaide - ok
04:48:56.0698 0596 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
04:48:56.0698 0596 volmgr - ok
04:48:56.0761 0596 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
04:48:56.0761 0596 volmgrx - ok
04:48:56.0807 0596 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
04:48:56.0807 0596 volsnap - ok
04:48:56.0870 0596 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
04:48:56.0870 0596 vsmraid - ok
04:48:56.0963 0596 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
04:48:56.0979 0596 VSS - ok
04:48:57.0104 0596 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
04:48:57.0104 0596 vwifibus - ok
04:48:57.0135 0596 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
04:48:57.0135 0596 vwififlt - ok
04:48:57.0151 0596 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
04:48:57.0151 0596 vwifimp - ok
04:48:57.0213 0596 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
04:48:57.0213 0596 W32Time - ok
04:48:57.0260 0596 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
04:48:57.0260 0596 WacomPen - ok
04:48:57.0322 0596 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:48:57.0322 0596 WANARP - ok
04:48:57.0322 0596 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:48:57.0322 0596 Wanarpv6 - ok
04:48:57.0431 0596 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
04:48:57.0463 0596 WatAdminSvc - ok
04:48:57.0556 0596 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
04:48:57.0572 0596 wbengine - ok
04:48:57.0712 0596 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
04:48:57.0712 0596 WbioSrvc - ok
04:48:57.0775 0596 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
04:48:57.0775 0596 wcncsvc - ok
04:48:57.0837 0596 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
04:48:57.0837 0596 WcsPlugInService - ok
04:48:57.0884 0596 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
04:48:57.0884 0596 Wd - ok
04:48:57.0931 0596 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
04:48:57.0931 0596 Wdf01000 - ok
04:48:57.0946 0596 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
04:48:57.0946 0596 WdiServiceHost - ok
04:48:57.0946 0596 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
04:48:57.0946 0596 WdiSystemHost - ok
04:48:58.0009 0596 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
04:48:58.0009 0596 WebClient - ok
04:48:58.0055 0596 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
04:48:58.0055 0596 Wecsvc - ok
04:48:58.0071 0596 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
04:48:58.0071 0596 wercplsupport - ok
04:48:58.0118 0596 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
04:48:58.0118 0596 WerSvc - ok
04:48:58.0165 0596 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
04:48:58.0165 0596 WfpLwf - ok
04:48:58.0180 0596 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
04:48:58.0180 0596 WIMMount - ok
04:48:58.0227 0596 WinDefend - ok
04:48:58.0243 0596 WinHttpAutoProxySvc - ok
04:48:58.0321 0596 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
04:48:58.0336 0596 Winmgmt - ok
04:48:58.0430 0596 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
04:48:58.0461 0596 WinRM - ok
04:48:58.0633 0596 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
04:48:58.0633 0596 WinUsb - ok
04:48:58.0695 0596 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
04:48:58.0695 0596 Wlansvc - ok
04:48:58.0742 0596 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
04:48:58.0742 0596 WmiAcpi - ok
04:48:58.0835 0596 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
04:48:58.0835 0596 wmiApSrv - ok
04:48:58.0929 0596 WMPNetworkSvc - ok
04:48:59.0054 0596 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) c:\Program Files\New folder\WMZuneComm.exe
04:48:59.0069 0596 WMZuneComm - ok
04:48:59.0101 0596 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
04:48:59.0101 0596 WPCSvc - ok
04:48:59.0147 0596 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
04:48:59.0163 0596 WPDBusEnum - ok
04:48:59.0210 0596 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
04:48:59.0210 0596 ws2ifsl - ok
04:48:59.0257 0596 WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
04:48:59.0272 0596 WsAudio_DeviceS(1) - ok
04:48:59.0319 0596 WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
04:48:59.0319 0596 WsAudio_DeviceS(2) - ok
04:48:59.0335 0596 WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
04:48:59.0335 0596 WsAudio_DeviceS(3) - ok
04:48:59.0381 0596 WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
04:48:59.0381 0596 WsAudio_DeviceS(4) - ok
04:48:59.0381 0596 WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
04:48:59.0381 0596 WsAudio_DeviceS(5) - ok
04:48:59.0413 0596 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
04:48:59.0428 0596 wscsvc - ok
04:48:59.0428 0596 WSearch - ok
04:48:59.0537 0596 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
04:48:59.0569 0596 wuauserv - ok
04:48:59.0693 0596 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
04:48:59.0709 0596 WudfPf - ok
04:48:59.0725 0596 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:48:59.0725 0596 WUDFRd - ok
04:48:59.0771 0596 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
04:48:59.0771 0596 wudfsvc - ok
04:48:59.0834 0596 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
04:48:59.0834 0596 WwanSvc - ok
04:48:59.0927 0596 YammmSvc (55a98f1c8871dff3dff2fd881748b2f7) C:\Program Files (x86)\Yammm\YammmSvc.exe
04:48:59.0927 0596 YammmSvc - ok
04:48:59.0974 0596 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
04:48:59.0974 0596 yukonw7 - ok
04:49:00.0333 0596 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) c:\Program Files\New folder\ZuneNss.exe
04:49:00.0567 0596 ZuneNetworkSvc - ok
04:49:00.0723 0596 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) c:\Program Files\New folder\ZuneWlanCfgSvc.exe
04:49:00.0723 0596 ZuneWlanCfgSvc - ok
04:49:00.0754 0596 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
04:49:00.0895 0596 \Device\Harddisk0\DR0 - ok
04:49:00.0895 0596 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
04:49:00.0910 0596 \Device\Harddisk1\DR1 - ok
04:49:00.0910 0596 Boot (0x1200) (579917a0d8a0fcce6a06dcfe68410a6e) \Device\Harddisk0\DR0\Partition0
04:49:00.0910 0596 \Device\Harddisk0\DR0\Partition0 - ok
04:49:00.0926 0596 Boot (0x1200) (c25ed8448d6f2fbe5cc0d1ca922e1fae) \Device\Harddisk0\DR0\Partition1
04:49:00.0926 0596 \Device\Harddisk0\DR0\Partition1 - ok
04:49:00.0941 0596 Boot (0x1200) (82ba80d1deaaa5d6850f1ef2edff915a) \Device\Harddisk1\DR1\Partition0
04:49:00.0941 0596 \Device\Harddisk1\DR1\Partition0 - ok
04:49:00.0941 0596 ============================================================
04:49:00.0941 0596 Scan finished
04:49:00.0941 0596 ============================================================
04:49:00.0957 1244 Detected object count: 0
04:49:00.0957 1244 Actual detected object count: 0









aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-08 04:51:04
-----------------------------
04:51:04.369 OS Version: Windows x64 6.1.7601 Service Pack 1
04:51:04.369 Number of processors: 2 586 0x170A
04:51:04.369 ComputerName: CHAD-LAPTOP UserName: Chad
04:51:05.695 Initialize success
04:52:19.202 AVAST engine defs: 12060701
04:58:28.143 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
04:58:28.143 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 238475MB BusType: 3
04:58:28.158 Disk 0 MBR read successfully
04:58:28.174 Disk 0 MBR scan
04:58:28.205 Disk 0 Windows 7 default MBR code
04:58:28.205 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
04:58:28.221 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 8818 MB offset 161792
04:58:28.236 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 229577 MB offset 18221056
04:58:28.252 Disk 0 scanning C:\Windows\system32\drivers
04:58:40.030 Service scanning
04:59:33.320 Modules scanning
04:59:33.320 Disk 0 trace - called modules:
04:59:33.413 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
04:59:33.413 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80025726a0]
04:59:33.413 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002292050]
04:59:34.240 AVAST engine scan C:\Windows
04:59:37.251 AVAST engine scan C:\Windows\system32
05:03:04.591 AVAST engine scan C:\Windows\system32\drivers
05:03:19.551 AVAST engine scan C:\Users\Chad
05:09:17.634 AVAST engine scan C:\ProgramData
05:09:55.449 Scan finished successfully
05:14:00.057 Disk 0 MBR has been saved successfully to "C:\Users\Chad\Desktop\MBR.dat"
05:14:00.073 The log file has been saved successfully to "C:\Users\Chad\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:28 PM

Posted 08 June 2012 - 07:43 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 08 June 2012 - 01:58 PM

Normal Windows mode - Computer still running very slow. Cntrl-Alt-Del does not give standard options, but error message instead.

Working in safe mode currently.



Combofix ran. Very slow at end as it restarted in regular Windows mode. Near end as it was preparing the log report, I got the following error again:

c:\windows\system32\GfxUI.exe
"A device attached to the system is not functioning."

Otherwise Combofix ran without error. Log included below.







