Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google acting strangley avg reporting trojan


  • This topic is locked This topic is locked
23 replies to this topic

#1 Dek8000

Dek8000

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 15 June 2012 - 12:12 PM

hello there,
when i google things and attempt to click on a result i am often directed to ebay or other sites that should not appear. i then thought to run an avg scan and see what was wrong. 9 threats were detected and 7 removed but two remained unhealed. After this i uninstalled chrome and firefox. I ran another whole computer scan and it said services.exe in system32 was the only remaining threat but it cant be deleted because it is an essential windows file. my antivirus has failed me and i still have the problem of redirection from google and sometimes random pages opening when the computer is idle. you're my last hope. the dds log is as follows


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Jarvis-f5 at 17:32:04 on 2012-06-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4094.1603 [GMT 1:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Advent\AIO\Center\ADAIOHostService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Fraps\fraps.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\spool\drivers\x64\3\ADAiO2MUI.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Vtune\TBPANEL.exe
C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Users\Jarvis-f5\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\Jarvis-f5\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Users\Jarvis-f5\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Jarvis-f5\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Jarvis-f5\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Jarvis-f5\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Jarvis-f5\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Users\Jarvis-f5\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Jarvis-f5\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Fraps\fraps64.dat
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Users\Jarvis-f5\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Users\Jarvis-f5\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Jarvis-f5\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /A
uRun: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DHSClient.exe] "C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe" /AUTORUN
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\JARVIS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{D2D6049B-591C-49FC-B2C4-367940923001} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{F7A8DABA-22D9-4B4D-B63E-B7E672CD858F} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{F7A8DABA-22D9-4B4D-B63E-B7E672CD858F}\35B4956333332313 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F7A8DABA-22D9-4B4D-B63E-B7E672CD858F}\6796277696E6D65646961683232373333323 : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO-X64: dTPodcastBHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [DHSClient.exe] "C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe" /AUTORUN
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Advent AIO Network Discovery Service;Advent AIO Network Discovery Service;C:\Program Files (x86)\Advent\AIO\Center\ADAIOHostService.exe [2011-10-14 361904]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 HsdService;HsdService;C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe [2011-10-9 1406264]
R2 iPodDrv;iPodDrv;\??\C:\Windows\system32\drivers\iPodDrv.sys --> C:\Windows\system32\drivers\iPodDrv.sys [?]
R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-3-12 86016]
R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2011-1-12 68928]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-21 2348352]
R2 ServicepointService;ServicepointService;C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe [2011-10-9 689464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-5 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-25 257696]
S3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2011-5-8 21480]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-6-25 1030600]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-5 136176]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-15 00:39:34 -------- d-----w- C:\Program Files\CCleaner
2012-06-15 00:05:36 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-06-14 21:23:08 -------- d-----w- C:\Users\Jarvis-f5\AppData\Roaming\Malwarebytes
2012-06-14 21:23:00 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-13 21:24:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 21:24:27 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 21:24:27 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 21:24:21 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-13 21:24:20 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 21:24:20 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 21:24:19 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 21:24:17 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 21:24:15 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 21:24:15 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-06-13 21:24:08 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 21:24:08 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-13 21:23:59 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 21:23:59 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 21:23:59 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 21:23:59 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 21:23:59 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 21:23:59 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-12 13:38:35 -------- d-----w- C:\Users\Jarvis-f5\AppData\Local\Mozilla
2012-06-11 23:34:28 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-11 13:01:26 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls
2012-05-16 23:15:11 -------- d-----w- C:\Program Files (x86)\Oracle
2012-05-16 23:14:56 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-05 19:03:32 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 19:03:32 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 19:03:24 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-01 21:03:18 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-05-01 21:03:18 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-04-30 15:58:27 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-04-30 12:31:00 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-04-04 17:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 17:32:42.55 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:39 AM

Posted 15 June 2012 - 11:57 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Dek8000

Dek8000
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 16 June 2012 - 06:50 AM

Thank you for responding quickly here is the security check log you require:


Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Internet Security 2011
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.0
Java™ 6 Update 22
Java™ 6 Update 29
Java™ 7 Update 4
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.0)
Mozilla Thunderbird (12.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

after disabling my firewall and closing all my programs I ran combofix but it closed without giving me a log. Anyway after combofix was completed i dont seem to have any more google redirections but i have only been using the pc for a short time. after more testing I can say its done reliably.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:39 AM

Posted 16 June 2012 - 12:07 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Dek8000

Dek8000
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 16 June 2012 - 02:27 PM

combofix did run but once combofix had rebooted the pc for the first it warned me that avg was running even though i could not see any trace of it task manager or as a hidden icon. combofix ran anyway and gave me a log to post this time. here it is

ComboFix 12-06-15.06 - Jarvis-f5 16/06/2012 18:45:17.1.2 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4094.2783 [GMT 1:00]
Running from: c:\users\Jarvis-f5\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dekk8000\AppData\Local\assembly\tmp
c:\users\Dekk8000\AppData\Local\Setup.exe
c:\users\Jarvis-f5\AppData\Roaming\61ba6476.dat
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{2225b047-b719-0b6a-dde3-202a4066ee28}\@
c:\windows\Installer\{2225b047-b719-0b6a-dde3-202a4066ee28}\L\00000004.@
c:\windows\Installer\{2225b047-b719-0b6a-dde3-202a4066ee28}\L\1afb2d56
c:\windows\Installer\{2225b047-b719-0b6a-dde3-202a4066ee28}\L\201d3dde
c:\windows\Installer\{2225b047-b719-0b6a-dde3-202a4066ee28}\U\00000004.@
c:\windows\Installer\{2225b047-b719-0b6a-dde3-202a4066ee28}\U\00000008.@
c:\windows\Installer\{2225b047-b719-0b6a-dde3-202a4066ee28}\U\000000cb.@
c:\windows\Installer\{2225b047-b719-0b6a-dde3-202a4066ee28}\U\80000000.@
c:\windows\Installer\{2225b047-b719-0b6a-dde3-202a4066ee28}\U\80000032.@
c:\windows\Installer\{2225b047-b719-0b6a-dde3-202a4066ee28}\U\80000064.@
c:\windows\SysWow64\avisynth.dll
c:\windows\SysWow64\devil.dll
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-16 to 2012-06-16 )))))))))))))))))))))))))))))))
.
.
2012-06-16 17:54 . 2012-06-16 17:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-16 17:54 . 2012-06-16 17:54 -------- d-----w- c:\users\Dekk8000\AppData\Local\temp
2012-06-16 17:54 . 2012-06-16 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-15 00:39 . 2012-06-15 00:39 -------- d-----w- c:\program files\CCleaner
2012-06-15 00:05 . 2012-06-15 00:05 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-06-14 21:23 . 2012-06-14 21:23 -------- d-----w- c:\users\Jarvis-f5\AppData\Roaming\Malwarebytes
2012-06-14 21:23 . 2012-06-15 00:01 -------- d-----w- c:\programdata\Malwarebytes
2012-06-13 21:24 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 21:24 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 21:24 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 21:24 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 21:24 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 21:24 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 21:24 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 21:24 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 21:24 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-13 21:24 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 21:24 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 21:24 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 21:23 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 21:23 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 21:23 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 21:23 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 21:23 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 21:23 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-12 13:38 . 2012-06-12 13:38 -------- d-----w- c:\users\Jarvis-f5\AppData\Local\Mozilla
2012-06-11 23:34 . 2012-06-11 23:34 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-11 13:03 . 2012-06-11 13:09 -------- d-----w- c:\users\Dekk8000\Crack
2012-06-11 13:01 . 2012-06-11 13:01 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls
2012-05-22 14:04 . 2012-05-22 14:04 -------- d-----w- c:\users\Dekk8000\AppData\Roaming\Ubisoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 19:03 . 2012-04-25 15:15 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 19:03 . 2011-05-18 16:02 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 19:03 . 2012-04-25 16:04 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-01 21:03 . 2012-04-30 13:03 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-01 21:03 . 2012-04-30 12:31 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-30 15:58 . 2012-04-30 12:31 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-30 12:31 . 2012-04-30 12:31 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-04 17:47 . 2012-05-16 23:14 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-04-04 17:47 . 2011-04-26 23:11 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-30 11:35 . 2012-05-09 16:27 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-20 880496]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2010-09-02 2158592]
"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2012-02-27 112400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DHSClient.exe"="c:\program files (x86)\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Jarvis-f5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-4-21 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 Advent AIO Network Discovery Service;Advent AIO Network Discovery Service;c:\program files (x86)\Advent\AIO\Center\ADAIOHostService.exe [2011-10-14 361904]
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe [2011-03-09 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]
R2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-01-12 68928]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-25 1030600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S2 HsdService;HsdService;c:\program files (x86)\Virgin Media\Digital Home Support\HsdService.exe [2011-03-23 1406264]
S2 ServicepointService;ServicepointService;c:\program files (x86)\Virgin Media\Service Manager\ServicepointService.exe [2011-03-25 689464]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 19:03]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 12:01]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 12:01]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1341693668-3249360109-1911408350-1000Core.job
- c:\users\Jarvis-f5\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-22 03:36]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1341693668-3249360109-1911408350-1000UA.job
- c:\users\Jarvis-f5\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-22 03:36]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1341693668-3249360109-1911408350-1003Core.job
- c:\users\Dekk8000\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-22 10:01]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1341693668-3249360109-1911408350-1003UA.job
- c:\users\Dekk8000\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-22 10:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"ADAiO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\ADAiO2MUI.exe" [2010-10-18 2779136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Garrys Mod Update #1 - 0:\program files (x86)\Garrys Mod Final [DiGiTALZONE] 2010 Edition\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,a3,0c,d3,35,91,7d,42,a0,e6,f6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,a3,0c,d3,35,91,7d,42,a0,e6,f6,\
.
[HKEY_USERS\S-1-5-21-1341693668-3249360109-1911408350-1000\Software\SecuROM\License information*]
"datasecu"=hex:62,6b,8a,33,a0,8e,8c,77,d8,8e,a3,63,cb,2e,c2,d0,d1,ae,13,2f,0e,
d7,b9,01,67,3e,3b,89,c9,26,81,f6,bc,01,d8,5e,fe,52,6a,26,3a,82,8f,6e,aa,60,\
"rkeysecu"=hex:b1,15,eb,16,7e,b7,2d,1e,42,23,07,71,e1,b8,32,78
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-16 19:03:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-16 18:03
.
Pre-Run: 22,058,336,256 bytes free
Post-Run: 24,036,597,760 bytes free
.
- - End Of File - - 6E793610EB890880F11A839E007375A2

