Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected: TR/Sirefef.AG35, TR/ATRAPS.Gen2, W32/Patched.UB&TR/Small.FI


  • This topic is locked This topic is locked
20 replies to this topic

#1 bisc

bisc

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 22 June 2012 - 03:45 PM

Hi Guys,

It seems I've got myself infected by a few Trojans. Since yesterday avira has been reporting following Trojans at minute intervals: TR/Sirefef.AG35, TR/ATRAPS.Gen2, W32/Patched.UB & TR/Small.FI
All of the Trojans started at the same time.

I tried running malwarebyts, but the Trojans return as soon as I restart the PC.

I'm running Vista 32-bit

I would appreciate any help you could give me. Thank you.


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Yves at 21:58:43 on 2012-06-22
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.41.1033.18.3326.1935 [GMT 2:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.25\aaCenter.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BandwidthMonitor\BWMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\conime.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\avira\antivir desktop\avscan.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Trixie.Bho: {b0744341-96e0-4341-9ed2-8bc36ce0ccd0} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BandwidthMonitor] c:\program files\bandwidthmonitor\BWMonitor.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [RGSC] c:\program files\games\rockstar games\rockstar games social club\RGSCLauncher.exe /silent
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Name of App] c:\program files\samsung\fw liveupdate\FWManager.exe r
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\vistacodecpack\qt\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\yves\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - c:\windows\system32\mscoree.DLL
Trusted Zone: steampowered.com\www
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
TCP: Interfaces\{CAE40E47-7634-46CB-B1C8-6EBF388E3220} : DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\yves\appdata\roaming\mozilla\firefox\profiles\qp45c9st.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 4
FF - component: c:\users\yves\appdata\roaming\mozilla\firefox\profiles\qp45c9st.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\yves\appdata\roaming\mozilla\firefox\profiles\qp45c9st.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\users\yves\appdata\roaming\mozilla\firefox\profiles\qp45c9st.default\extensions\speedtest@gotomyhelp.com\components\NetDiag.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin2.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin3.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin4.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin5.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin6.dll
FF - plugin: c:\program files\vistacodecpack\qt\plugins\npqtplugin7.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-6-20 36000]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-1-19 277544]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-6-20 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-6-20 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-6-20 83392]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-1 21504]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-4-15 2348352]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-4-15 148800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c996d2acf00cdb;Google Update Service (gupdate1c996d2acf00cdb);c:\program