ComboFix 12-06-07.03 - Chad 06/08/2012 12:20:56.4.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2008.1456 [GMT -5:00]
Running from: c:\users\Chad\Desktop\ComboFix.exe
Command switches used :: c:\users\Chad\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))
.
.
2012-06-08 17:26 . 2012-06-08 17:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-08 17:26 . 2012-06-08 17:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-08 17:26 . 2012-06-08 17:26 -------- d-----w- c:\users\Courtney\AppData\Local\temp
2012-06-08 10:22 . 2012-06-08 10:23 -------- d-----w- C:\FRST
2012-05-19 19:54 . 2012-05-19 19:54 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-10 07:42 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 07:42 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 07:42 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 07:42 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 07:42 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 07:42 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 07:41 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 07:41 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 07:41 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 07:41 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 07:41 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 07:41 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 07:41 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 03:07 . 2012-03-14 13:06 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-09 03:07 . 2012-03-14 13:06 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-10 19:32 . 2012-03-10 19:33 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-03-10 19:32 . 2012-03-10 19:33 567696 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-10 19:22 . 2012-03-10 19:23 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-10 19:22 . 2010-11-05 16:59 660368 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-07_11.18.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-28 05:20 . 2012-06-08 17:30 30476 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-08 17:30 39558 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-28 05:08 . 2012-06-08 17:30 12522 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3338029332-1770023962-912820400-1001_UserData.bin
+ 2010-10-29 05:04 . 2012-06-07 11:55 4540 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-10-29 05:04 . 2012-05-28 23:24 4540 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-06-07 11:16 . 2012-06-07 11:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-08 17:27 . 2012-06-08 17:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-08 17:27 . 2012-06-08 17:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-07 11:16 . 2012-06-07 11:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-05-28 23:24 274332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-07 19:45 274332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-05-10 08:30 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-06-07 11:55 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2011-12-17 13:22 . 2012-05-10 08:31 33066944 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3338029332-1770023962-912820400-1001-12288.dat
+ 2011-12-17 13:22 . 2012-06-07 19:45 33066944 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3338029332-1770023962-912820400-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-19 39408]
"OpenDNS Updater"="c:\program files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"iTunesHelper"="c:\program files\ITunes\iTunesHelper.exe" [2012-03-07 421736]
"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-28 1667072]
.
c:\users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Chad\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
FAXRX.lnk - c:\program files (x86)\Brother\Brmfl07b\FAXRX.exe [2011-7-17 524288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-19 136176]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-19 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\New folder\WMZuneComm.exe [2011-08-05 306400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 YammmSvc;Yet Another Media Meta Manager;c:\program files (x86)\Yammm\YammmSvc.exe [2010-08-03 14336]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-19 04:23]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-19 04:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Chad\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"Zune Launcher"="c:\program files\New folder\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: coxhealth.com\sra
Trusted Zone: coxheath.com\sra
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe
c:\program files (x86)\Brother\Brmfcmon\BrMfimon.exe
c:\program files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
.
**************************************************************************
.
Completion time: 2012-06-08 13:02:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-08 18:02
ComboFix2.txt 2012-06-07 11:44
.
Pre-Run: 70,710,497,280 bytes free
Post-Run: 70,279,499,776 bytes free
.
- - End Of File - - BB939849C35A69F9FAF6F33E47554222

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:28 PM

Posted 08 June 2012 - 04:12 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 08 June 2012 - 09:15 PM

I have been completing all steps in safe mode. Just wanted to make sure you knew this, in case this hides anything in scans. If necessary I can attempt to run items in regular mode; however these will run VERY slow (if at all).

Looking back at some of the logs - my problems started when I tried to download ancient drivers for another computer. What I thought was a driver looked suspicious when I opened it. If I remember correctly, I think this was Qoobox. Just wanted to let you know in case it helps. I assume Combofix eliminates Qoobox, but my knowledge is limited.


No problem with OTL. Log below.


