Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google keeps redirecting


  • This topic is locked This topic is locked
20 replies to this topic

#1 Korito

Korito

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 14 June 2012 - 03:00 PM

Hello, I'm haveing trouble with redirecting virus/malware.
I cannot use Google.com, becouse it keeps redirecting me to LinkBucks and also I can not use Gmail, another problem is that I cannot see captchas.
Hope you will be able to help me.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_02
Run by Uporabnik at 21:32:31 on 2012-06-14
Microsoft« Windows VistaÖ Home Basic 6.0.6001.1.1250.386.1060.18.1022.342 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\lxctcoms.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
E:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
E:\Program Files\RocketDock\RocketDock.exe
E:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [RocketDock] "e:\program files\rocketdock\RocketDock.exe"
mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s
mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [LogitechQuickCamRibbon] "e:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Anvi Smart Defender] c:\program files\anvisoft\anvi smart defender\ASDTray.exe
StartupFolder: c:\users\uporab~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\gigaby~1.lnk - c:\program files\gigabyte\gamer hud lite\HUD.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - e:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - e:\programs\partygaming\partypoker\RunApp.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: DhcpNameServer = 70.38.38.4 4.30.72.150

I also tried to run gmer, but for some reason it coused a BSOD.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:45 PM

Posted 15 June 2012 - 12:16 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Korito

Korito
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 15 June 2012 - 08:37 AM

hey, sorry for the late reply... here are the logs you requested

Results of screen317's Security Check version 0.99.41
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware različica 1.61.0.1400
CCleaner
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java version out of date!
Adobe Flash Player 11.3.300.257
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox 4.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Anvisoft Anvi Smart Defender ASDSrv.exe
Alwil Software Avast5 AvastSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````


ComboFix 12-06-15.02 - Uporabnik 15.06.2012 14:16:00.3.2 - x86
Microsoft« Windows VistaÖ Home Basic 6.0.6001.1.1250.386.1060.18.1022.366 [GMT 2:00]
Running from: c:\users\Uporabnik\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\ST6UNST.000
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 13:05 . 2012-06-15 13:12 -------- d-----w- c:\users\Uporabnik\AppData\Local\temp
2012-06-15 13:05 . 2012-06-15 13:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-14 06:25 . 2012-06-14 06:25 -------- d-----w- c:\users\Uporabnik\AppData\Local\Macromedia
2012-06-13 16:17 . 2012-06-13 16:17 -------- d-----w- c:\users\Uporabnik\AppData\Roaming\Anvisoft
2012-06-13 16:15 . 2012-04-27 09:28 23848 ----a-w- c:\windows\system32\drivers\avhips.sys
2012-06-13 16:15 . 2012-04-27 09:28 17704 ----a-w- c:\windows\system32\drivers\avfsmn.sys
2012-06-13 16:14 . 2012-06-13 16:14 -------- d-----w- c:\program files\Anvisoft
2012-06-13 15:44 . 2012-06-13 15:44 388096 ----a-r- c:\users\Uporabnik\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-13 15:44 . 2012-06-13 15:44 -------- d-----w- c:\program files\Trend Micro
2012-06-13 15:31 . 2012-06-13 15:31 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-13 14:48 . 2012-06-13 15:21 -------- d-----w- C:\sh4ldr
2012-06-13 14:48 . 2012-06-13 14:48 -------- d-----w- c:\program files\Enigma Software Group
2012-06-13 14:48 . 2012-06-13 15:21 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-06-13 14:17 . 2012-06-13 14:18 -------- d-----w- c:\program files\HitmanPro
2012-06-13 14:17 . 2012-06-13 14:18 -------- d-----w- c:\programdata\HitmanPro
2012-06-12 11:02 . 2012-01-12 07:26 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-06-12 11:02 . 2012-06-12 11:02 -------- d-----w- c:\program files\Common Files\iS3
2012-06-12 07:31 . 2012-06-12 07:31 -------- d-----w- c:\users\Uporabnik\AppData\Roaming\Malwarebytes
2012-06-12 07:30 . 2012-06-12 07:30 -------- d-----w- c:\programdata\Malwarebytes
2012-06-12 07:30 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 07:22 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{085CA231-6800-475E-AFB5-DCEE48A37CFB}\mpengine.dll
2012-05-29 11:13 . 2012-05-29 11:13 -------- d-----w- c:\program files\WEBZEN
2012-05-29 11:13 . 2012-03-27 17:13 230920 ----a-w- c:\windows\system32\EPWZCmnCtrl.dll
2012-05-29 11:13 . 2012-05-29 11:13 -------- d-----w- c:\programdata\WEBZEN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 06:02 . 2012-06-14 06:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 06:02 . 2011-06-08 20:49 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-12 11:12 . 2012-06-12 11:12 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-29 11:16 . 2012-05-29 11:16 670816 ----a-w- c:\windows\system32\xsherlock.xem
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- e:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"RocketDock"="e:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-07-10 294912]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 106496]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-08 185896]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-14 92704]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"LogitechQuickCamRibbon"="e:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Anvi Smart Defender"="c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-04-28 618280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4278719720-1743152754-3448006120-1000]
"EnableNotificationsRef"=dword:00000003
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 70.38.38.4 4.30.72.150
FF - ProfilePath - c:\users\Uporabnik\AppData\Roaming\Mozilla\Firefox\Profiles\rs3fo7wj.default\
FF - prefs.js: browser.startup.homepage - www.google.si
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-25263323.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-15 15:11
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ByakkoDriver]
"ImagePath"="\??\e:\kabal\EC\Byakko.K32"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4278719720-1743152754-3448006120-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:67,02,e1,30,89,5e,62,a0,43,e6,32,b0,5f,a2,6f,ee,82,ab,10,09,c5,1e,79,
ef,fd,30,1c,ef,ec,23,68,6c,00,07,b5,26,10,fd,bb,37,42,75,5c,eb,da,e0,3c,46,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-4278719720-1743152754-3448006120-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:c3,b2,ad,d8,1e,3e,96,72,be,a6,6f,3f,a6,bc,1a,72,1f,0e,8c,52,2f,
18,bb,8a,6e,b5,66,dc,0a,89,cd,d9,5d,f7,c3,de,c7,6e,da,4b,33,a2,77,23,d3,6b,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6744)
e:\program files\Logitech\SetPoint\lgscroll.dll
e:\program files\Logitech\SetPoint\GameHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
e:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\lxctcoms.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\System32\rundll32.exe
e:\program files\Logitech\SetPoint\SetPoint.exe
c:\program files\GIGABYTE\Gamer HUD Lite\HUD.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2012-06-15 15:31:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 13:26
ComboFix2.txt 2012-06-13 08:27
ComboFix3.txt 2012-06-12 18:59
.
Pre-Run: 6.651.097.088 bytes free
Post-Run: 6.646.185.984 bytes free
.
- - End Of File - - 5CC14B8B382BDE3A6D85E572D34572D2



I noticed, that after I ran both tools I could access my Gmail account, but now facebook redirects me to LinkBucks. Just thought you should know.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:45 PM

Posted 15 June 2012 - 12:21 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Korito

Korito
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 17 June 2012 - 08:42 AM

Hello, again I apologize for the late reply... Here are the scan logs.