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:39 AM

Posted 16 June 2012 - 10:03 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Dek8000

Dek8000
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 17 June 2012 - 09:24 AM

After the first scan of TDSSkiller no threats were found and the same with aswMBR and the machine seems to be running like normal
here is the report for the TDSSkiller followed by the report for aswMBR


14:49:50.0765 6012 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
14:49:52.0213 6012 ============================================================
14:49:52.0213 6012 Current date / time: 2012/06/17 14:49:52.0213
14:49:52.0213 6012 SystemInfo:
14:49:52.0213 6012
14:49:52.0213 6012 OS Version: 6.1.7601 ServicePack: 1.0
14:49:52.0213 6012 Product type: Workstation
14:49:52.0213 6012 ComputerName: THE-BEAST
14:49:52.0214 6012 UserName: Dekk8000
14:49:52.0214 6012 Windows directory: C:\Windows
14:49:52.0214 6012 System windows directory: C:\Windows
14:49:52.0214 6012 Running under WOW64
14:49:52.0214 6012 Processor architecture: Intel x64
14:49:52.0214 6012 Number of processors: 2
14:49:52.0214 6012 Page size: 0x1000
14:49:52.0214 6012 Boot type: Normal boot
14:49:52.0214 6012 ============================================================
14:49:53.0849 6012 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:49:53.0862 6012 Drive \Device\Harddisk0\DR0 - Size: 0x25432CDE00 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
14:49:53.0878 6012 ============================================================
14:49:53.0878 6012 \Device\Harddisk1\DR1:
14:49:53.0878 6012 MBR partitions:
14:49:53.0878 6012 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
14:49:53.0878 6012 \Device\Harddisk0\DR0:
14:49:53.0878 6012 MBR partitions:
14:49:53.0878 6012 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18000
14:49:53.0878 6012 ============================================================
14:49:53.0923 6012 C: <-> \Device\Harddisk1\DR1\Partition0
14:49:53.0944 6012 D: <-> \Device\Harddisk0\DR0\Partition0
14:49:53.0945 6012 ============================================================
14:49:53.0945 6012 Initialize success
14:49:53.0945 6012 ============================================================
14:50:20.0714 4648 ============================================================
14:50:20.0714 4648 Scan started
14:50:20.0714 4648 Mode: Manual;
14:50:20.0714 4648 ============================================================
14:50:22.0457 4648 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
14:50:22.0463 4648 1394ohci - ok
14:50:22.0491 4648 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:50:22.0497 4648 ACPI - ok
14:50:22.0508 4648 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:50:22.0512 4648 AcpiPmi - ok
14:50:22.0629 4648 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:50:22.0631 4648 AdobeARMservice - ok
14:50:22.0777 4648 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:50:22.0782 4648 AdobeFlashPlayerUpdateSvc - ok
14:50:22.0878 4648 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:50:22.0888 4648 adp94xx - ok
14:50:22.0921 4648 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:50:22.0980 4648 adpahci - ok
14:50:23.0014 4648 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:50:23.0018 4648 adpu320 - ok
14:50:23.0152 4648 Advent AIO Network Discovery Service (7dac769f048f78fab96b4b5cec713301) C:\Program Files (x86)\Advent\AIO\Center\ADAIOHostService.exe
14:50:23.0158 4648 Advent AIO Network Discovery Service - ok
14:50:23.0175 4648 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:50:23.0177 4648 AeLookupSvc - ok
14:50:23.0232 4648 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:50:23.0255 4648 AFD - ok
14:50:23.0282 4648 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:50:23.0285 4648 agp440 - ok
14:50:23.0321 4648 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:50:23.0323 4648 ALG - ok
14:50:23.0347 4648 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:50:23.0350 4648 aliide - ok
14:50:23.0359 4648 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:50:23.0362 4648 amdide - ok
14:50:23.0400 4648 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:50:23.0403 4648 AmdK8 - ok
14:50:23.0420 4648 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:50:23.0423 4648 AmdPPM - ok
14:50:23.0457 4648 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:50:23.0465 4648 amdsata - ok
14:50:23.0487 4648 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:50:23.0491 4648 amdsbs - ok
14:50:23.0502 4648 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:50:23.0504 4648 amdxata - ok
14:50:23.0521 4648 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:50:23.0524 4648 AppID - ok
14:50:23.0540 4648 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:50:23.0541 4648 AppIDSvc - ok
14:50:23.0562 4648 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:50:23.0564 4648 Appinfo - ok
14:50:23.0662 4648 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:50:23.0664 4648 Apple Mobile Device - ok
14:50:23.0711 4648 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:50:23.0715 4648 AppMgmt - ok
14:50:23.0741 4648 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:50:23.0744 4648 arc - ok
14:50:23.0760 4648 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:50:23.0763 4648 arcsas - ok
14:50:23.0937 4648 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:50:23.0951 4648 aspnet_state - ok
14:50:23.0975 4648 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:50:23.0978 4648 AsyncMac - ok
14:50:24.0017 4648 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:50:24.0018 4648 atapi - ok
14:50:24.0059 4648 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:50:24.0067 4648 AudioEndpointBuilder - ok
14:50:24.0076 4648 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:50:24.0082 4648 AudioSrv - ok
14:50:24.0154 4648 Avgfwfd (705417fd6c165ccf926aca943b478d68) C:\Windows\system32\DRIVERS\avgfwd6a.sys
14:50:24.0163 4648 Avgfwfd - ok
14:50:24.0322 4648 avgfws (2f0c5ae2352f22b587edc2829c971262) C:\Program Files (x86)\AVG\AVG10\avgfws.exe
14:50:24.0351 4648 avgfws - ok
14:50:24.0642 4648 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
14:50:24.0721 4648 AVGIDSAgent - ok
14:50:24.0874 4648 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
14:50:24.0878 4648 AVGIDSDriver - ok
14:50:24.0912 4648 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
14:50:24.0914 4648 AVGIDSEH - ok
14:50:24.0932 4648 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
14:50:24.0934 4648 AVGIDSFilter - ok
14:50:24.0959 4648 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
14:50:24.0963 4648 Avgldx64 - ok
14:50:24.0977 4648 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
14:50:24.0980 4648 Avgmfx64 - ok
14:50:24.0999 4648 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
14:50:25.0001 4648 Avgrkx64 - ok
14:50:25.0054 4648 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
14:50:25.0060 4648 Avgtdia - ok
14:50:25.0123 4648 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
14:50:25.0128 4648 avgwd - ok
14:50:25.0166 4648 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:50:25.0169 4648 AxInstSV - ok
14:50:25.0225 4648 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:50:25.0233 4648 b06bdrv - ok
14:50:25.0285 4648 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:50:25.0291 4648 b57nd60a - ok
14:50:25.0340 4648 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:50:25.0343 4648 BDESVC - ok
14:50:25.0364 4648 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:50:25.0366 4648 Beep - ok
14:50:25.0428 4648 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:50:25.0437 4648 BFE - ok
14:50:25.0474 4648 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:50:25.0486 4648 BITS - ok
14:50:25.0527 4648 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:50:25.0535 4648 blbdrive - ok
14:50:25.0658 4648 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:50:25.0665 4648 Bonjour Service - ok
14:50:25.0724 4648 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:50:25.0729 4648 bowser - ok
14:50:25.0744 4648 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:50:25.0745 4648 BrFiltLo - ok
14:50:25.0757 4648 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:50:25.0758 4648 BrFiltUp - ok
14:50:25.0774 4648 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:50:25.0778 4648 BridgeMP - ok
14:50:25.0816 4648 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:50:25.0821 4648 Browser - ok
14:50:25.0844 4648 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:50:25.0849 4648 Brserid - ok
14:50:25.0865 4648 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:50:25.0868 4648 BrSerWdm - ok
14:50:25.0901 4648 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:50:25.0903 4648 BrUsbMdm - ok
14:50:25.0908 4648 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:50:25.0911 4648 BrUsbSer - ok
14:50:25.0935 4648 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:50:25.0938 4648 BTHMODEM - ok
14:50:25.0981 4648 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:50:25.0983 4648 bthserv - ok
14:50:25.0996 4648 catchme - ok
14:50:26.0017 4648 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:50:26.0019 4648 cdfs - ok
14:50:26.0048 4648 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:50:26.0051 4648 cdrom - ok
14:50:26.0083 4648 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:50:26.0085 4648 CertPropSvc - ok
14:50:26.0102 4648 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:50:26.0105 4648 circlass - ok
14:50:26.0138 4648 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:50:26.0142 4648 CLFS - ok
14:50:26.0202 4648 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:50:26.0205 4648 clr_optimization_v2.0.50727_32 - ok
14:50:26.0269 4648 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:50:26.0273 4648 clr_optimization_v2.0.50727_64 - ok
14:50:26.0492 4648 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:50:26.0495 4648 clr_optimization_v4.0.30319_32 - ok