files\google\update\GoogleUpdate.exe [2009-2-25 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 257224]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\games\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-6 25832]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-25 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-6 129976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-22 17:45:55 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 17:45:24 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 17:45:16 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 17:45:16 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 17:38:55 -------- d-----w- c:\users\yves\appdata\local\{928DD294-A75C-4767-B93E-F96754C392A7}
2012-06-22 17:38:39 -------- d-----w- c:\users\yves\appdata\local\{2F3E98FA-D82D-4BF4-9534-9ED47CA4E70A}
2012-06-20 15:30:58 -------- d-----w- c:\users\yves\appdata\local\{0EF897AA-0C91-4207-BDC7-A6D359F995B9}
2012-06-20 15:30:40 -------- d-----w- c:\users\yves\appdata\local\{AE23DBCD-A42F-4785-BB93-4D6974E70FFC}
2012-06-19 22:59:00 -------- d-----w- c:\users\yves\appdata\roaming\Avira
2012-06-19 22:55:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-19 22:53:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-19 22:53:32 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-19 22:53:28 -------- d-----w- c:\programdata\Avira
2012-06-19 22:53:28 -------- d-----w- c:\program files\Avira
2012-06-19 22:15:16 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-19 22:15:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-19 22:15:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-19 22:14:18 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-19 22:14:18 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-19 21:34:44 -------- d-----w- c:\users\yves\appdata\local\{3D188EF7-E467-4CF3-91DA-9DD030E3AAAF}
2012-06-19 21:34:31 -------- d-----w- c:\users\yves\appdata\local\{5C5B433E-3F98-4675-A593-16B1D5A51A8C}
2012-06-19 18:38:00 -------- d-----w- c:\users\yves\appdata\local\{2FD3E2E2-F5DC-4654-939C-0B621757EE05}
2012-06-18 18:13:05 -------- d-----w- c:\users\yves\appdata\local\{1476159B-7680-403E-8118-DDA01DC7E7D7}
2012-06-17 20:35:56 -------- d-----w- c:\users\yves\appdata\local\Macromedia
2012-06-17 20:29:27 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6bcfb982-2a51-4147-998f-0e55a78bdc21}\mpengine.dll
2012-06-17 20:09:31 -------- d-----w- c:\users\yves\appdata\local\{D7634EBF-39A7-498A-9CE7-71FBE6965B30}
2012-06-14 22:33:39 -------- d-----w- c:\program files\iPod
2012-06-14 22:33:38 -------- d-----w- c:\program files\iTunes
2012-06-14 19:09:37 -------- d-----w- c:\users\yves\appdata\local\{67202BE2-8A97-4B3E-BBF7-603ABB2FD0EB}
2012-06-14 19:09:12 -------- d-----w- c:\users\yves\appdata\local\{B92A9840-3A12-4031-985D-163D1A5EF06D}
2012-06-12 16:42:37 -------- d-----w- c:\users\yves\appdata\local\{FCD2E70E-1E8F-4D80-9464-C5F1948BCCEF}
2012-06-12 16:42:27 -------- d-----w- c:\users\yves\appdata\local\{FA46AE61-F966-4871-A177-888B8AEC9C1A}
2012-06-11 22:21:26 -------- d-----w- c:\users\yves\appdata\local\{7946A3F9-BC3E-4DCF-9904-DF3795FB8883}
2012-06-11 22:21:04 -------- d-----w- c:\users\yves\appdata\local\{CA5EB692-B309-4AED-99E3-688DF0B2933C}
2012-06-11 10:20:34 -------- d-----w- c:\users\yves\appdata\local\{720AD698-F38E-400F-BC64-8182946A99EC}
2012-06-11 10:20:13 -------- d-----w- c:\users\yves\appdata\local\{DD017319-10DC-476C-BB01-13B9E89CA2B6}
2012-06-10 22:19:45 -------- d-----w- c:\users\yves\appdata\local\{9A4BAB08-1A19-48A1-A0D9-6563FB739322}