15:27:10.0990 1448 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
15:27:14.0974 1448 ============================================================
15:27:14.0974 1448 Current date / time: 2012/06/17 15:27:14.0974
15:27:14.0974 1448 SystemInfo:
15:27:14.0974 1448
15:27:14.0974 1448 OS Version: 6.0.6001 ServicePack: 1.0
15:27:14.0974 1448 Product type: Workstation
15:27:14.0974 1448 ComputerName: UPORABNIK-PC
15:27:14.0974 1448 UserName: Uporabnik
15:27:14.0974 1448 Windows directory: C:\Windows
15:27:14.0974 1448 System windows directory: C:\Windows
15:27:14.0974 1448 Processor architecture: Intel x86
15:27:14.0974 1448 Number of processors: 2
15:27:14.0974 1448 Page size: 0x1000
15:27:14.0974 1448 Boot type: Normal boot
15:27:14.0974 1448 ============================================================
15:27:18.0208 1448 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x64F1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
15:27:18.0396 1448 ============================================================
15:27:18.0396 1448 \Device\Harddisk0\DR0:
15:27:18.0396 1448 MBR partitions:
15:27:18.0396 1448 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x443EED0
15:27:18.0396 1448 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x443F6D0, BlocksNum 0x1305F128
15:27:18.0396 1448 ============================================================
15:27:18.0458 1448 E: <-> \Device\Harddisk0\DR0\Partition1
15:27:18.0490 1448 C: <-> \Device\Harddisk0\DR0\Partition0
15:27:18.0490 1448 ============================================================
15:27:18.0490 1448 Initialize success
15:27:18.0490 1448 ============================================================
15:27:22.0005 3204 ============================================================
15:27:22.0005 3204 Scan started
15:27:22.0005 3204 Mode: Manual;
15:27:22.0005 3204 ============================================================
15:27:23.0443 3204 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
15:27:23.0458 3204 ACPI - ok
15:27:23.0505 3204 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
15:27:23.0537 3204 adp94xx - ok
15:27:23.0568 3204 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
15:27:23.0568 3204 adpahci - ok
15:27:23.0599 3204 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
15:27:23.0615 3204 adpu160m - ok
15:27:23.0630 3204 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
15:27:23.0630 3204 adpu320 - ok
15:27:23.0677 3204 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:27:23.0677 3204 AeLookupSvc - ok
15:27:23.0724 3204 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
15:27:23.0740 3204 AFD - ok
15:27:23.0771 3204 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
15:27:23.0771 3204 agp440 - ok
15:27:23.0802 3204 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:27:23.0802 3204 aic78xx - ok
15:27:23.0833 3204 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
15:27:23.0912 3204 ALG - ok
15:27:23.0927 3204 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
15:27:23.0927 3204 aliide - ok
15:27:23.0958 3204 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
15:27:23.0958 3204 amdagp - ok
15:27:23.0974 3204 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
15:27:23.0974 3204 amdide - ok
15:27:24.0005 3204 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
15:27:24.0005 3204 AmdK7 - ok
15:27:24.0021 3204 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
15:27:24.0021 3204 AmdK8 - ok
15:27:24.0068 3204 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
15:27:24.0068 3204 Appinfo - ok
15:27:24.0115 3204 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
15:27:24.0115 3204 arc - ok
15:27:24.0130 3204 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
15:27:24.0130 3204 arcsas - ok
15:27:24.0287 3204 asdsrv (5b1d3587f1ff82c3585d995cff8566dd) C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
15:27:24.0474 3204 asdsrv - ok
15:27:24.0505 3204 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys
15:27:24.0505 3204 aswFsBlk - ok
15:27:24.0537 3204 aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys
15:27:24.0537 3204 aswMonFlt - ok
15:27:24.0568 3204 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys
15:27:24.0568 3204 aswRdr - ok
15:27:24.0615 3204 aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys
15:27:24.0646 3204 aswSnx - ok
15:27:24.0693 3204 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys
15:27:24.0693 3204 aswSP - ok
15:27:24.0724 3204 aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys
15:27:24.0724 3204 aswTdi - ok
15:27:24.0755 3204 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:27:24.0755 3204 AsyncMac - ok
15:27:24.0787 3204 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
15:27:24.0787 3204 atapi - ok
15:27:24.0833 3204 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
15:27:24.0849 3204 AudioEndpointBuilder - ok
15:27:24.0865 3204 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
15:27:24.0865 3204 Audiosrv - ok
15:27:24.0958 3204 avast! Antivirus (d16c826f375a44802bf317982e81a7e2) E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
15:27:25.0052 3204 avast! Antivirus - ok
15:27:25.0083 3204 avfsmn (70828a932e62442dea70cd248bfe9ed1) C:\Windows\system32\DRIVERS\avfsmn.sys
15:27:25.0083 3204 avfsmn - ok
15:27:25.0099 3204 avhips (f299e1f1231e6eba9c977a12e284b7d1) C:\Windows\system32\DRIVERS\avhips.sys
15:27:25.0115 3204 avhips - ok
15:27:25.0146 3204 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:27:25.0146 3204 Beep - ok
15:27:25.0208 3204 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
15:27:25.0224 3204 BFE - ok
15:27:25.0302 3204 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\system32\qmgr.dll
15:27:25.0333 3204 BITS - ok
15:27:25.0349 3204 blbdrive - ok
15:27:25.0412 3204 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files\Bonjour\mDNSResponder.exe
15:27:25.0505 3204 Bonjour Service - ok
15:27:25.0521 3204 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
15:27:25.0521 3204 bowser - ok
15:27:25.0568 3204 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:27:25.0568 3204 BrFiltLo - ok
15:27:25.0583 3204 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:27:25.0583 3204 BrFiltUp - ok
15:27:25.0599 3204 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
15:27:25.0615 3204 Browser - ok
15:27:25.0630 3204 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:27:25.0630 3204 Brserid - ok
15:27:25.0646 3204 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:27:25.0662 3204 BrSerWdm - ok
15:27:25.0677 3204 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:27:25.0677 3204 BrUsbMdm - ok
15:27:25.0693 3204 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:27:25.0693 3204 BrUsbSer - ok
15:27:25.0708 3204 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:27:25.0724 3204 BTHMODEM - ok
15:27:25.0740 3204 ByakkoDriver - ok
15:27:25.0818 3204 catchme - ok
15:27:25.0849 3204 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:27:25.0865 3204 cdfs - ok
15:27:25.0896 3204 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
15:27:25.0896 3204 cdrom - ok
15:27:25.0943 3204 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
15:27:25.0943 3204 CertPropSvc - ok
15:27:25.0974 3204 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
15:27:25.0974 3204 circlass - ok
15:27:25.0990 3204 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
15:27:26.0005 3204 CLFS - ok
15:27:26.0068 3204 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:27:26.0146 3204 clr_optimization_v2.0.50727_32 - ok
15:27:26.0193 3204 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:27:26.0302 3204 clr_optimization_v4.0.30319_32 - ok
15:27:26.0333 3204 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
15:27:26.0333 3204 cmdide - ok
15:27:26.0365 3204 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
15:27:26.0365 3204 Compbatt - ok
15:27:26.0365 3204 COMSysApp - ok
15:27:26.0380 3204 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
15:27:26.0380 3204 crcdisk - ok
15:27:26.0396 3204 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
15:27:26.0396 3204 Crusoe - ok
15:27:26.0443 3204 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
15:27:26.0458 3204 CryptSvc - ok
15:27:26.0521 3204 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
15:27:26.0537 3204 DcomLaunch - ok
15:27:26.0583 3204 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
15:27:26.0583 3204 DfsC - ok
15:27:26.0693 3204 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
15:27:26.0880 3204 DFSR - ok
15:27:26.0990 3204 dgderdrv - ok
15:27:27.0052 3204 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
15:27:27.0068 3204 Dhcp - ok
15:27:27.0099 3204 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
15:27:27.0099 3204 disk - ok
15:27:27.0115 3204 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
15:27:27.0130 3204 Dnscache - ok
15:27:27.0162 3204 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
15:27:27.0177 3204 dot3svc - ok
15:27:27.0193 3204 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
15:27:27.0208 3204 DPS - ok
15:27:27.0240 3204 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:27:27.0240 3204 drmkaud - ok
15:27:27.0287 3204 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