OTL logfile created on: 6/8/2012 8:51:23 PM - Run 1
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\Chad\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 77.41% Memory free
3.92 Gb Paging File | 3.51 Gb Available in Paging File | 89.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224.20 Gb Total Space | 65.59 Gb Free Space | 29.26% Space Free | Partition Type: NTFS

Computer Name: CHAD-LAPTOP | User Name: Chad | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Chad\Desktop\OTL.exe (OldTimer Tools)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - (ZuneWlanCfgSvc) -- c:\Program Files\New folder\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (WMZuneComm) -- c:\Program Files\New folder\WMZuneComm.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- c:\Program Files\New folder\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (YammmSvc) -- C:\Program Files (x86)\Yammm\YammmSvc.exe (Mikinho)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (WsAudio_DeviceS(5)) WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(4)) WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(3)) WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(2)) WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(1)) WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (BrSerIb) Brother MFC Serial Interface Driver(WDM) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (BrUsbSIb) Brother MFC Serial USB Driver(WDM) -- C:\Windows\SysNative\drivers\BrUsbSIb.sys (Brother Industries Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Files/Folders - Created Within 30 Days ==========

[2012/06/08 20:47:23 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Chad\Desktop\OTL.exe
[2012/06/08 13:02:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/08 12:28:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/08 05:22:38 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/08 04:47:00 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Chad\Desktop\aswMBR.exe
[2012/06/08 04:46:40 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chad\Desktop\tdsskiller.exe
[2012/06/07 06:08:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/07 06:08:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/07 06:08:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/07 06:00:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/07 05:57:24 | 004,538,022 | R--- | C] (Swearware) -- C:\Users\Chad\Desktop\ComboFix.exe
[2012/05/31 11:46:00 | 000,000,000 | ---D | C] -- C:\Users\Chad\Desktop\Desktop Items
[2012/05/31 11:45:35 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Chad\Desktop\dds.scr
[2012/05/10 02:42:28 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/10 02:42:23 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/10 02:42:20 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/10 02:42:20 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[2012/06/08 20:47:23 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Desktop\OTL.exe
[2012/06/08 13:50:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/08 13:50:34 | 1579,438,080 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/08 13:41:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/08 13:34:13 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/08 13:07:00 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/08 13:07:00 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/08 05:14:00 | 000,000,512 | ---- | M] () -- C:\Users\Chad\Desktop\MBR.dat
[2012/06/08 04:47:05 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Chad\Desktop\aswMBR.exe
[2012/06/08 04:46:40 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chad\Desktop\tdsskiller.exe
[2012/06/07 06:38:08 | 000,001,055 | ---- | M] () -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/07 06:16:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/07 05:57:25 | 004,538,022 | R--- | M] (Swearware) -- C:\Users\Chad\Desktop\ComboFix.exe
[2012/06/07 05:51:18 | 000,853,862 | ---- | M] () -- C:\Users\Chad\Desktop\SecurityCheck.exe
[2012/05/31 11:45:36 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Chad\Desktop\dds.scr
[2012/05/26 13:33:48 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/26 13:33:48 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/26 13:33:48 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/12 11:20:38 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/05/10 03:32:44 | 000,308,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/06/08 05:14:00 | 000,000,512 | ---- | C] () -- C:\Users\Chad\Desktop\MBR.dat
[2012/06/07 06:08:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/07 06:08:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/07 06:08:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/07 06:08:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/07 06:08:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/07 05:51:18 | 000,853,862 | ---- | C] () -- C:\Users\Chad\Desktop\SecurityCheck.exe
[2012/04/30 22:43:20 | 000,005,120 | ---- | C] () -- C:\Users\Chad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/17 11:15:35 | 000,000,192 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/07/17 11:15:35 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/06/21 19:43:16 | 000,773,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/13 18:16:36 | 000,000,815 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/11/13 18:16:36 | 000,000,159 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/11/13 18:16:08 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/11/13 18:16:08 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7840W.DAT
[2010/11/13 18:14:51 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2010/11/13 18:14:31 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2010/11/13 18:14:25 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2010/11/13 17:53:49 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:28 PM

Posted 08 June 2012 - 10:21 PM

Hello

Qoobox, is a folder from combofix so that is not a problem

It is looking like your problem is not from malware but something else - have you tried to do a system restore to before this happened ?

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 cpotter

cpotter
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 08 June 2012 - 11:06 PM

Same problems. Slow. Hangs often.

Have not tried system restore. Let me know if I should try this.

No problem with OTL script. Log below.



========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Chad\Desktop\cmd.bat deleted successfully.
C:\Users\Chad\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Chad
->Java cache emptied: 0 bytes

User: Courtney
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Chad
->Flash cache emptied: 2154 bytes

User: Courtney
->Flash cache emptied: 737 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.47.0 log created on 06082012_223215




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users