2012-06-10 10:19:05 -------- d-----w- c:\users\yves\appdata\local\{126FEE78-CBBC-424B-B0DC-9F6128F98F5F}
2012-06-10 10:18:42 -------- d-----w- c:\users\yves\appdata\local\{4C6AFAFD-79CC-43D4-A912-57986BA9A33E}
2012-06-09 16:52:52 -------- d-----w- c:\users\yves\appdata\local\{8B2A929C-7C6C-451F-A765-F28AFBD167E9}
2012-06-09 16:52:31 -------- d-----w- c:\users\yves\appdata\local\{EC9A56FF-53D9-4412-B687-E5BC8154ED60}
2012-06-08 18:29:46 -------- d-----w- c:\users\yves\appdata\local\{070247A4-2D05-442E-8702-76243E246DE0}
2012-06-08 18:29:36 -------- d-----w- c:\users\yves\appdata\local\{1BA2337C-7EB0-4D95-BF0F-6DA836F753B1}
2012-06-07 09:45:06 -------- d-----w- c:\users\yves\appdata\local\{DF1DF652-D418-427A-8891-8FBE94B9BD7A}
2012-06-07 09:44:53 -------- d-----w- c:\users\yves\appdata\local\{D3BE60D8-DF2F-43CD-92AC-E06F0081CDDD}
2012-06-06 18:15:37 -------- d-----w- c:\users\yves\appdata\local\{7A287B9D-CB20-4197-8D09-4C88F70A1396}
2012-06-06 18:15:27 -------- d-----w- c:\users\yves\appdata\local\{E2967DC9-BD93-49C5-9E0F-0248DBBF54A9}
2012-06-04 10:01:45 -------- d-----w- c:\users\yves\appdata\local\{7069470B-9067-4300-AD6C-0DDD4FB45069}
2012-06-04 10:01:23 -------- d-----w- c:\users\yves\appdata\local\{CE6F30AF-6960-48C5-BF5A-DAC75A273370}
2012-06-03 22:01:00 -------- d-----w- c:\users\yves\appdata\local\{71A15C9B-62E9-41B0-8B22-9944C4E63858}
2012-06-03 10:00:15 -------- d-----w- c:\users\yves\appdata\local\{F65AC206-53CF-444E-9D4D-326062367C32}
2012-06-03 10:00:05 -------- d-----w- c:\users\yves\appdata\local\{C1850D9A-5589-4655-AD26-49FA3B7BEBA0}
2012-06-02 15:59:02 -------- d-----w- c:\users\yves\appdata\local\{033E74C6-3334-4CFB-B53D-89FE3396AD6F}
2012-06-02 15:58:47 -------- d-----w- c:\users\yves\appdata\local\{EF8C0395-9973-43BA-9206-DAF40F7C24A5}
2012-06-01 18:45:28 -------- d-----w- c:\users\yves\appdata\local\{44DA4B6E-51EC-478B-B9E3-70261BD36456}
2012-06-01 18:45:19 -------- d-----w- c:\users\yves\appdata\local\{985BE3DD-C040-465F-8A66-B5396488B04F}
2012-05-30 17:13:09 -------- d-----w- c:\users\yves\appdata\local\{F1CDAEC6-984A-4354-9B45-4FF92B0D1E80}
2012-05-30 17:12:52 -------- d-----w- c:\users\yves\appdata\local\{A5F3BDE3-BBC8-470E-B06B-CC504251198E}
2012-05-28 10:01:11 -------- d-----w- c:\users\yves\appdata\local\{EDA29B79-4AB0-482B-9314-3A6F4C5A84D0}
2012-05-28 10:01:02 -------- d-----w- c:\users\yves\appdata\local\{BF1B75F3-78E2-4DA6-92A4-CFFA9B943211}
2012-05-27 08:35:01 -------- d-----w- c:\users\yves\appdata\local\{6987C786-42CC-44B0-A88C-9D9067EF13F0}
2012-05-27 08:34:51 -------- d-----w- c:\users\yves\appdata\local\{B63C987B-1C89-48E5-BA56-4870DC745723}
2012-05-26 14:51:52 -------- d-----w- c:\users\yves\appdata\local\{3B3D8BEB-4AB6-43CA-B1B6-F7DFACC65BE0}
2012-05-26 14:51:37 -------- d-----w- c:\users\yves\appdata\local\{98BDFA0E-7464-46FE-A345-3F9A14E8BAF2}
2012-05-25 16:25:29 -------- d-----w- c:\users\yves\appdata\local\{4386FC6E-ECF1-40CA-9F18-C2A15AE354B7}
2012-05-25 16:25:04 -------- d-----w- c:\users\yves\appdata\local\{021C4540-7D44-4552-9E09-59AA179415B6}
2012-05-24 17:55:56 -------- d-----w- c:\users\yves\appdata\local\{03BBA0AD-B654-4646-8B12-F838B68BFE5D}
.
==================== Find3M ====================
.
2012-06-19 21:13:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-19 21:13:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-18 18:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 13:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 21:59:24.69 ===============