14:50:26.0520 4648 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:50:26.0524 4648 clr_optimization_v4.0.30319_64 - ok
14:50:26.0544 4648 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:50:26.0546 4648 CmBatt - ok
14:50:26.0555 4648 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:50:26.0563 4648 cmdide - ok
14:50:26.0619 4648 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:50:26.0639 4648 CNG - ok
14:50:26.0659 4648 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:50:26.0662 4648 Compbatt - ok
14:50:26.0685 4648 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:50:26.0688 4648 CompositeBus - ok
14:50:26.0691 4648 COMSysApp - ok
14:50:26.0803 4648 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys
14:50:26.0805 4648 cpuz134 - ok
14:50:26.0819 4648 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:50:26.0821 4648 crcdisk - ok
14:50:26.0881 4648 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:50:26.0889 4648 CryptSvc - ok
14:50:26.0925 4648 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:50:26.0933 4648 CSC - ok
14:50:26.0970 4648 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:50:26.0978 4648 CscService - ok
14:50:27.0021 4648 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
14:50:27.0034 4648 DAUpdaterSvc - ok
14:50:27.0070 4648 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:50:27.0077 4648 DcomLaunch - ok
14:50:27.0114 4648 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:50:27.0118 4648 defragsvc - ok
14:50:27.0150 4648 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:50:27.0152 4648 DfsC - ok
14:50:27.0192 4648 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:50:27.0198 4648 Dhcp - ok
14:50:27.0214 4648 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:50:27.0217 4648 discache - ok
14:50:27.0249 4648 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:50:27.0251 4648 Disk - ok
14:50:27.0278 4648 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
14:50:27.0281 4648 dmvsc - ok
14:50:27.0327 4648 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:50:27.0337 4648 Dnscache - ok
14:50:27.0370 4648 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:50:27.0374 4648 dot3svc - ok
14:50:27.0396 4648 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:50:27.0402 4648 DPS - ok
14:50:27.0435 4648 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:50:27.0438 4648 drmkaud - ok
14:50:27.0490 4648 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:50:27.0505 4648 DXGKrnl - ok
14:50:27.0535 4648 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:50:27.0539 4648 EapHost - ok
14:50:27.0643 4648 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:50:27.0684 4648 ebdrv - ok
14:50:27.0785 4648 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:50:27.0793 4648 EFS - ok
14:50:27.0869 4648 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:50:27.0878 4648 ehRecvr - ok
14:50:27.0901 4648 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:50:27.0905 4648 ehSched - ok
14:50:28.0004 4648 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:50:28.0012 4648 elxstor - ok
14:50:28.0020 4648 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:50:28.0022 4648 ErrDev - ok
14:50:28.0074 4648 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:50:28.0080 4648 EventSystem - ok
14:50:28.0111 4648 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:50:28.0120 4648 exfat - ok
14:50:28.0139 4648 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:50:28.0143 4648 fastfat - ok
14:50:28.0197 4648 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:50:28.0205 4648 Fax - ok
14:50:28.0222 4648 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:50:28.0226 4648 fdc - ok
14:50:28.0241 4648 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:50:28.0242 4648 fdPHost - ok
14:50:28.0260 4648 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:50:28.0272 4648 FDResPub - ok
14:50:28.0302 4648 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:50:28.0307 4648 FileInfo - ok
14:50:28.0322 4648 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:50:28.0324 4648 Filetrace - ok
14:50:28.0437 4648 FLEXnet Licensing Service 64 (259dc094e2d3f08654c8fb73d8ecc0f5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
14:50:28.0589 4648 FLEXnet Licensing Service 64 - ok
14:50:28.0609 4648 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:50:28.0617 4648 flpydisk - ok
14:50:28.0641 4648 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:50:28.0647 4648 FltMgr - ok
14:50:28.0717 4648 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:50:28.0737 4648 FontCache - ok
14:50:28.0797 4648 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:50:28.0802 4648 FontCache3.0.0.0 - ok
14:50:28.0830 4648 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:50:28.0836 4648 FsDepends - ok
14:50:28.0889 4648 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
14:50:28.0891 4648 fssfltr - ok
14:50:29.0005 4648 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:50:29.0024 4648 fsssvc - ok
14:50:29.0116 4648 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:50:29.0118 4648 Fs_Rec - ok
14:50:29.0147 4648 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:50:29.0150 4648 fvevol - ok
14:50:29.0180 4648 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:50:29.0182 4648 gagp30kx - ok
14:50:29.0247 4648 gdrv (5ea3b256225d79a4b07a2cac6276b23d) C:\Windows\gdrv.sys
14:50:29.0254 4648 gdrv - ok
14:50:29.0284 4648 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:50:29.0287 4648 GEARAspiWDM - ok
14:50:29.0356 4648 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:50:29.0366 4648 gpsvc - ok
14:50:29.0493 4648 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:50:29.0496 4648 gupdate - ok
14:50:29.0518 4648 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:50:29.0520 4648 gupdatem - ok
14:50:29.0579 4648 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
14:50:29.0602 4648 hamachi - ok
14:50:29.0829 4648 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
14:50:29.0854 4648 Hamachi2Svc - ok
14:50:29.0886 4648 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:50:29.0889 4648 hcw85cir - ok
14:50:29.0929 4648 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:50:29.0934 4648 HdAudAddService - ok
14:50:29.0962 4648 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:50:29.0965 4648 HDAudBus - ok
14:50:29.0998 4648 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:50:30.0000 4648 HidBatt - ok
14:50:30.0020 4648 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:50:30.0023 4648 HidBth - ok
14:50:30.0038 4648 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:50:30.0041 4648 HidIr - ok
14:50:30.0061 4648 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:50:30.0064 4648 hidserv - ok
14:50:30.0097 4648 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:50:30.0099 4648 HidUsb - ok
14:50:30.0120 4648 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:50:30.0123 4648 hkmsvc - ok
14:50:30.0147 4648 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:50:30.0155 4648 HomeGroupListener - ok
14:50:30.0179 4648 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:50:30.0186 4648 HomeGroupProvider - ok
14:50:30.0221 4648 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:50:30.0226 4648 HpSAMD - ok
14:50:30.0667 4648 HsdService (eac76a9283e8b2192351e5c0b3820624) C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe
14:50:30.0697 4648 HsdService - ok
14:50:30.0747 4648 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:50:30.0757 4648 HTTP - ok
14:50:30.0767 4648 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:50:30.0767 4648 hwpolicy - ok
14:50:30.0797 4648 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:50:30.0797 4648 i8042prt - ok
14:50:30.0847 4648 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:50:30.0857 4648 iaStorV - ok
14:50:30.0977 4648 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:50:30.0997 4648 idsvc - ok
14:50:30.0997 4648 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:50:31.0007 4648 iirsp - ok
14:50:31.0067 4648 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:50:31.0077 4648 IKEEXT - ok
14:50:31.0272 4648 IntcAzAudAddService (150ac23f21dbdbf8488408ba944b0d65) C:\Windows\system32\drivers\RTKVHD64.sys
14:50:31.0321 4648 IntcAzAudAddService - ok
14:50:31.0364 4648 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:50:31.0368 4648 intelide - ok
14:50:31.0390 4648 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:50:31.0392 4648 intelppm - ok
14:50:31.0420 4648 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:50:31.0423 4648 IPBusEnum - ok
14:50:31.0441 4648 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:50:31.0444 4648 IpFilterDriver - ok
14:50:31.0480 4648 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:50:31.0488 4648 iphlpsvc - ok
14:50:31.0509 4648 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:50:31.0512 4648 IPMIDRV - ok
14:50:31.0570 4648 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:50:31.0574 4648 IPNAT - ok
14:50:31.0660 4648 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
14:50:31.0674 4648 iPod Service - ok
14:50:31.0736 4648 iPodDrv (02def37ab75e0032c50724646f708de8) C:\Windows\system32\drivers\iPodDrv.sys
14:50:31.0738 4648 iPodDrv - ok
14:50:31.0788 4648 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:50:31.0790 4648 IRENUM - ok
14:50:31.0803 4648 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:50:31.0808 4648 isapnp - ok
14:50:31.0836 4648 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:50:31.0841 4648 iScsiPrt - ok
14:50:31.0861 4648 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:50:31.0869 4648 kbdclass - ok
14:50:31.0884 4648 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:50:31.0886 4648 kbdhid - ok
14:50:31.0937 4648 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:50:31.0939 4648 KeyIso - ok
14:50:31.0956 4648 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:50:31.0960 4648 KSecDD - ok