15:27:27.0318 3204 DXGKrnl - ok
15:27:27.0365 3204 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:27:27.0365 3204 E1G60 - ok
15:27:27.0380 3204 EagleNT - ok
15:27:27.0396 3204 EagleXNt - ok
15:27:27.0443 3204 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
15:27:27.0443 3204 EapHost - ok
15:27:27.0521 3204 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
15:27:27.0537 3204 Ecache - ok
15:27:27.0599 3204 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
15:27:27.0615 3204 elxstor - ok
15:27:27.0677 3204 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
15:27:27.0708 3204 EMDMgmt - ok
15:27:27.0771 3204 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
15:27:27.0771 3204 epmntdrv - ok
15:27:27.0818 3204 esgiguard - ok
15:27:27.0849 3204 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
15:27:27.0865 3204 EuGdiDrv - ok
15:27:27.0896 3204 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
15:27:27.0912 3204 EventSystem - ok
15:27:27.0958 3204 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
15:27:27.0958 3204 exfat - ok
15:27:27.0990 3204 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
15:27:28.0005 3204 fastfat - ok
15:27:28.0037 3204 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:27:28.0037 3204 fdc - ok
15:27:28.0083 3204 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
15:27:28.0083 3204 fdPHost - ok
15:27:28.0099 3204 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:27:28.0115 3204 FDResPub - ok
15:27:28.0130 3204 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:27:28.0130 3204 FileInfo - ok
15:27:28.0162 3204 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:27:28.0177 3204 Filetrace - ok
15:27:28.0255 3204 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:27:28.0396 3204 FLEXnet Licensing Service - ok
15:27:28.0474 3204 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
15:27:28.0490 3204 flpydisk - ok
15:27:28.0552 3204 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
15:27:28.0568 3204 FltMgr - ok
15:27:28.0646 3204 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:27:28.0740 3204 FontCache3.0.0.0 - ok
15:27:28.0802 3204 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
15:27:28.0802 3204 FsUsbExDisk - ok
15:27:28.0833 3204 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:27:28.0833 3204 Fs_Rec - ok
15:27:28.0865 3204 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
15:27:28.0865 3204 gagp30kx - ok
15:27:28.0912 3204 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
15:27:28.0927 3204 gpsvc - ok
15:27:28.0974 3204 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:27:28.0974 3204 HdAudAddService - ok
15:27:29.0005 3204 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:27:29.0021 3204 HDAudBus - ok
15:27:29.0021 3204 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:27:29.0037 3204 HidBth - ok
15:27:29.0052 3204 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:27:29.0052 3204 HidIr - ok
15:27:29.0068 3204 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
15:27:29.0083 3204 hidserv - ok
15:27:29.0099 3204 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
15:27:29.0099 3204 HidUsb - ok
15:27:29.0130 3204 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
15:27:29.0146 3204 hkmsvc - ok
15:27:29.0162 3204 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
15:27:29.0162 3204 HpCISSs - ok
15:27:29.0224 3204 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
15:27:29.0240 3204 HTTP - ok
15:27:29.0255 3204 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
15:27:29.0255 3204 i2omp - ok
15:27:29.0302 3204 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:27:29.0302 3204 i8042prt - ok
15:27:29.0333 3204 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
15:27:29.0349 3204 iaStorV - ok
15:27:29.0443 3204 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:27:29.0630 3204 idsvc - ok
15:27:29.0662 3204 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:27:29.0662 3204 iirsp - ok
15:27:29.0708 3204 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
15:27:29.0724 3204 IKEEXT - ok
15:27:29.0771 3204 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:27:29.0771 3204 intelide - ok
15:27:29.0802 3204 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:27:29.0818 3204 intelppm - ok
15:27:29.0833 3204 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
15:27:29.0849 3204 IPBusEnum - ok
15:27:29.0880 3204 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:27:29.0880 3204 IpFilterDriver - ok
15:27:29.0927 3204 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
15:27:29.0943 3204 iphlpsvc - ok
15:27:29.0943 3204 IpInIp - ok
15:27:29.0974 3204 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
15:27:29.0974 3204 IPMIDRV - ok
15:27:30.0005 3204 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:27:30.0005 3204 IPNAT - ok
15:27:30.0037 3204 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:27:30.0037 3204 IRENUM - ok
15:27:30.0052 3204 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
15:27:30.0052 3204 isapnp - ok
15:27:30.0146 3204 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
15:27:30.0162 3204 iScsiPrt - ok
15:27:30.0177 3204 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:27:30.0177 3204 iteatapi - ok
15:27:30.0208 3204 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:27:30.0208 3204 iteraid - ok
15:27:30.0224 3204 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\Windows\system32\DRIVERS\k750bus.sys
15:27:30.0240 3204 k750bus - ok
15:27:30.0255 3204 k750mdfl (f44521f63c0c00364fa3d59db980de6a) C:\Windows\system32\DRIVERS\k750mdfl.sys
15:27:30.0255 3204 k750mdfl - ok
15:27:30.0271 3204 k750mdm (e93323c3ed5e8923a177740a973c27b2) C:\Windows\system32\DRIVERS\k750mdm.sys
15:27:30.0287 3204 k750mdm - ok
15:27:30.0302 3204 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:27:30.0318 3204 kbdclass - ok
15:27:30.0333 3204 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
15:27:30.0333 3204 kbdhid - ok
15:27:30.0380 3204 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
15:27:30.0490 3204 KeyIso - ok
15:27:30.0537 3204 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
15:27:30.0552 3204 KSecDD - ok
15:27:30.0599 3204 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
15:27:30.0615 3204 KtmRm - ok
15:27:30.0646 3204 L8042mou (bea61fda2103f6f51b14eb0872e8a050) C:\Windows\system32\DRIVERS\L8042mou.Sys
15:27:30.0646 3204 L8042mou - ok
15:27:30.0974 3204 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\System32\srvsvc.dll
15:27:30.0990 3204 LanmanServer - ok
15:27:31.0380 3204 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
15:27:31.0458 3204 LanmanWorkstation - ok
15:27:31.0677 3204 LHidFilt (3fa98339e8d9e007726be62f231e2015) C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:27:31.0693 3204 LHidFilt - ok
15:27:31.0865 3204 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:27:31.0880 3204 lltdio - ok
15:27:32.0271 3204 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
15:27:32.0318 3204 lltdsvc - ok
15:27:32.0396 3204 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:27:32.0427 3204 lmhosts - ok
15:27:32.0646 3204 LMouKE (cab504e38fced9a56d87d838e9ba13e9) C:\Windows\system32\DRIVERS\LMouKE.Sys
15:27:32.0677 3204 LMouKE - ok
15:27:32.0849 3204 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
15:27:32.0865 3204 LSI_FC - ok
15:27:32.0990 3204 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
15:27:33.0005 3204 LSI_SAS - ok
15:27:33.0208 3204 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
15:27:33.0240 3204 LSI_SCSI - ok
15:27:33.0365 3204 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:27:33.0380 3204 luafv - ok
15:27:33.0755 3204 lvpopflt (01f0e010acb61472163e9d02d3ff531a) C:\Windows\system32\DRIVERS\lvpopflt.sys
15:27:33.0802 3204 lvpopflt - ok
15:27:33.0896 3204 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
15:27:33.0912 3204 LVPr2Mon - ok
15:27:34.0505 3204 LVPrcSrv (5c7b88695ce461d8bda4fe0c0e57e71d) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
15:27:34.0724 3204 LVPrcSrv - ok
15:27:35.0224 3204 LVRS (87ecce893d8aec5a9337b917742d339c) C:\Windows\system32\DRIVERS\lvrs.sys
15:27:35.0255 3204 LVRS - ok
15:27:49.0505 3204 LVUVC (291f69b3dda0f033d2490c5ba5179f7c) C:\Windows\system32\DRIVERS\lvuvc.sys
15:27:51.0708 3204 LVUVC - ok
15:27:53.0099 3204 lxct_device - ok
15:27:53.0505 3204 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
15:27:53.0521 3204 megasas - ok
15:27:53.0974 3204 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:27:54.0115 3204 Microsoft Office Groove Audit Service - ok
15:27:54.0271 3204 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:27:54.0302 3204 MMCSS - ok
15:27:54.0396 3204 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:27:54.0427 3204 Modem - ok
15:27:54.0630 3204 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:27:54.0646 3204 monitor - ok
15:27:54.0693 3204 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:27:54.0708 3204 mouclass - ok
15:27:54.0771 3204 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
15:27:54.0771 3204 mouhid - ok
15:27:54.0912 3204 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:27:54.0927 3204 MountMgr - ok