Here is my Malwarebyts log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.20.05

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Yves :: YVES-PC [administrator]

22.06.2012 20:22:07
mbam-log-2012-06-22 (20-22-07).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 440633
Time elapsed: 1 hour(s), 9 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Windows\Installer\{5949f863-4d52-a53d-cea9-ec3d2d3eb61a}\U\00000001.@ (Trojan.Small) -> Quarantined and deleted successfully.
C:\Windows\Installer\{5949f863-4d52-a53d-cea9-ec3d2d3eb61a}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Windows\Installer\{5949f863-4d52-a53d-cea9-ec3d2d3eb61a}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

Attached Files


Edited by bisc, 23 June 2012 - 03:57 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 23 June 2012 - 07:24 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 bisc

bisc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 23 June 2012 - 10:33 AM

Hi Gringo, Thanks for taking the time to help me out. It's much appreciated.

Everything went smoothly and so far avira has not detected anything. I've noticed that my Windows firewall is not working. I get the message "Windows firewall settings cannot be displayed because the associated service is not running. Do you want to start the MpsSvc service?" - I'm waiting for your input before I start it.

Here are the logs:

ComboFix 12-06-23.05 - Yves 23.06.2012 16:53:43.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.41.1033.18.3326.2060 [GMT 2:00]
ausgeführt von:: c:\users\Yves\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\40886024
c:\programdata\42327816
c:\programdata\42655496
c:\programdata\rss7FB.tmp
c:\programdata\rss925.tmp
c:\users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Yves\Desktop\System Check.lnk
c:\windows\Installer\{5949f863-4d52-a53d-cea9-ec3d2d3eb61a}\@
c:\windows\Installer\{5949f863-4d52-a53d-cea9-ec3d2d3eb61a}\U\00000001.@
c:\windows\Installer\{5949f863-4d52-a53d-cea9-ec3d2d3eb61a}\U\80000000.@
c:\windows\Installer\{5949f863-4d52-a53d-cea9-ec3d2d3eb61a}\U\800000cb.@
c:\windows\iun6002.exe
c:\windows\system32\avisynth.dll
c:\windows\system32\devil.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\tmp2137.tmp
c:\windows\system32\tmp2196.tmp
c:\windows\system32\tmp4431.tmp
c:\windows\system32\tmp4470.tmp
I:\xrEngine.bat
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert
Kopie von - c:\32788r22fwjfw\HarddiskVolumeShadowCopy6_!Windows!System32!services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-23 bis 2012-06-23 ))))))))))))))))))))))))))))))
.
.
2012-06-22 17:45 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 17:45 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 17:45 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 17:45 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 17:45 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 17:45 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 17:45 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 17:45 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 17:45 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 22:59 . 2012-06-19 22:59 -------- d-----w- c:\users\Yves\AppData\Roaming\Avira
2012-06-19 22:55 . 2012-06-19 22:55 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-19 22:53 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-19 22:53 . 2012-04-24 22:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-19 22:53 . 2012-04-16 19:17 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-19 22:53 . 2012-06-19 22:53 -------- d-----w- c:\programdata\Avira
2012-06-19 22:53 . 2012-06-19 22:53 -------- d-----w- c:\program files\Avira
2012-06-19 22:15 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-19 22:15 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-19 22:15 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-19 22:14 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-19 22:14 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-17 20:35 . 2012-06-17 20:35 -------- d-----w- c:\users\Yves\AppData\Local\Macromedia
2012-06-17 20:29 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6BCFB982-2A51-4147-998F-0E55A78BDC21}\mpengine.dll
2012-06-14 22:33 . 2012-06-14 22:33 -------- d-----w- c:\program files\iPod
2012-06-14 22:33 . 2012-06-14 22:34 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-19 21:13 . 2012-04-02 10:58 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-19 21:13 . 2011-05-14 16:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 13:56 . 2009-02-18 20:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16 . 2012-05-16 18:40 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-16 18:40 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39 . 2012-05-16 18:41 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-05-06 12:22 . 2011-05-08 11:11 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-24 39408]
"BandwidthMonitor"="c:\program files\BandwidthMonitor\BWMonitor.exe" [2007-09-16 213398]
"RGSC"="c:\program files\Games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-04-25 306088]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 1866864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-05-30 185896]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Name of App"="c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2008-01-04 684118]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\VistaCodecPack\QT\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-10 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 257224]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 15:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 21:13]
.
2012-06-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-04 20:19]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 22:53]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 22:53]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
IE: {{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - c:\windows\system32\mscoree.DLL
Trusted Zone: steampowered.com\www
TCP: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
FF - ProfilePath - c:\users\Yves\AppData\Roaming\Mozilla\Firefox\Profiles\qp45c9st.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,59,a3,3b,96,90,c0,47,a9,7a,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,59,a3,3b,96,90,c0,47,a9,7a,40,\
.
[HKEY_USERS\S-1-5-21-1969598894-3179018686-3415232182-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:49,2d,4e,78,6f,32,16,e6,09,20,3a,84,d9,5c,6b,38,9e,a2,e5,a6,c6,85,41,
29,37,e3,1e,e0,13,2b,d1,89,f2,f0,28,02,a7,ec,08,08,7d,3e,93,df,a8,18,dd,b9,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1969598894-3179018686-3415232182-1000\Software\SecuROM\License information*]
"datasecu"=hex:9a,61,8f,8b,22,77,43,03,30,c8,9c,1c,ba,46,0b,99,fe,d7,b5,81,02,
7e,b3,5f,75,cb,c0,0b,11,47,22,db,eb,49,d3,a3,61,78,3a,ed,43,78,6f,6c,f3,0e,\
"rkeysecu"=hex:c6,4f,68,73,01,35,2f,f2,40,81,70,01,e7,57,d2,73
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2416)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
c:\program files\ASUS\AASP\1.00.25\aaCenter.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-23 17:10:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-23 15:10
.
Vor Suchlauf: 13'115'543'552 bytes free
Nach Suchlauf: 13'037'731'840 bytes free
.
- - End Of File - - 1CEF30419B26F35B60E697BF9402A283




Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x86
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Lavasoft Ad-Watch Live! Anti-Virus
AntiVir Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java™ 6 Update 24
Java version out of Date!
Adobe Flash Player 11.3.300.257
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 19 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 23 June 2012 - 11:23 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 bisc

bisc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 23 June 2012 - 01:37 PM

Hey Gringo,

Here are the TDSSKiller and aswMBR logs....