14:50:31.0985 4648 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:50:31.0989 4648 KSecPkg - ok
14:50:32.0003 4648 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:50:32.0006 4648 ksthunk - ok
14:50:32.0040 4648 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:50:32.0047 4648 KtmRm - ok
14:50:32.0092 4648 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:50:32.0098 4648 LanmanServer - ok
14:50:32.0121 4648 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:50:32.0125 4648 LanmanWorkstation - ok
14:50:32.0148 4648 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:50:32.0155 4648 lltdio - ok
14:50:32.0197 4648 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:50:32.0202 4648 lltdsvc - ok
14:50:32.0218 4648 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:50:32.0221 4648 lmhosts - ok
14:50:32.0248 4648 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:50:32.0254 4648 LSI_FC - ok
14:50:32.0274 4648 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:50:32.0284 4648 LSI_SAS - ok
14:50:32.0304 4648 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:50:32.0304 4648 LSI_SAS2 - ok
14:50:32.0334 4648 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:50:32.0344 4648 LSI_SCSI - ok
14:50:32.0364 4648 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:50:32.0364 4648 luafv - ok
14:50:32.0654 4648 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
14:50:32.0654 4648 McComponentHostService - ok
14:50:32.0714 4648 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
14:50:32.0744 4648 mcdbus - ok
14:50:32.0764 4648 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:50:32.0774 4648 Mcx2Svc - ok
14:50:32.0784 4648 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:50:32.0794 4648 megasas - ok
14:50:32.0814 4648 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:50:32.0824 4648 MegaSR - ok
14:50:33.0064 4648 mi-raysat_3dsmax2010_64 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
14:50:33.0084 4648 mi-raysat_3dsmax2010_64 - ok
14:50:33.0144 4648 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:50:33.0154 4648 Microsoft Office Groove Audit Service - ok
14:50:33.0174 4648 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:50:33.0174 4648 MMCSS - ok
14:50:33.0194 4648 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:50:33.0194 4648 Modem - ok
14:50:33.0224 4648 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:50:33.0224 4648 monitor - ok
14:50:33.0281 4648 MotioninJoyXFilter (eb03d4164e7f10b601d280413655ade4) C:\Windows\system32\DRIVERS\MijXfilt.sys
14:50:33.0299 4648 MotioninJoyXFilter - ok
14:50:33.0324 4648 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:50:33.0326 4648 mouclass - ok
14:50:33.0343 4648 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:50:33.0345 4648 mouhid - ok
14:50:33.0376 4648 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:50:33.0378 4648 mountmgr - ok
14:50:33.0436 4648 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:50:33.0439 4648 MozillaMaintenance - ok
14:50:33.0458 4648 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:50:33.0462 4648 mpio - ok
14:50:33.0493 4648 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:50:33.0496 4648 mpsdrv - ok
14:50:33.0530 4648 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:50:33.0546 4648 MRxDAV - ok
14:50:33.0592 4648 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:50:33.0619 4648 mrxsmb - ok
14:50:33.0673 4648 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:50:33.0713 4648 mrxsmb10 - ok
14:50:33.0761 4648 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:50:33.0778 4648 mrxsmb20 - ok
14:50:33.0795 4648 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:50:33.0813 4648 msahci - ok
14:50:33.0830 4648 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:50:33.0846 4648 msdsm - ok
14:50:33.0865 4648 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:50:33.0871 4648 MSDTC - ok
14:50:33.0885 4648 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:50:33.0890 4648 Msfs - ok
14:50:33.0923 4648 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:50:33.0944 4648 mshidkmdf - ok
14:50:33.0956 4648 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:50:33.0959 4648 msisadrv - ok
14:50:33.0997 4648 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:50:34.0017 4648 MSiSCSI - ok
14:50:34.0021 4648 msiserver - ok
14:50:34.0060 4648 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:50:34.0074 4648 MSKSSRV - ok
14:50:34.0119 4648 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:50:34.0135 4648 MSPCLOCK - ok
14:50:34.0149 4648 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:50:34.0154 4648 MSPQM - ok
14:50:34.0180 4648 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:50:34.0200 4648 MsRPC - ok
14:50:34.0211 4648 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:50:34.0232 4648 mssmbios - ok
14:50:34.0243 4648 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:50:34.0249 4648 MSTEE - ok
14:50:34.0275 4648 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:50:34.0300 4648 MTConfig - ok
14:50:34.0307 4648 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:50:34.0329 4648 Mup - ok
14:50:34.0362 4648 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:50:34.0372 4648 napagent - ok
14:50:34.0444 4648 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:50:34.0464 4648 NativeWifiP - ok
14:50:34.0524 4648 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:50:34.0534 4648 NDIS - ok
14:50:34.0564 4648 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:50:34.0564 4648 NdisCap - ok
14:50:34.0610 4648 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:50:34.0612 4648 NdisTapi - ok
14:50:34.0636 4648 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:50:34.0636 4648 Ndisuio - ok
14:50:34.0656 4648 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:50:34.0676 4648 NdisWan - ok
14:50:34.0696 4648 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:50:34.0716 4648 NDProxy - ok
14:50:34.0739 4648 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:50:34.0750 4648 NetBIOS - ok
14:50:34.0768 4648 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:50:34.0788 4648 NetBT - ok
14:50:34.0828 4648 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:50:34.0828 4648 Netlogon - ok
14:50:34.0888 4648 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:50:34.0906 4648 Netman - ok
14:50:35.0030 4648 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:50:35.0040 4648 NetMsmqActivator - ok
14:50:35.0060 4648 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:50:35.0060 4648 NetPipeActivator - ok
14:50:35.0112 4648 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:50:35.0112 4648 netprofm - ok
14:50:35.0202 4648 netr28ux (883269c1ca478658f1334f3c39b0c7ac) C:\Windows\system32\DRIVERS\netr28ux.sys
14:50:35.0222 4648 netr28ux - ok
14:50:35.0232 4648 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:50:35.0232 4648 NetTcpActivator - ok
14:50:35.0242 4648 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:50:35.0242 4648 NetTcpPortSharing - ok
14:50:35.0292 4648 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:50:35.0295 4648 nfrd960 - ok
14:50:35.0324 4648 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:50:35.0330 4648 NlaSvc - ok
14:50:35.0447 4648 nlsX86cc (1e38790bdea07472c4b16add469e9912) C:\Windows\SysWOW64\NLSSRV32.EXE
14:50:35.0450 4648 nlsX86cc - ok
14:50:35.0506 4648 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:50:35.0508 4648 Npfs - ok
14:50:35.0520 4648 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:50:35.0522 4648 nsi - ok
14:50:35.0558 4648 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:50:35.0561 4648 nsiproxy - ok
14:50:35.0713 4648 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:50:35.0731 4648 Ntfs - ok
14:50:35.0794 4648 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:50:35.0796 4648 Null - ok
14:50:35.0841 4648 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
14:50:35.0846 4648 NVHDA - ok
14:50:36.0295 4648 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:50:36.0434 4648 nvlddmkm - ok
14:50:36.0531 4648 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:50:36.0534 4648 nvraid - ok
14:50:36.0557 4648 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:50:36.0561 4648 nvstor - ok
14:50:36.0626 4648 NVSvc (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
14:50:36.0636 4648 NVSvc - ok
14:50:36.0847 4648 nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:50:36.0882 4648 nvUpdatusService - ok
14:50:36.0927 4648 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:50:36.0930 4648 nv_agp - ok
14:50:37.0048 4648 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:50:37.0060 4648 odserv - ok
14:50:37.0094 4648 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:50:37.0098 4648 ohci1394 - ok
14:50:37.0152 4648 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:50:37.0155 4648 ose - ok
14:50:37.0196 4648 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:50:37.0212 4648 p2pimsvc - ok
14:50:37.0251 4648 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:50:37.0258 4648 p2psvc - ok
14:50:37.0286 4648 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:50:37.0289 4648 Parport - ok
14:50:37.0350 4648 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:50:37.0352 4648 partmgr - ok
14:50:37.0380 4648 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:50:37.0384 4648 PcaSvc - ok
14:50:37.0413 4648 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:50:37.0417 4648 pci - ok
14:50:37.0430 4648 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:50:37.0439 4648 pciide - ok
14:50:37.0455 4648 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:50:37.0459 4648 pcmcia - ok
14:50:37.0469 4648 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:50:37.0474 4648 pcw - ok
14:50:37.0516 4648 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:50:37.0525 4648 PEAUTH - ok
14:50:37.0590 4648 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:50:37.0610 4648 PeerDistSvc - ok