15:27:55.0130 3204 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
15:27:55.0162 3204 mpio - ok
15:27:55.0287 3204 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:27:55.0302 3204 mpsdrv - ok
15:27:56.0302 3204 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
15:27:56.0552 3204 MpsSvc - ok
15:27:56.0943 3204 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:27:56.0974 3204 Mraid35x - ok
15:27:57.0708 3204 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
15:27:57.0724 3204 MRxDAV - ok
15:27:57.0943 3204 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:27:57.0974 3204 mrxsmb - ok
15:27:58.0552 3204 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:27:58.0630 3204 mrxsmb10 - ok
15:27:58.0849 3204 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:27:58.0896 3204 mrxsmb20 - ok
15:27:58.0990 3204 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
15:27:59.0005 3204 msahci - ok
15:27:59.0271 3204 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
15:27:59.0318 3204 msdsm - ok
15:27:59.0599 3204 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
15:27:59.0802 3204 MSDTC - ok
15:27:59.0818 3204 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:27:59.0833 3204 Msfs - ok
15:27:59.0880 3204 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:27:59.0880 3204 msisadrv - ok
15:27:59.0912 3204 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
15:27:59.0912 3204 MSiSCSI - ok
15:27:59.0927 3204 msiserver - ok
15:27:59.0958 3204 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:27:59.0958 3204 MSKSSRV - ok
15:27:59.0990 3204 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:27:59.0990 3204 MSPCLOCK - ok
15:28:00.0005 3204 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:28:00.0021 3204 MSPQM - ok
15:28:00.0052 3204 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
15:28:00.0052 3204 MsRPC - ok
15:28:00.0068 3204 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:28:00.0068 3204 mssmbios - ok
15:28:00.0083 3204 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:28:00.0083 3204 MSTEE - ok
15:28:00.0115 3204 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
15:28:00.0115 3204 Mup - ok
15:28:00.0162 3204 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
15:28:00.0177 3204 napagent - ok
15:28:00.0208 3204 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
15:28:00.0224 3204 NativeWifiP - ok
15:28:00.0255 3204 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
15:28:00.0271 3204 NDIS - ok
15:28:00.0318 3204 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:28:00.0318 3204 NdisTapi - ok
15:28:00.0349 3204 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:28:00.0349 3204 Ndisuio - ok
15:28:00.0380 3204 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
15:28:00.0396 3204 NdisWan - ok
15:28:00.0412 3204 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:28:00.0427 3204 NDProxy - ok
15:28:00.0443 3204 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:28:00.0443 3204 NetBIOS - ok
15:28:00.0490 3204 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
15:28:00.0505 3204 netbt - ok
15:28:00.0537 3204 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
15:28:00.0599 3204 Netlogon - ok
15:28:00.0646 3204 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
15:28:00.0662 3204 Netman - ok
15:28:00.0693 3204 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
15:28:00.0708 3204 netprofm - ok
15:28:00.0740 3204 netrcacm (b128ccc0e4586628d5d6f6a8f1d0778d) C:\Windows\system32\DRIVERS\netrcacm.sys
15:28:00.0740 3204 netrcacm - ok
15:28:00.0802 3204 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:28:00.0896 3204 NetTcpPortSharing - ok
15:28:00.0912 3204 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:28:00.0912 3204 nfrd960 - ok
15:28:00.0958 3204 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
15:28:00.0974 3204 NlaSvc - ok
15:28:01.0021 3204 nmwcd (28e36e677849174c910faaead3e60e9e) C:\Windows\system32\drivers\ccdcmb.sys
15:28:01.0021 3204 nmwcd - ok
15:28:01.0068 3204 nmwcdc (3823deb17f9f6775de0187a98fa0536d) C:\Windows\system32\drivers\ccdcmbo.sys
15:28:01.0068 3204 nmwcdc - ok
15:28:01.0083 3204 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
15:28:01.0099 3204 Npfs - ok
15:28:01.0115 3204 npggsvc - ok
15:28:01.0146 3204 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
15:28:01.0162 3204 nsi - ok
15:28:01.0193 3204 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:28:01.0193 3204 nsiproxy - ok
15:28:01.0271 3204 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
15:28:01.0302 3204 Ntfs - ok
15:28:01.0333 3204 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:28:01.0333 3204 ntrigdigi - ok
15:28:01.0365 3204 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:28:01.0365 3204 Null - ok
15:28:01.0693 3204 nvlddmkm (0013f8cf1322487fb247eae56ef0ed90) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:28:01.0896 3204 nvlddmkm - ok
15:28:01.0990 3204 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
15:28:02.0005 3204 nvraid - ok
15:28:02.0021 3204 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
15:28:02.0021 3204 nvstor - ok
15:28:02.0068 3204 nvsvc (b98bf2d4bd41b61bd0c2def6fb89ef71) C:\Windows\system32\nvvsvc.exe
15:28:02.0130 3204 nvsvc - ok
15:28:02.0162 3204 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
15:28:02.0162 3204 nv_agp - ok
15:28:02.0177 3204 NwlnkFlt - ok
15:28:02.0177 3204 NwlnkFwd - ok
15:28:02.0271 3204 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:28:02.0365 3204 odserv - ok
15:28:02.0396 3204 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
15:28:02.0412 3204 ohci1394 - ok
15:28:02.0427 3204 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:28:02.0552 3204 ose - ok
15:28:02.0599 3204 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
15:28:02.0615 3204 p2pimsvc - ok
15:28:02.0630 3204 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
15:28:02.0646 3204 p2psvc - ok
15:28:02.0677 3204 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
15:28:02.0677 3204 Parport - ok
15:28:02.0724 3204 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
15:28:02.0724 3204 partmgr - ok
15:28:02.0755 3204 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
15:28:02.0755 3204 Parvdm - ok
15:28:02.0787 3204 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
15:28:02.0787 3204 PcaSvc - ok
15:28:02.0833 3204 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
15:28:02.0833 3204 pccsmcfd - ok
15:28:02.0865 3204 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
15:28:02.0880 3204 pci - ok
15:28:02.0912 3204 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
15:28:02.0912 3204 pciide - ok
15:28:02.0958 3204 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:28:02.0958 3204 pcmcia - ok
15:28:03.0021 3204 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:28:03.0037 3204 PEAUTH - ok
15:28:03.0162 3204 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
15:28:03.0240 3204 pla - ok
15:28:03.0318 3204 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
15:28:03.0349 3204 PlugPlay - ok
15:28:03.0380 3204 PnkBstrA (1713d9de407313138118d501b0e3c05b) C:\Windows\system32\PnkBstrA.exe
15:28:03.0443 3204 PnkBstrA - ok
15:28:03.0490 3204 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
15:28:03.0505 3204 PNRPAutoReg - ok
15:28:03.0521 3204 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
15:28:03.0521 3204 PNRPsvc - ok
15:28:03.0568 3204 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
15:28:03.0583 3204 PolicyAgent - ok
15:28:03.0630 3204 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:28:03.0630 3204 PptpMiniport - ok
15:28:03.0662 3204 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
15:28:03.0662 3204 Processor - ok
15:28:03.0693 3204 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
15:28:03.0708 3204 ProfSvc - ok
15:28:03.0724 3204 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
15:28:03.0818 3204 ProtectedStorage - ok
15:28:03.0849 3204 ProtexisLicensing (64e413ba0c529aa40c3924bbcc4153db) C:\Windows\system32\PSIService.exe
15:28:03.0958 3204 ProtexisLicensing - ok
15:28:03.0974 3204 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
15:28:03.0990 3204 PSched - ok
15:28:04.0005 3204 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\Windows\system32\Drivers\PxHelp20.sys
15:28:04.0005 3204 PxHelp20 - ok
15:28:04.0083 3204 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
15:28:04.0130 3204 ql2300 - ok
15:28:04.0146 3204 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:28:04.0146 3204 ql40xx - ok
15:28:04.0193 3204 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
15:28:04.0193 3204 QWAVE - ok
15:28:04.0224 3204 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:28:04.0224 3204 QWAVEdrv - ok
15:28:04.0240 3204 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:28:04.0240 3204 RasAcd - ok
15:28:04.0271 3204 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
15:28:04.0287 3204 RasAuto - ok
15:28:04.0333 3204 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:28:04.0333 3204 Rasl2tp - ok
15:28:04.0365 3204 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
15:28:04.0380 3204 RasMan - ok
15:28:04.0412 3204 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