19:54:05.0857 2776 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
19:54:05.0935 2776 ============================================================
19:54:05.0935 2776 Current date / time: 2012/06/23 19:54:05.0935
19:54:05.0935 2776 SystemInfo:
19:54:05.0935 2776
19:54:05.0935 2776 OS Version: 6.0.6002 ServicePack: 2.0
19:54:05.0935 2776 Product type: Workstation
19:54:05.0935 2776 ComputerName: YVES-PC
19:54:05.0935 2776 UserName: Yves
19:54:05.0935 2776 Windows directory: C:\Windows
19:54:05.0935 2776 System windows directory: C:\Windows
19:54:05.0935 2776 Processor architecture: Intel x86
19:54:05.0935 2776 Number of processors: 2
19:54:05.0935 2776 Page size: 0x1000
19:54:05.0935 2776 Boot type: Normal boot
19:54:05.0935 2776 ============================================================
19:54:06.0247 2776 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:54:06.0247 2776 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:54:06.0263 2776 ============================================================
19:54:06.0263 2776 \Device\Harddisk0\DR0:
19:54:06.0263 2776 MBR partitions:
19:54:06.0263 2776 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1F374000
19:54:06.0263 2776 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F374800, BlocksNum 0x1B011000
19:54:06.0263 2776 \Device\Harddisk1\DR1:
19:54:06.0263 2776 MBR partitions:
19:54:06.0263 2776 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462
19:54:06.0263 2776 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0xB4E4720
19:54:06.0263 2776 ============================================================
19:54:06.0279 2776 C: <-> \Device\Harddisk0\DR0\Partition0
19:54:06.0325 2776 I: <-> \Device\Harddisk0\DR0\Partition1
19:54:06.0325 2776 N: <-> \Device\Harddisk1\DR1\Partition0
19:54:06.0325 2776 O: <-> \Device\Harddisk1\DR1\Partition1
19:54:06.0325 2776 ============================================================
19:54:06.0325 2776 Initialize success
19:54:06.0325 2776 ============================================================
19:54:07.0620 5968 ============================================================
19:54:07.0620 5968 Scan started
19:54:07.0620 5968 Mode: Manual;
19:54:07.0620 5968 ============================================================
19:54:07.0901 5968 acedrv11 (a6fe70357a68ad1e279cd1012419cce6) C:\Windows\system32\drivers\acedrv11.sys
19:54:07.0917 5968 acedrv11 - ok
19:54:07.0963 5968 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:54:07.0963 5968 ACPI - ok
19:54:08.0010 5968 ADIHdAudAddService (81a61c3fe6f0f8c084c9a80b584cce21) C:\Windows\system32\drivers\ADIHdAud.sys
19:54:08.0026 5968 ADIHdAudAddService - ok
19:54:08.0073 5968 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
19:54:08.0073 5968 Adobe LM Service - ok
19:54:08.0135 5968 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:54:08.0135 5968 AdobeFlashPlayerUpdateSvc - ok
19:54:08.0197 5968 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
19:54:08.0197 5968 adp94xx - ok
19:54:08.0229 5968 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
19:54:08.0229 5968 adpahci - ok
19:54:08.0244 5968 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
19:54:08.0244 5968 adpu160m - ok
19:54:08.0260 5968 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
19:54:08.0260 5968 adpu320 - ok
19:54:08.0291 5968 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:54:08.0291 5968 AeLookupSvc - ok
19:54:08.0338 5968 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:54:08.0338 5968 AFD - ok
19:54:08.0369 5968 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
19:54:08.0369 5968 agp440 - ok
19:54:08.0369 5968 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:54:08.0369 5968 aic78xx - ok
19:54:08.0400 5968 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:54:08.0400 5968 ALG - ok
19:54:08.0431 5968 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
19:54:08.0431 5968 aliide - ok
19:54:08.0447 5968 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
19:54:08.0447 5968 amdagp - ok
19:54:08.0463 5968 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
19:54:08.0463 5968 amdide - ok
19:54:08.0463 5968 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
19:54:08.0478 5968 AmdK7 - ok
19:54:08.0478 5968 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
19:54:08.0478 5968 AmdK8 - ok
19:54:08.0634 5968 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:54:08.0634 5968 AntiVirSchedulerService - ok
19:54:08.0697 5968 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:54:08.0697 5968 AntiVirService - ok