14:50:37.0664 4648 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:50:37.0674 4648 PerfHost - ok
14:50:37.0794 4648 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:50:37.0814 4648 pla - ok
14:50:37.0894 4648 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:50:37.0914 4648 PlugPlay - ok
14:50:37.0954 4648 PnkBstrA - ok
14:50:37.0964 4648 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:50:37.0964 4648 PNRPAutoReg - ok
14:50:38.0004 4648 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:50:38.0004 4648 PNRPsvc - ok
14:50:38.0074 4648 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:50:38.0084 4648 PolicyAgent - ok
14:50:38.0104 4648 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:50:38.0114 4648 Power - ok
14:50:38.0194 4648 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:50:38.0204 4648 PptpMiniport - ok
14:50:38.0214 4648 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:50:38.0224 4648 Processor - ok
14:50:38.0274 4648 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:50:38.0294 4648 ProfSvc - ok
14:50:38.0341 4648 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:50:38.0343 4648 ProtectedStorage - ok
14:50:38.0374 4648 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:50:38.0377 4648 Psched - ok
14:50:38.0438 4648 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:50:38.0459 4648 ql2300 - ok
14:50:38.0588 4648 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:50:38.0592 4648 ql40xx - ok
14:50:38.0646 4648 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:50:38.0657 4648 QWAVE - ok
14:50:38.0674 4648 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:50:38.0676 4648 QWAVEdrv - ok
14:50:38.0719 4648 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:50:38.0722 4648 RasAcd - ok
14:50:38.0747 4648 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:50:38.0757 4648 RasAgileVpn - ok
14:50:38.0775 4648 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:50:38.0780 4648 RasAuto - ok
14:50:38.0809 4648 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:50:38.0813 4648 Rasl2tp - ok
14:50:38.0843 4648 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:50:38.0854 4648 RasMan - ok
14:50:38.0878 4648 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:50:38.0886 4648 RasPppoe - ok
14:50:38.0916 4648 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:50:38.0922 4648 RasSstp - ok
14:50:38.0960 4648 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:50:38.0965 4648 rdbss - ok
14:50:38.0985 4648 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:50:38.0987 4648 rdpbus - ok
14:50:39.0002 4648 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:50:39.0005 4648 RDPCDD - ok
14:50:39.0042 4648 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:50:39.0045 4648 RDPDR - ok
14:50:39.0070 4648 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:50:39.0074 4648 RDPENCDD - ok
14:50:39.0088 4648 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:50:39.0090 4648 RDPREFMP - ok
14:50:39.0145 4648 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
14:50:39.0147 4648 RdpVideoMiniport - ok
14:50:39.0193 4648 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:50:39.0231 4648 RDPWD - ok
14:50:39.0279 4648 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:50:39.0282 4648 rdyboost - ok
14:50:39.0329 4648 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:50:39.0329 4648 RemoteAccess - ok
14:50:39.0369 4648 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:50:39.0379 4648 RemoteRegistry - ok
14:50:39.0449 4648 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
14:50:39.0449 4648 RimUsb - ok
14:50:39.0499 4648 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
14:50:39.0499 4648 RimVSerPort - ok
14:50:39.0519 4648 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
14:50:39.0519 4648 ROOTMODEM - ok
14:50:39.0539 4648 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:50:39.0539 4648 RpcEptMapper - ok
14:50:39.0559 4648 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:50:39.0559 4648 RpcLocator - ok
14:50:39.0589 4648 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:50:39.0599 4648 RpcSs - ok
14:50:39.0639 4648 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:50:39.0639 4648 rspndr - ok
14:50:39.0699 4648 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:50:39.0699 4648 RTL8167 - ok
14:50:39.0739 4648 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:50:39.0739 4648 s3cap - ok
14:50:39.0779 4648 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:50:39.0779 4648 SamSs - ok
14:50:39.0799 4648 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:50:39.0809 4648 sbp2port - ok
14:50:39.0829 4648 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:50:39.0829 4648 SCardSvr - ok
14:50:39.0859 4648 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:50:39.0859 4648 scfilter - ok
14:50:39.0909 4648 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:50:39.0929 4648 Schedule - ok
14:50:39.0959 4648 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:50:39.0959 4648 SCPolicySvc - ok
14:50:39.0989 4648 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:50:39.0999 4648 SDRSVC - ok
14:50:40.0029 4648 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:50:40.0029 4648 secdrv - ok
14:50:40.0049 4648 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:50:40.0049 4648 seclogon - ok
14:50:40.0069 4648 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:50:40.0069 4648 SENS - ok
14:50:40.0099 4648 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:50:40.0099 4648 SensrSvc - ok
14:50:40.0129 4648 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:50:40.0129 4648 Serenum - ok
14:50:40.0149 4648 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:50:40.0159 4648 Serial - ok
14:50:40.0179 4648 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:50:40.0179 4648 sermouse - ok
14:50:40.0349 4648 ServicepointService (aec6c79f72aa0e86bafcb18d2bd2e74c) C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
14:50:40.0369 4648 ServicepointService - ok
14:50:40.0399 4648 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:50:40.0399 4648 SessionEnv - ok
14:50:40.0419 4648 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:50:40.0419 4648 sffdisk - ok
14:50:40.0439 4648 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:50:40.0449 4648 sffp_mmc - ok
14:50:40.0459 4648 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:50:40.0459 4648 sffp_sd - ok
14:50:40.0499 4648 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:50:40.0499 4648 sfloppy - ok
14:50:40.0559 4648 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:50:40.0569 4648 SharedAccess - ok
14:50:40.0599 4648 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:50:40.0609 4648 ShellHWDetection - ok
14:50:40.0629 4648 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:50:40.0629 4648 SiSRaid2 - ok
14:50:40.0669 4648 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:50:40.0679 4648 SiSRaid4 - ok
14:50:40.0759 4648 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
14:50:40.0769 4648 SkypeUpdate - ok
14:50:40.0779 4648 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:50:40.0779 4648 Smb - ok
14:50:40.0809 4648 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:50:40.0809 4648 SNMPTRAP - ok
14:50:40.0829 4648 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:50:40.0829 4648 spldr - ok
14:50:40.0859 4648 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:50:40.0869 4648 Spooler - ok
14:50:40.0989 4648 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:50:41.0029 4648 sppsvc - ok
14:50:41.0111 4648 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:50:41.0111 4648 sppuinotify - ok
14:50:41.0231 4648 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\System32\Drivers\sptd.sys
14:50:41.0241 4648 sptd - ok
14:50:41.0301 4648 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:50:41.0311 4648 srv - ok
14:50:41.0337 4648 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:50:41.0350 4648 srv2 - ok
14:50:41.0364 4648 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:50:41.0368 4648 srvnet - ok
14:50:41.0393 4648 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:50:41.0397 4648 SSDPSRV - ok
14:50:41.0420 4648 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:50:41.0424 4648 SstpSvc - ok
14:50:41.0477 4648 Steam Client Service - ok
14:50:41.0596 4648 Stereo Service (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:50:41.0601 4648 Stereo Service - ok
14:50:41.0628 4648 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:50:41.0631 4648 stexstor - ok
14:50:41.0692 4648 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:50:41.0701 4648 stisvc - ok
14:50:41.0723 4648 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:50:41.0774 4648 storflt - ok
14:50:41.0813 4648 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:50:41.0815 4648 storvsc - ok
14:50:41.0825 4648 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:50:41.0828 4648 swenum - ok
14:50:41.0940 4648 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:50:41.0957 4648 SwitchBoard - ok
14:50:41.0994 4648 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:50:42.0006 4648 swprv - ok
14:50:42.0021 4648 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
14:50:42.0023 4648 Synth3dVsc - ok
14:50:42.0103 4648 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:50:42.0123 4648 SysMain - ok
14:50:42.0206 4648 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:50:42.0210 4648 TabletInputService - ok
14:50:42.0239 4648 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:50:42.0245 4648 TapiSrv - ok
14:50:42.0297 4648 TBPanel - ok
14:50:42.0318 4648 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:50:42.0321 4648 TBS - ok
14:50:42.0408 4648 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:50:42.0438 4648 Tcpip - ok
14:50:42.0528 4648 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:50:42.0538 4648 TCPIP6 - ok
14:50:42.0588 4648 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:50:42.0588 4648 tcpipreg - ok