15:28:04.0412 3204 RasPppoe - ok
15:28:04.0583 3204 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
15:28:04.0599 3204 RasSstp - ok
15:28:04.0630 3204 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
15:28:04.0630 3204 rdbss - ok
15:28:04.0662 3204 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:28:04.0662 3204 RDPCDD - ok
15:28:04.0724 3204 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
15:28:04.0755 3204 rdpdr - ok
15:28:04.0755 3204 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:28:04.0755 3204 RDPENCDD - ok
15:28:04.0833 3204 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
15:28:04.0849 3204 RDPWD - ok
15:28:04.0896 3204 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
15:28:04.0896 3204 RemoteAccess - ok
15:28:04.0943 3204 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
15:28:04.0958 3204 RemoteRegistry - ok
15:28:04.0974 3204 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:28:05.0052 3204 RpcLocator - ok
15:28:05.0099 3204 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\System32\rpcss.dll
15:28:05.0130 3204 RpcSs - ok
15:28:05.0162 3204 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:28:05.0162 3204 rspndr - ok
15:28:05.0193 3204 RT73 (bf4709c002d632170dc15a282813d6b3) C:\Windows\system32\DRIVERS\rt73.sys
15:28:05.0208 3204 RT73 - ok
15:28:05.0240 3204 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
15:28:05.0240 3204 RTL8169 - ok
15:28:05.0271 3204 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
15:28:05.0365 3204 SamSs - ok
15:28:05.0396 3204 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:28:05.0396 3204 sbp2port - ok
15:28:05.0443 3204 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\Windows\system32\drivers\SBREdrv.sys
15:28:05.0443 3204 SBRE - ok
15:28:05.0490 3204 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
15:28:05.0505 3204 SCardSvr - ok
15:28:05.0552 3204 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
15:28:05.0568 3204 Schedule - ok
15:28:05.0615 3204 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
15:28:05.0615 3204 SCPolicySvc - ok
15:28:05.0646 3204 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
15:28:05.0646 3204 SDRSVC - ok
15:28:05.0677 3204 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:28:05.0677 3204 secdrv - ok
15:28:05.0693 3204 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
15:28:05.0708 3204 seclogon - ok
15:28:05.0724 3204 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
15:28:05.0724 3204 SENS - ok
15:28:05.0755 3204 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
15:28:05.0755 3204 Serenum - ok
15:28:05.0771 3204 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
15:28:05.0787 3204 Serial - ok
15:28:05.0802 3204 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:28:05.0802 3204 sermouse - ok
15:28:06.0115 3204 ServiceLayer (5bf59c6bc737baaf541168e5cb2ec1d9) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
15:28:06.0646 3204 ServiceLayer - ok
15:28:06.0708 3204 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
15:28:06.0755 3204 SessionEnv - ok
15:28:06.0849 3204 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
15:28:06.0865 3204 sffdisk - ok
15:28:06.0912 3204 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
15:28:06.0912 3204 sffp_mmc - ok
15:28:06.0943 3204 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
15:28:06.0943 3204 sffp_sd - ok
15:28:07.0005 3204 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:28:07.0037 3204 sfloppy - ok
15:28:07.0615 3204 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
15:28:07.0740 3204 SharedAccess - ok
15:28:08.0240 3204 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
15:28:08.0255 3204 ShellHWDetection - ok
15:28:08.0318 3204 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
15:28:08.0349 3204 sisagp - ok
15:28:08.0490 3204 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
15:28:08.0490 3204 SiSRaid2 - ok
15:28:08.0552 3204 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
15:28:08.0552 3204 SiSRaid4 - ok
15:28:13.0818 3204 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
15:28:15.0771 3204 slsvc - ok
15:28:17.0724 3204 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
15:28:17.0724 3204 SLUINotify - ok
15:28:17.0849 3204 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
15:28:17.0865 3204 Smb - ok
15:28:18.0130 3204 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:28:18.0224 3204 SNMPTRAP - ok
15:28:18.0240 3204 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:28:18.0240 3204 spldr - ok
15:28:18.0318 3204 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
15:28:18.0396 3204 Spooler - ok
15:28:18.0427 3204 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
15:28:18.0443 3204 srv - ok
15:28:18.0490 3204 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
15:28:18.0490 3204 srv2 - ok
15:28:18.0521 3204 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
15:28:18.0521 3204 srvnet - ok
15:28:18.0583 3204 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
15:28:18.0662 3204 SSDPSRV - ok
15:28:18.0708 3204 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
15:28:18.0724 3204 SstpSvc - ok
15:28:18.0755 3204 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\Windows\system32\DRIVERS\ss_bbus.sys
15:28:18.0771 3204 ss_bbus - ok
15:28:18.0787 3204 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
15:28:18.0787 3204 ss_bmdfl - ok
15:28:18.0818 3204 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\Windows\system32\DRIVERS\ss_bmdm.sys
15:28:18.0818 3204 ss_bmdm - ok
15:28:18.0833 3204 ss_bserd (994d2e5378cc337ec7dd73c1e04fcaa4) C:\Windows\system32\DRIVERS\ss_bserd.sys
15:28:18.0849 3204 ss_bserd - ok
15:28:18.0880 3204 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
15:28:18.0912 3204 stisvc - ok
15:28:18.0958 3204 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:28:18.0958 3204 swenum - ok
15:28:19.0068 3204 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:28:19.0177 3204 SwitchBoard - ok
15:28:19.0240 3204 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
15:28:19.0271 3204 swprv - ok
15:28:19.0318 3204 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:28:19.0318 3204 Symc8xx - ok
15:28:19.0333 3204 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:28:19.0333 3204 Sym_hi - ok
15:28:19.0349 3204 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:28:19.0349 3204 Sym_u3 - ok
15:28:19.0412 3204 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
15:28:19.0427 3204 SysMain - ok
15:28:19.0537 3204 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:28:19.0552 3204 TabletInputService - ok
15:28:19.0599 3204 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
15:28:19.0662 3204 TapiSrv - ok
15:28:19.0693 3204 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
15:28:19.0708 3204 TBS - ok
15:28:19.0787 3204 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
15:28:19.0833 3204 Tcpip - ok
15:28:19.0849 3204 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
15:28:19.0849 3204 Tcpip6 - ok
15:28:19.0912 3204 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
15:28:19.0912 3204 tcpipreg - ok
15:28:19.0943 3204 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:28:19.0943 3204 TDPIPE - ok
15:28:19.0958 3204 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:28:19.0958 3204 TDTCP - ok
15:28:19.0990 3204 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
15:28:19.0990 3204 tdx - ok
15:28:20.0021 3204 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
15:28:20.0021 3204 TermDD - ok
15:28:20.0083 3204 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
15:28:20.0130 3204 TermService - ok
15:28:20.0208 3204 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
15:28:20.0208 3204 Themes - ok
15:28:20.0240 3204 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:28:20.0255 3204 THREADORDER - ok
15:28:20.0271 3204 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
15:28:20.0287 3204 TrkWks - ok
15:28:20.0333 3204 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
15:28:20.0396 3204 TrustedInstaller - ok
15:28:20.0490 3204 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:28:20.0490 3204 tssecsrv - ok
15:28:20.0537 3204 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:28:20.0537 3204 tunmp - ok
15:28:20.0615 3204 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
15:28:20.0615 3204 tunnel - ok
15:28:20.0646 3204 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
15:28:20.0646 3204 uagp35 - ok
15:28:20.0677 3204 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
15:28:20.0693 3204 udfs - ok
15:28:20.0724 3204 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
15:28:20.0880 3204 UI0Detect - ok
15:28:20.0912 3204 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
15:28:20.0912 3204 uliagpkx - ok
15:28:20.0943 3204 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
15:28:20.0943 3204 uliahci - ok
15:28:20.0974 3204 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:28:20.0974 3204 UlSata - ok
15:28:20.0990 3204 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:28:21.0005 3204 ulsata2 - ok
15:28:21.0037 3204 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:28:21.0037 3204 umbus - ok