14:50:42.0598 4648 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:50:42.0598 4648 TDPIPE - ok
14:50:42.0638 4648 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:50:42.0668 4648 TDTCP - ok
14:50:42.0698 4648 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:50:42.0698 4648 tdx - ok
14:50:42.0708 4648 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
14:50:42.0718 4648 TermDD - ok
14:50:42.0728 4648 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
14:50:42.0728 4648 terminpt - ok
14:50:42.0778 4648 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:50:42.0778 4648 TermService - ok
14:50:42.0798 4648 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:50:42.0798 4648 Themes - ok
14:50:42.0818 4648 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:50:42.0818 4648 THREADORDER - ok
14:50:42.0838 4648 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:50:42.0848 4648 TrkWks - ok
14:50:42.0888 4648 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:50:42.0888 4648 TrustedInstaller - ok
14:50:42.0898 4648 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:50:42.0908 4648 tssecsrv - ok
14:50:42.0928 4648 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:50:42.0928 4648 TsUsbFlt - ok
14:50:42.0938 4648 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:50:42.0938 4648 TsUsbGD - ok
14:50:42.0968 4648 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
14:50:42.0968 4648 tsusbhub - ok
14:50:43.0008 4648 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:50:43.0008 4648 tunnel - ok
14:50:43.0028 4648 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:50:43.0038 4648 uagp35 - ok
14:50:43.0068 4648 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:50:43.0068 4648 udfs - ok
14:50:43.0108 4648 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:50:43.0118 4648 UI0Detect - ok
14:50:43.0128 4648 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:50:43.0128 4648 uliagpkx - ok
14:50:43.0168 4648 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:50:43.0168 4648 umbus - ok
14:50:43.0178 4648 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:50:43.0178 4648 UmPass - ok
14:50:43.0218 4648 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:50:43.0218 4648 UmRdpService - ok
14:50:43.0268 4648 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:50:43.0268 4648 upnphost - ok
14:50:43.0288 4648 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:50:43.0298 4648 USBAAPL64 - ok
14:50:43.0368 4648 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
14:50:43.0378 4648 usbaudio - ok
14:50:43.0418 4648 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:50:43.0418 4648 usbccgp - ok
14:50:43.0448 4648 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:50:43.0448 4648 usbcir - ok
14:50:43.0488 4648 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:50:43.0498 4648 usbehci - ok
14:50:43.0528 4648 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:50:43.0538 4648 usbhub - ok
14:50:43.0548 4648 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:50:43.0548 4648 usbohci - ok
14:50:43.0568 4648 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:50:43.0568 4648 usbprint - ok
14:50:43.0608 4648 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:50:43.0618 4648 usbscan - ok
14:50:43.0668 4648 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:50:43.0668 4648 USBSTOR - ok
14:50:43.0688 4648 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
14:50:43.0698 4648 usbuhci - ok
14:50:43.0708 4648 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:50:43.0708 4648 UxSms - ok
14:50:43.0756 4648 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:50:43.0758 4648 VaultSvc - ok
14:50:43.0777 4648 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:50:43.0780 4648 vdrvroot - ok
14:50:43.0825 4648 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:50:43.0833 4648 vds - ok
14:50:43.0867 4648 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:50:43.0869 4648 vga - ok
14:50:43.0879 4648 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:50:43.0882 4648 VgaSave - ok
14:50:43.0885 4648 VGPU - ok
14:50:43.0907 4648 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:50:43.0915 4648 vhdmp - ok
14:50:43.0925 4648 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:50:43.0927 4648 viaide - ok
14:50:43.0957 4648 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:50:43.0962 4648 vmbus - ok
14:50:43.0988 4648 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:50:43.0990 4648 VMBusHID - ok
14:50:44.0020 4648 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:50:44.0023 4648 volmgr - ok
14:50:44.0041 4648 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:50:44.0049 4648 volmgrx - ok
14:50:44.0074 4648 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:50:44.0080 4648 volsnap - ok
14:50:44.0133 4648 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:50:44.0136 4648 vsmraid - ok
14:50:44.0216 4648 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:50:44.0237 4648 VSS - ok
14:50:44.0353 4648 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:50:44.0356 4648 vwifibus - ok
14:50:44.0389 4648 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:50:44.0391 4648 vwififlt - ok
14:50:44.0437 4648 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:50:44.0444 4648 W32Time - ok
14:50:44.0473 4648 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:50:44.0476 4648 WacomPen - ok
14:50:44.0497 4648 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:50:44.0500 4648 WANARP - ok
14:50:44.0509 4648 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:50:44.0510 4648 Wanarpv6 - ok
14:50:44.0625 4648 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:50:44.0640 4648 WatAdminSvc - ok
14:50:44.0702 4648 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:50:44.0721 4648 wbengine - ok
14:50:44.0766 4648 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:50:44.0771 4648 WbioSrvc - ok
14:50:44.0797 4648 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:50:44.0804 4648 wcncsvc - ok
14:50:44.0815 4648 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:50:44.0828 4648 WcsPlugInService - ok
14:50:44.0844 4648 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:50:44.0847 4648 Wd - ok
14:50:44.0891 4648 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:50:44.0900 4648 Wdf01000 - ok
14:50:44.0911 4648 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:50:44.0922 4648 WdiServiceHost - ok
14:50:44.0925 4648 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:50:44.0928 4648 WdiSystemHost - ok
14:50:44.0956 4648 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:50:44.0956 4648 WebClient - ok
14:50:44.0986 4648 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:50:44.0986 4648 Wecsvc - ok
14:50:45.0006 4648 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:50:45.0006 4648 wercplsupport - ok
14:50:45.0026 4648 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:50:45.0026 4648 WerSvc - ok
14:50:45.0056 4648 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:50:45.0056 4648 WfpLwf - ok
14:50:45.0086 4648 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:50:45.0086 4648 WIMMount - ok
14:50:45.0146 4648 WinDefend - ok
14:50:45.0166 4648 WinHttpAutoProxySvc - ok
14:50:45.0256 4648 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:50:45.0266 4648 Winmgmt - ok
14:50:45.0346 4648 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:50:45.0366 4648 WinRM - ok
14:50:45.0466 4648 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:50:45.0486 4648 WinUsb - ok
14:50:45.0536 4648 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:50:45.0556 4648 Wlansvc - ok
14:50:45.0606 4648 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:50:45.0606 4648 wlcrasvc - ok
14:50:45.0676 4648 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:50:45.0696 4648 wlidsvc - ok
14:50:45.0746 4648 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:50:45.0746 4648 WmiAcpi - ok
14:50:45.0786 4648 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:50:45.0786 4648 wmiApSrv - ok
14:50:45.0806 4648 WMPNetworkSvc - ok
14:50:45.0836 4648 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:50:45.0846 4648 WPCSvc - ok
14:50:45.0856 4648 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:50:45.0866 4648 WPDBusEnum - ok
14:50:45.0886 4648 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:50:45.0896 4648 ws2ifsl - ok
14:50:45.0926 4648 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:50:45.0926 4648 wscsvc - ok
14:50:45.0936 4648 WSearch - ok
14:50:46.0018 4648 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:50:46.0048 4648 wuauserv - ok
14:50:46.0078 4648 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:50:46.0088 4648 WudfPf - ok
14:50:46.0118 4648 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:50:46.0128 4648 WUDFRd - ok
14:50:46.0148 4648 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:50:46.0148 4648 wudfsvc - ok
14:50:46.0176 4648 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:50:46.0181 4648 WwanSvc - ok
14:50:46.0238 4648 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
14:50:46.0250 4648 xusb21 - ok
14:50:46.0309 4648 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
14:50:46.0715 4648 \Device\Harddisk1\DR1 - ok
14:50:46.0744 4648 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:50:46.0747 4648 \Device\Harddisk0\DR0 - ok
14:50:46.0751 4648 Boot (0x1200) (64958225fd0ef4c4907f88cff4333b41) \Device\Harddisk1\DR1\Partition0
14:50:46.0752 4648 \Device\Harddisk1\DR1\Partition0 - ok
14:50:46.0764 4648 Boot (0x1200) (122ffaf82a9242a33ef9c038731f58d8) \Device\Harddisk0\DR0\Partition0
14:50:46.0779 4648 \Device\Harddisk0\DR0\Partition0 - ok
14:50:46.0779 4648 ============================================================
14:50:46.0779 4648 Scan finished
14:50:46.0779 4648 ============================================================
14:50:46.0795 4768 Detected object count: 0
14:50:46.0795 4768 Actual detected object count: 0




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-17 14:57:18
-----------------------------
14:57:18.064 OS Version: Windows x64 6.1.7601 Service Pack 1
14:57:18.065 Number of processors: 2 586 0x170A
14:57:18.065 ComputerName: THE-BEAST UserName: Dekk8000
14:57:20.269 Initialize success
15:00:02.829 AVAST engine defs: 12061700
15:09:01.751 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4
15:09:01.755 Disk 0 Vendor: ST3160212AS 3.AAE Size: 152626MB BusType: 3
15:09:01.760 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
15:09:01.764 Disk 1 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953868MB BusType: 3
15:09:01.775 Disk 1 MBR read successfully
15:09:01.779 Disk 1 MBR scan
15:09:01.783 Disk 1 Windows 7 default MBR code
15:09:01.786 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
15:09:01.817 Disk 1 scanning C:\Windows\system32\drivers
15:09:11.742 Service scanning
15:09:32.253 Modules scanning
15:09:32.265 Disk 1 trace - called modules:
15:09:32.290 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
15:09:32.620 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800479a060]
15:09:32.628 3 CLASSPNP.SYS[fffff8800197243f] -> nt!IofCallDriver -> [0xfffffa8004649520]
15:09:32.637 5 ACPI.sys[fffff88000ed97a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa800464e680]
15:09:33.897 AVAST engine scan C:\Windows
15:09:40.383 AVAST engine scan C:\Windows\system32
15:15:47.162 AVAST engine scan C:\Windows\system32\drivers
15:17:10.553 AVAST engine scan C:\Users\Dekk8000
15:18:24.598 Disk 1 MBR has been saved successfully to "C:\Users\Dekk8000\Desktop\MBR.dat"
15:18:24.608 The log file has been saved successfully to "C:\Users\Dekk8000\Desktop\aswMBR.txt"