15:28:21.0068 3204 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
15:28:21.0083 3204 upnphost - ok
15:28:21.0115 3204 upperdev (b1b8bee26227dad9835019201552cb05) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
15:28:21.0115 3204 upperdev - ok
15:28:21.0146 3204 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
15:28:21.0146 3204 usbaudio - ok
15:28:21.0193 3204 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:28:21.0193 3204 usbccgp - ok
15:28:21.0224 3204 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:28:21.0224 3204 usbcir - ok
15:28:21.0271 3204 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
15:28:21.0271 3204 usbehci - ok
15:28:21.0302 3204 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
15:28:21.0318 3204 usbhub - ok
15:28:21.0349 3204 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:28:21.0349 3204 usbohci - ok
15:28:21.0380 3204 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:28:21.0380 3204 usbprint - ok
15:28:21.0412 3204 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:28:21.0412 3204 usbscan - ok
15:28:21.0443 3204 usbser (a96191470581a7091420d25ecd444502) C:\Windows\system32\drivers\usbser.sys
15:28:21.0443 3204 usbser - ok
15:28:21.0458 3204 UsbserFilt (98e1ff1d732c6c7200b6c59d4ff8c1c3) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
15:28:21.0458 3204 UsbserFilt - ok
15:28:21.0474 3204 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:28:21.0490 3204 USBSTOR - ok
15:28:21.0521 3204 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:28:21.0521 3204 usbuhci - ok
15:28:21.0552 3204 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
15:28:21.0568 3204 usbvideo - ok
15:28:21.0615 3204 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
15:28:21.0630 3204 UxSms - ok
15:28:21.0662 3204 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
15:28:21.0787 3204 vds - ok
15:28:21.0818 3204 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
15:28:21.0833 3204 vga - ok
15:28:21.0849 3204 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:28:21.0849 3204 VgaSave - ok
15:28:21.0865 3204 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
15:28:21.0865 3204 viaagp - ok
15:28:21.0880 3204 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
15:28:21.0880 3204 ViaC7 - ok
15:28:21.0896 3204 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
15:28:21.0896 3204 viaide - ok
15:28:21.0927 3204 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:28:21.0927 3204 volmgr - ok
15:28:21.0974 3204 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
15:28:21.0990 3204 volmgrx - ok
15:28:22.0021 3204 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
15:28:22.0037 3204 volsnap - ok
15:28:22.0068 3204 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
15:28:22.0068 3204 vsmraid - ok
15:28:22.0162 3204 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
15:28:22.0302 3204 VSS - ok
15:28:22.0333 3204 vtany - ok
15:28:22.0380 3204 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
15:28:22.0396 3204 W32Time - ok
15:28:22.0458 3204 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:28:22.0458 3204 WacomPen - ok
15:28:22.0474 3204 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:28:22.0474 3204 Wanarp - ok
15:28:22.0490 3204 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:28:22.0490 3204 Wanarpv6 - ok
15:28:22.0521 3204 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
15:28:22.0552 3204 wcncsvc - ok
15:28:22.0568 3204 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:28:22.0568 3204 WcsPlugInService - ok
15:28:22.0599 3204 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
15:28:22.0599 3204 Wd - ok
15:28:22.0646 3204 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:28:22.0662 3204 Wdf01000 - ok
15:28:22.0693 3204 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:28:22.0693 3204 WdiServiceHost - ok
15:28:22.0708 3204 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:28:22.0708 3204 WdiSystemHost - ok
15:28:22.0740 3204 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
15:28:22.0755 3204 WebClient - ok
15:28:22.0802 3204 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
15:28:22.0818 3204 Wecsvc - ok
15:28:22.0833 3204 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
15:28:22.0849 3204 wercplsupport - ok
15:28:22.0865 3204 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
15:28:22.0880 3204 WerSvc - ok
15:28:22.0958 3204 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
15:28:22.0958 3204 WinDefend - ok
15:28:23.0005 3204 WinHttpAutoProxySvc - ok
15:28:23.0052 3204 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
15:28:23.0068 3204 Winmgmt - ok
15:28:23.0146 3204 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
15:28:23.0193 3204 WinRM - ok
15:28:23.0240 3204 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
15:28:23.0271 3204 Wlansvc - ok
15:28:23.0396 3204 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:28:23.0552 3204 wlidsvc - ok
15:28:23.0662 3204 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
15:28:23.0662 3204 WmiAcpi - ok
15:28:23.0724 3204 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
15:28:23.0787 3204 wmiApSrv - ok
15:28:23.0880 3204 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:28:24.0005 3204 WMPNetworkSvc - ok
15:28:24.0037 3204 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
15:28:24.0052 3204 WPCSvc - ok
15:28:24.0083 3204 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
15:28:24.0083 3204 WPDBusEnum - ok
15:28:24.0130 3204 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
15:28:24.0130 3204 WpdUsb - ok
15:28:24.0240 3204 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:28:24.0349 3204 WPFFontCache_v0400 - ok
15:28:24.0365 3204 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:28:24.0365 3204 ws2ifsl - ok
15:28:24.0396 3204 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
15:28:24.0412 3204 wscsvc - ok
15:28:24.0427 3204 WSearch - ok
15:28:24.0521 3204 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
15:28:24.0583 3204 wuauserv - ok
15:28:24.0693 3204 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:28:24.0693 3204 WUDFRd - ok
15:28:24.0740 3204 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
15:28:24.0755 3204 wudfsvc - ok
15:28:24.0755 3204 XDva195 - ok
15:28:24.0771 3204 XDva308 - ok
15:28:24.0787 3204 XDva309 - ok
15:28:24.0802 3204 XDva391 - ok
15:28:24.0818 3204 xhunter1 - ok
15:28:24.0880 3204 xsherlock (93781ba7b3346e3d82ec1db30b3b713f) C:\Windows\system32\xsherlock.xem
15:28:24.0912 3204 xsherlock - ok
15:28:25.0005 3204 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:28:25.0349 3204 \Device\Harddisk0\DR0 - ok
15:28:25.0365 3204 Boot (0x1200) (2f6aefc34a1582c1351654ecf492a624) \Device\Harddisk0\DR0\Partition0
15:28:25.0365 3204 \Device\Harddisk0\DR0\Partition0 - ok
15:28:25.0380 3204 Boot (0x1200) (ae4605f3cadaa09b65c8b3bdc1f4af38) \Device\Harddisk0\DR0\Partition1
15:28:25.0380 3204 \Device\Harddisk0\DR0\Partition1 - ok
15:28:25.0380 3204 ============================================================
15:28:25.0380 3204 Scan finished
15:28:25.0380 3204 ============================================================
15:28:25.0396 1824 Detected object count: 0
15:28:25.0396 1824 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-17 15:30:33
-----------------------------
15:30:33.898 OS Version: Windows 6.0.6001 Service Pack 1
15:30:33.898 Number of processors: 2 586 0xF02
15:30:33.900 ComputerName: UPORABNIK-PC UserName: Uporabnik
15:31:10.899 Initialize success
15:31:12.665 AVAST engine defs: 12061700
15:31:27.730 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
15:31:27.733 Disk 0 Vendor: ST3200827AS 3.AAH Size: 190782MB BusType: 3
15:31:27.848 Disk 0 MBR read successfully
15:31:27.850 Disk 0 MBR scan
15:31:28.339 Disk 0 Windows XP default MBR code
15:31:28.355 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 34941 MB offset 2048
15:31:28.782 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 155838 MB offset 71562960
15:31:28.939 Disk 0 scanning sectors +390719480
15:31:29.345 Disk 0 scanning C:\Windows\system32\drivers
15:31:44.252 Service scanning
15:32:08.321 Modules scanning
15:32:13.654 Disk 0 trace - called modules:
15:32:13.674 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
15:32:14.026 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8579dac8]
15:32:14.034 3 CLASSPNP.SYS[86da9745] -> nt!IofCallDriver -> [0x85103a78]
15:32:14.042 5 acpi.sys[806996a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x85127030]
15:32:14.282 AVAST engine scan C:\Windows
15:32:18.922 AVAST engine scan C:\Windows\system32
15:35:29.928 AVAST engine scan C:\Windows\system32\drivers
15:35:41.911 AVAST engine scan C:\Users\Uporabnik
15:36:04.084 Disk 0 MBR has been saved successfully to "C:\Users\Uporabnik\Desktop\MBR.dat"
15:36:04.096 The log file has been saved successfully to "C:\Users\Uporabnik\Desktop\aswMBR.txt"
15:38:20.707 AVAST engine scan C:\ProgramData
15:39:56.150 Scan finished successfully
15:41:39.715 Disk 0 MBR has been saved successfully to "C:\Users\Uporabnik\Desktop\MBR.dat"
15:41:39.721 The log file has been saved successfully to "C:\Users\Uporabnik\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:45 PM

Posted 17 June 2012 - 09:23 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Korito

Korito
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 17 June 2012 - 11:06 AM

Hey, the script didnt fix the problem.
I cannot access google.com, facbook keeps redirecting to LinkBucks. I found out that my brother has the same problem with LinkBucks, we share a wifi connection, maybe this gives you some info to work with. Sorry I can't give you more information.

Here is the Combofix log...

ComboFix 12-06-16.02 - Uporabnik 17.06.2012 16:45:10.4.2 - x86
Microsoft« Windows VistaÖ Home Basic 6.0.6001.1.1250.386.1060.18.1022.434 [GMT 2:00]
Running from: c:\users\Uporabnik\Desktop\ComboFix.exe
Command switches used :: c:\users\Uporabnik\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-17 to 2012-06-17 )))))))))))))))))))))))))))))))
.
.
2012-06-17 15:34 . 2012-06-17 15:40 -------- d-----w- c:\users\Uporabnik\AppData\Local\temp
2012-06-17 15:34 . 2012-06-17 15:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-17 13:02 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F77F8EA9-C709-4162-96F8-571EE9526709}\mpengine.dll
2012-06-14 06:25 . 2012-06-14 06:25 -------- d-----w- c:\users\Uporabnik\AppData\Local\Macromedia
2012-06-14 06:02 . 2012-06-14 06:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 16:17 . 2012-06-13 16:17 -------- d-----w- c:\users\Uporabnik\AppData\Roaming\Anvisoft
2012-06-13 16:15 . 2012-04-27 09:28 23848 ----a-w- c:\windows\system32\drivers\avhips.sys
2012-06-13 16:15 . 2012-04-27 09:28 17704 ----a-w- c:\windows\system32\drivers\avfsmn.sys
2012-06-13 16:14 . 2012-06-13 16:14 -------- d-----w- c:\program files\Anvisoft
2012-06-13 15:44 . 2012-06-13 15:44 388096 ----a-r- c:\users\Uporabnik\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-13 15:44 . 2012-06-13 15:44 -------- d-----w- c:\program files\Trend Micro
2012-06-13 15:31 . 2012-06-13 15:31 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-13 14:48 . 2012-06-13 15:21 -------- d-----w- C:\sh4ldr
2012-06-13 14:48 . 2012-06-13 14:48 -------- d-----w- c:\program files\Enigma Software Group
2012-06-13 14:48 . 2012-06-13 15:21 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-06-13 14:17 . 2012-06-13 14:18 -------- d-----w- c:\program files\HitmanPro
2012-06-13 14:17 . 2012-06-13 14:18 -------- d-----w- c:\programdata\HitmanPro
2012-06-12 11:02 . 2012-01-12 07:26 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-06-12 11:02 . 2012-06-12 11:02 -------- d-----w- c:\program files\Common Files\iS3
2012-06-12 07:31 . 2012-06-12 07:31 -------- d-----w- c:\users\Uporabnik\AppData\Roaming\Malwarebytes
2012-06-12 07:30 . 2012-06-12 07:30 -------- d-----w- c:\programdata\Malwarebytes
2012-06-12 07:30 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-29 11:13 . 2012-05-29 11:13 -------- d-----w- c:\program files\WEBZEN
2012-05-29 11:13 . 2012-03-27 17:13 230920 ----a-w- c:\windows\system32\EPWZCmnCtrl.dll
2012-05-29 11:13 . 2012-05-29 11:13 -------- d-----w- c:\programdata\WEBZEN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 06:02 . 2011-06-08 20:49 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-12 11:12 . 2012-06-12 11:12 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-29 11:16 . 2012-05-29 11:16 670816 ----a-w- c:\windows\system32\xsherlock.xem
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- e:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"RocketDock"="e:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-07-10 294912]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 106496]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-08 185896]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-14 92704]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"LogitechQuickCamRibbon"="e:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Anvi Smart Defender"="c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-04-28 618280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4278719720-1743152754-3448006120-1000]
"EnableNotificationsRef"=dword:00000003
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 70.38.38.4 4.30.72.150
FF - ProfilePath - c:\users\Uporabnik\AppData\Roaming\Mozilla\Firefox\Profiles\rs3fo7wj.default\
FF - prefs.js: browser.startup.homepage - www.google.si
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-17 17:38
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ByakkoDriver]
"ImagePath"="\??\e:\kabal\EC\Byakko.K32"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4278719720-1743152754-3448006120-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:67,02,e1,30,89,5e,62,a0,43,e6,32,b0,5f,a2,6f,ee,82,ab,10,09,c5,1e,79,
ef,fd,30,1c,ef,ec,23,68,6c,00,07,b5,26,10,fd,bb,37,42,75,5c,eb,da,e0,3c,46,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-4278719720-1743152754-3448006120-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:c3,b2,ad,d8,1e,3e,96,72,be,a6,6f,3f,a6,bc,1a,72,1f,0e,8c,52,2f,
18,bb,8a,6e,b5,66,dc,0a,89,cd,d9,5d,f7,c3,de,c7,6e,da,4b,33,a2,77,23,d3,6b,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6912)
e:\program files\Logitech\SetPoint\lgscroll.dll
e:\program files\Logitech\SetPoint\GameHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
e:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\lxctcoms.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
e:\program files\Logitech\SetPoint\SetPoint.exe
c:\program files\GIGABYTE\Gamer HUD Lite\HUD.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2012-06-17 17:55:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-17 15:53
ComboFix2.txt 2012-06-15 13:31
ComboFix3.txt 2012-06-13 08:27
ComboFix4.txt 2012-06-12 18:59
.
Pre-Run: 6.676.852.736 bytes free
Post-Run: 6.702.415.872 bytes free
.
- - End Of File - - 14E5321E7D3744149D532D1C933F9FAD