thank you for your help so far

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:39 AM

Posted 17 June 2012 - 11:26 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Dek8000

Dek8000
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 17 June 2012 - 03:56 PM

ComboFix 12-06-16.02 - Dekk8000 17/06/2012 21:07:24.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4094.2372 [GMT 1:00]
Running from: c:\users\Jarvis-f5\Downloads\ComboFix.exe
Command switches used :: c:\users\Dekk8000\Desktop\CFScript.txt
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-05-17 to 2012-06-17 )))))))))))))))))))))))))))))))
.
.
2012-06-17 20:21 . 2012-06-17 20:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-17 20:21 . 2012-06-17 20:21 -------- d-----w- c:\users\Jarvis-f5\AppData\Local\temp
2012-06-17 20:21 . 2012-06-17 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-17 12:38 . 2012-06-17 12:38 -------- d-----w- c:\users\Dekk8000\AppData\Local\Mozilla
2012-06-16 19:45 . 2012-06-16 19:45 -------- d-----w- c:\users\Jarvis-f5\AppData\Local\Macromedia
2012-06-16 19:44 . 2012-06-16 19:44 -------- d-----w- c:\programdata\McAfee Security Scan
2012-06-16 19:44 . 2012-06-16 19:44 -------- d-----w- c:\programdata\McAfee
2012-06-16 19:44 . 2012-06-16 19:44 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-06-16 19:31 . 2012-06-16 19:31 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-16 18:03 . 2012-06-17 20:25 -------- d-----w- c:\users\Dekk8000\AppData\Local\temp
2012-06-15 00:39 . 2012-06-15 00:39 -------- d-----w- c:\program files\CCleaner
2012-06-15 00:05 . 2012-06-15 00:05 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-06-14 21:23 . 2012-06-14 21:23 -------- d-----w- c:\users\Jarvis-f5\AppData\Roaming\Malwarebytes
2012-06-14 21:23 . 2012-06-15 00:01 -------- d-----w- c:\programdata\Malwarebytes
2012-06-13 21:24 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 21:24 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 21:24 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 21:24 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 21:24 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 21:24 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 21:24 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 21:24 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 21:24 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-13 21:24 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 21:24 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 21:24 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 21:23 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 21:23 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 21:23 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 21:23 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 21:23 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 21:23 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-12 13:38 . 2012-06-12 13:38 -------- d-----w- c:\users\Jarvis-f5\AppData\Local\Mozilla
2012-06-11 23:34 . 2012-06-11 23:34 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-11 13:01 . 2012-06-11 13:01 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls
2012-05-22 14:04 . 2012-05-22 14:04 -------- d-----w- c:\users\Dekk8000\AppData\Roaming\Ubisoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 19:43 . 2012-04-25 15:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-16 19:43 . 2011-05-18 16:02 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 19:03 . 2012-04-25 16:04 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-01 21:03 . 2012-04-30 13:03 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-01 21:03 . 2012-04-30 12:31 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-30 15:58 . 2012-04-30 12:31 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-30 12:31 . 2012-04-30 12:31 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-04 17:47 . 2012-05-16 23:14 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-04-04 17:47 . 2011-04-26 23:11 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-30 11:35 . 2012-05-09 16:27 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-16_17.56.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-17 19:54 70540 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-17 19:54 49104 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-24 09:57 . 2012-06-17 19:54 21760 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1341693668-3249360109-1911408350-1003_UserData.bin
+ 2011-04-22 03:31 . 2012-06-16 18:49 20392 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1341693668-3249360109-1911408350-1000_UserData.bin
- 2011-04-21 19:25 . 2012-06-15 13:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-21 19:25 . 2012-06-16 19:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-21 19:25 . 2012-06-15 13:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-21 19:25 . 2012-06-16 19:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-16 19:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-15 13:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-06-17 12:34 90512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-06-16 17:55 . 2012-06-16 17:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-17 20:23 . 2012-06-17 20:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-17 20:23 . 2012-06-17 20:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-16 17:55 . 2012-06-16 17:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-16 19:43 . 2012-06-16 19:43 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe
+ 2012-04-25 15:15 . 2012-06-16 19:43 257224 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2009-07-14 04:54 . 2012-06-17 20:19 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-16 14:03 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-16 19:43 . 2012-06-16 19:43 417480 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_Plugin.exe
- 2009-07-14 05:01 . 2012-06-16 14:05 522952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-17 20:22 522952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-16 19:43 . 2012-06-16 19:43 9459912 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
+ 2012-06-16 19:43 . 2012-06-16 19:43 1535176 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
- 2009-07-14 04:54 . 2012-06-16 14:03 1703936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-17 20:19 1703936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-17 20:19 8273920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-16 14:03 8273920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-22 02:59 . 2012-06-15 15:42 7027440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1341693668-3249360109-1911408350-1003-8192.dat
+ 2011-05-22 02:59 . 2012-06-17 20:22 7027440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1341693668-3249360109-1911408350-1003-8192.dat
+ 2011-08-30 00:20 . 2012-06-16 23:13 1822984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1341693668-3249360109-1911408350-1000-12288.dat
- 2011-08-30 00:20 . 2012-06-15 01:39 1822984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1341693668-3249360109-1911408350-1000-12288.dat
+ 2012-06-16 19:43 . 2012-06-16 19:43 12310216 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll
+ 2011-04-22 01:53 . 2012-06-16 23:13 13198525 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1341693668-3249360109-1911408350-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-01 1242448]
"DS3 Tool"="c:\progra~1\MOTION~1\ds3\DS3_Tool.exe" [2012-02-27 112400]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2010-09-02 2158592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DHSClient.exe"="c:\program files (x86)\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Conime"="c:\windows\system32\conime.exe" [BU]
.
c:\users\Jarvis-f5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-4-21 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257224]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-06-25 1030600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Advent AIO Network Discovery Service;Advent AIO Network Discovery Service;c:\program files (x86)\Advent\AIO\Center\ADAIOHostService.exe [2011-10-14 361904]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe [2011-03-09 2708024]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 HsdService;HsdService;c:\program files (x86)\Virgin Media\Digital Home Support\HsdService.exe [2011-03-23 1406264]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-01-12 68928]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 ServicepointService;ServicepointService;c:\program files (x86)\Virgin Media\Service Manager\ServicepointService.exe [2011-03-25 689464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 19:43]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 12:01]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 12:01]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1341693668-3249360109-1911408350-1000Core.job
- c:\users\Jarvis-f5\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-22 03:36]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1341693668-3249360109-1911408350-1000UA.job
- c:\users\Jarvis-f5\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-22 03:36]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1341693668-3249360109-1911408350-1003Core.job
- c:\users\Dekk8000\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-22 10:01]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1341693668-3249360109-1911408350-1003UA.job
- c:\users\Dekk8000\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-22 10:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"ADAiO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\ADAiO2MUI.exe" [2010-10-18 2779136]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Dekk8000\AppData\Roaming\Mozilla\Firefox\Profiles\fhreu3j5.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
AddRemove-Google Chrome SxS - c:\users\Jarvis-f5\AppData\Local\Google\Chrome SxS\Application\18.0.982.0\Installer\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,a3,0c,d3,35,91,7d,42,a0,e6,f6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,a3,0c,d3,35,91,7d,42,a0,e6,f6,\
.
[HKEY_USERS\S-1-5-21-1341693668-3249360109-1911408350-1003\Software\SecuROM\License information*]
"datasecu"=hex:e4,f3,c6,41,c4,1b,76,5d,fa,94,92,05,cf,1f,b9,1a,a4,4a,d3,aa,99,
e3,7a,8c,2c,2e,96,55,0c,ef,3e,3b,25,64,1a,df,ea,b3,19,e3,e0,d0,67,7e,26,20,\
"rkeysecu"=hex:85,72,81,be,f7,f1,c8,e2,e5,52,5d,3a,d6,d7,0b,b7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\AVG\AVG10\avgam.exe
.
**************************************************************************
.
Completion time: 2012-06-17 21:44:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-17 20:44
ComboFix2.txt 2012-06-16 18:03
.
Pre-Run: 23,675,392,000 bytes free
Post-Run: 23,726,821,376 bytes free
.
- - End Of File - - 3A45ED66984A884B8C22BCD2E2E20FB8

no problems were encountered at all
and the computer is running fine after running the script

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:39 AM

Posted 17 June 2012 - 05:39 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Dek8000

Dek8000
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 17 June 2012 - 06:24 PM

Update for Microsoft Office 2007 (KB2508958)
1.0
1ClickDownload
AdC4USelfUpdater
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 Plugin
Adobe Flash Professional CS5.5
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.5
ADVENT AIO Printer
Advent Essentials
aioscnnr
APB Reloaded
Apple Application Support
Apple Software Update
µTorrent
Audacity 1.3.14 (Unicode)
Audiosurf
Autodesk 3ds Max 2010 Tutorials Files
Autodesk Backburner 2008.1
AviSynth 2.5
Ballance
Bionic Commando
BIT.TRIP RUNNER
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
Bulletstorm
CDisplay 1.8
Champions Online: Free For All
CodeBlocks
D3DX10
DC Universe Online
Dead Island
Dead Island version 1.0
Deus Ex - Human Revolution version 1.0
DivX Setup
doubleTwist
Dragon Age: Origins
DVD Flick 1.3.0.7
EasyBCD 2.0
Fable III
Fallout
Fallout 3
Fallout 3 - The Pitt
Fallout Mod Manager 0.13.21
Fallout New Vegas
Fallout2
ffdshow [rev 2527] [2008-12-19]
FLAC 1.2.1b (remove only)
Fraps
From Dust
Garry's Mod Update #5 version 5.0
Garry's Mod Update #6 version 6.0
Garrys Mod Final [DiGiTALZONE] 2010 Edition
Garrys Mod Update #1
Garrys Mod Update #2 version 2.0
Garrys Mod Update #4 version 4.0
Garrys Mod Update version 3
GeoGebra WebStart
Global Agenda
Google Chrome
Google Chrome Canary
Google Earth Plug-in
Google Update Helper
Grand Theft Auto IV
GTA San Andreas
HandBrake 0.9.5
I-Fluid
ImgBurn
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 29
Java™ 7 Update 4
JavaFX 2.1.0
Junk Mail filter update
Kingdoms of Amalur Reckoning
Kingdoms of Amalur: Reckoning Demo
LogMeIn Hamachi
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Magicka
Mass Effect
Mass Effect 2
Mass Effect™ 3
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Minecraft Cracked
mkv2vob
Mount & Blade: With Fire and Sword
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 12.0.1 (x86 en-GB)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCsoft Launcher
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Oblivion
Oblivion - BTmod 2.20
Oblivion - Knights of the Nine
Octodad
OnLive
OpenOffice.org 3.3
Origin
Overgrowth (remove only)
PC Wizard 2010.1.96
PDF Settings CS5
Portal 2
PreReq
PunkBuster Services
QuarkXPress
QuickTime
Radialpoint Security Advisor 2.5.19
Rage
Realtek High Definition Audio Driver
Saints Row 2
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Sid Meier's Civilization V
Skype™ 5.9
Sniper Elite V2
Spiral Knights
SPORE™
SPORE™ Creepy & Cute Parts Pack
SPORE™ Galactic Adventures
Steam
Team Fortress 2
TERA
Terraria
The Sims™ 3
The Sims™ 3 Pets
The Walking Dead © 3 version 1
TotalAudioConverter
Ubisoft Game Launcher
Universe Sandbox
Unofficial Oblivion Patch v3.2.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Virgin Media Digital Home Support 2.1.27
Virgin Media Service Manager 3.7.47
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.11
Vtune 7.13
WARP
WinDirStat 1.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Wisdom-soft Set up ScreenHunter 5.1 Pro

hope this is what you needed

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:39 AM

Posted 17 June 2012 - 06:45 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Java™ 6 Update 22
Java™ 6 Update 29
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:39 AM

Posted 19 June 2012 - 11:53 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Dek8000

Dek8000
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 22 June 2012 - 07:33 AM

Thank you for being patient with me had a busy week carrying out your instructions now will have the logs up as soon as im done 1 quick question though is it essential to get rid of utorrent?
it is used on a regular basis

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:39 AM

Posted 22 June 2012 - 08:01 AM

Greetings

Peer2peer is the number one one way a user can self inflect their computer - if you don't remove it will I stop helping you, of course not but you are here to get my best advice and that is my best advice


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users