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:45 PM

Posted 17 June 2012 - 11:45 AM

we are going to check the router

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Korito

Korito
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 17 June 2012 - 11:56 AM

Here are the results of router.bat


Windows IP Configuration

Host Name . . . . . . . . . . . . : Uporabnik-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Brezžiźna omrežna povezava 12:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Belkin 54g Wireless USB Network Adapter #12
Physical Address. . . . . . . . . : 00-1C-DF-58-99-A6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::fdc4:3f27:5b98:ff34%25(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 17. junij 2012 17:36:26
Lease Expires . . . . . . . . . . : 18. junij 2012 14:46:53
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 70.38.38.4
4.30.72.150
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Povezava lokalnega omrežja:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168/8111 Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-15-58-8D-8B-40
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Povezava lokalnega omrežja*:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{FE9E616F-FB4D-4E77-9BEC-BD30B5EBE81A}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Povezava lokalnega omrežja* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Povezava lokalnega omrežja* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{9A9B481A-16A0-4770-B13D-DBF1BAD852AB}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Povezava lokalnega omrežja* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{9A9B481A-16A0-4770-B13D-DBF1BAD852AB}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 70.38.38.4

Name: google.com
Addresses: 2607:f8b0:400b:800::100e
74.125.226.8
74.125.226.3
74.125.226.5
74.125.226.2
74.125.226.4
74.125.226.1
74.125.226.0
74.125.226.14
74.125.226.6
74.125.226.7
74.125.226.9

Server: UnKnown
Address: 70.38.38.4

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70



Pinging google.com [74.125.226.9] with 32 bytes of data:

Reply from 74.125.226.9: bytes=32 time=147ms TTL=48

Reply from 74.125.226.9: bytes=32 time=149ms TTL=48



Ping statistics for 74.125.226.9:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 147ms, Maximum = 149ms, Average = 148ms



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Request timed out.

Reply from 72.30.38.140: bytes=32 time=213ms TTL=51



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 213ms, Maximum = 213ms, Average = 213ms

===========================================================================
Interface List
25 ...00 1c df 58 99 a6 ...... Belkin 54g Wireless USB Network Adapter #12
8 ...00 15 58 8d 8b 40 ...... Realtek RTL8168/8111 Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
11 ...00 00 00 00 00 00 00 e0 isatap.{FE9E616F-FB4D-4E77-9BEC-BD30B5EBE81A}
9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
27 ...00 00 00 00 00 00 00 e0 isatap.{9A9B481A-16A0-4770-B13D-DBF1BAD852AB}
28 ...00 00 00 00 00 00 00 e0 isatap.{9A9B481A-16A0-4770-B13D-DBF1BAD852AB}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 31
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 286
192.168.1.4 255.255.255.255 On-link 192.168.1.4 286
192.168.1.255 255.255.255.255 On-link 192.168.1.4 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
25 286 fe80::/64 On-link
25 286 fe80::fdc4:3f27:5b98:ff34/128
On-link
1 306 ff00::/8 On-link
25 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:45 PM

Posted 17 June 2012 - 12:24 PM

After you have run these steps - you need to let me know how the computer is doing

Resetting Router


  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you donĺt know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Korito

Korito
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 18 June 2012 - 03:02 AM

Hello, I am afraid I have some trouble...
I reset my router, but now i cannot connect to the internet, for some reason I cannot select my network on my computer. It will take a couple of day for my ISP to send someone to check whats wrong. I hope you will not lock this tread and I will respond as soon as i get my internet back.

Cheers!

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:45 PM

Posted 18 June 2012 - 07:53 AM

let me know how it goes when you come back


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Korito

Korito
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 18 June 2012 - 10:50 AM

Hey, I decided to fix the damn router by myself...

Well as far as I know reseting the router fixed everything. Here is the last log...
indows IP Configuration

Host Name . . . . . . . . . . . . : Uporabnik-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Brezžiźna omrežna povezava 12:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Belkin 54g Wireless USB Network Adapter #12
Physical Address. . . . . . . . . : 00-1C-DF-58-99-A6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::fdc4:3f27:5b98:ff34%24(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 18. junij 2012 17:44:26
Lease Expires . . . . . . . . . . : 19. junij 2012 17:44:22
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Povezava lokalnega omrežja:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : telemach.net
Description . . . . . . . . . . . : Realtek RTL8168/8111 Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-15-58-8D-8B-40
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Povezava lokalnega omrežja*:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Povezava lokalnega omrežja* 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3cd2:11c5:3f57:fefd(Preferred)
Link-local IPv6 Address . . . . . : fe80::3cd2:11c5:3f57:fefd%9(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Povezava lokalnega omrežja* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{9A9B481A-16A0-4770-B13D-DBF1BAD852AB}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Povezava lokalnega omrežja* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2a00:1450:4001:c01::8b
173.194.70.101
173.194.70.102
173.194.70.113
173.194.70.138
173.194.70.139
173.194.70.100

Server: UnKnown
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140



Pinging google.com [173.194.70.100] with 32 bytes of data:

Reply from 173.194.70.100: bytes=32 time=34ms TTL=45

Reply from 173.194.70.100: bytes=32 time=32ms TTL=45



Ping statistics for 173.194.70.100:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 32ms, Maximum = 34ms, Average = 33ms



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=215ms TTL=51

Reply from 72.30.38.140: bytes=32 time=205ms TTL=51



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 205ms, Maximum = 215ms, Average = 210ms

===========================================================================
Interface List
24 ...00 1c df 58 99 a6 ...... Belkin 54g Wireless USB Network Adapter #12
8 ...00 15 58 8d 8b 40 ...... Realtek RTL8168/8111 Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
28 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
26 ...00 00 00 00 00 00 00 e0 isatap.{9A9B481A-16A0-4770-B13D-DBF1BAD852AB}
27 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 281
192.168.1.2 255.255.255.255 On-link 192.168.1.2 281
192.168.1.255 255.255.255.255 On-link 192.168.1.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
9 18 ::/0 On-link
1 306 ::1/128 On-link
9 18 2001::/32 On-link
9 266 2001:0:5ef5:79fb:3cd2:11c5:3f57:fefd/128
On-link
24 281 fe80::/64 On-link
9 266 fe80::/64 On-link
9 266 fe80::3cd2:11c5:3f57:fefd/128
On-link
24 281 fe80::fdc4:3f27:5b98:ff34/128
On-link
1 306 ff00::/8 On-link
9 266 ff00::/8 On-link
24 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None




So unless you have anything more to check,you can call this one fixed.
Thank you for your time and patients and of course for the help.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:45 PM

Posted 18 June 2012 - 03:21 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9
ÁTorrent
Java™ 6 Update 2
Java™ SE Runtime Environment 6 Update 1
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop« Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop« Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Korito

Korito
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 18 June 2012 - 05:32 PM

Hey, heres the hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:13:14, on 19.6.2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
E:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\RocketDock\RocketDock.exe
E:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
E:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "E:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RocketDock] "E:\Program Files\RocketDock\RocketDock.exe"
O4 - Startup: GIGABYTE Gamer HUD Lite.lnk = C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\system32\xsherlock.xem

--
End of file - 7599 bytes


I forgot to change the MBAM languege to english, but it didn't find anything anyway... the computer is doiing fine now... its quicker and the internet is working properly.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users