19:54:08.0743 5968 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:54:08.0743 5968 Appinfo - ok
19:54:08.0806 5968 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:54:08.0806 5968 Apple Mobile Device - ok
19:54:08.0868 5968 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
19:54:08.0868 5968 AppMgmt - ok
19:54:08.0899 5968 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
19:54:08.0899 5968 arc - ok
19:54:08.0915 5968 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
19:54:08.0915 5968 arcsas - ok
19:54:08.0931 5968 AsIO (663f2fb92608073824ee3106886120f3) C:\Windows\system32\drivers\AsIO.sys
19:54:08.0931 5968 AsIO - ok
19:54:08.0977 5968 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:54:08.0977 5968 AsyncMac - ok
19:54:08.0993 5968 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:54:09.0009 5968 atapi - ok
19:54:09.0055 5968 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
19:54:09.0055 5968 atksgt - ok
19:54:09.0102 5968 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:54:09.0102 5968 AudioEndpointBuilder - ok
19:54:09.0102 5968 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:54:09.0102 5968 Audiosrv - ok
19:54:09.0149 5968 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
19:54:09.0149 5968 avgntflt - ok
19:54:09.0180 5968 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
19:54:09.0180 5968 avipbb - ok
19:54:09.0211 5968 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\Windows\system32\DRIVERS\avkmgr.sys
19:54:09.0211 5968 avkmgr - ok
19:54:09.0258 5968 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:54:09.0258 5968 Beep - ok
19:54:09.0321 5968 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
19:54:09.0321 5968 BITS - ok
19:54:09.0321 5968 blbdrive - ok
19:54:09.0414 5968 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:54:09.0414 5968 Bonjour Service - ok
19:54:09.0445 5968 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:54:09.0445 5968 bowser - ok
19:54:09.0477 5968 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:54:09.0477 5968 BrFiltLo - ok
19:54:09.0477 5968 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:54:09.0477 5968 BrFiltUp - ok
19:54:09.0523 5968 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:54:09.0523 5968 Browser - ok
19:54:09.0539 5968 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:54:09.0539 5968 Brserid - ok
19:54:09.0555 5968 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:54:09.0555 5968 BrSerWdm - ok
19:54:09.0570 5968 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:54:09.0570 5968 BrUsbMdm - ok
19:54:09.0586 5968 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:54:09.0586 5968 BrUsbSer - ok
19:54:09.0601 5968 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:54:09.0601 5968 BTHMODEM - ok
19:54:09.0679 5968 catchme - ok
19:54:09.0711 5968 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:54:09.0711 5968 cdfs - ok
19:54:09.0757 5968 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:54:09.0757 5968 cdrom - ok
19:54:09.0789 5968 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:54:09.0789 5968 CertPropSvc - ok
19:54:09.0804 5968 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
19:54:09.0804 5968 circlass - ok
19:54:09.0851 5968 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:54:09.0851 5968 CLFS - ok
19:54:09.0882 5968 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:54:09.0882 5968 clr_optimization_v2.0.50727_32 - ok
19:54:09.0945 5968 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:54:09.0945 5968 clr_optimization_v4.0.30319_32 - ok
19:54:09.0960 5968 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
19:54:09.0960 5968 cmdide - ok
19:54:09.0960 5968 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
19:54:09.0960 5968 Compbatt - ok
19:54:09.0960 5968 COMSysApp - ok
19:54:09.0991 5968 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
19:54:10.0007 5968 crcdisk - ok
19:54:10.0007 5968 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
19:54:10.0007 5968 Crusoe - ok
19:54:10.0054 5968 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
19:54:10.0054 5968 CryptSvc - ok
19:54:10.0101 5968 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
19:54:10.0101 5968 CSC - ok
19:54:10.0163 5968 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
19:54:10.0163 5968 CscService - ok
19:54:10.0257 5968 DAUpdaterSvc (80861969541971176e005d2c09dae851) C:\Program Files\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
19:54:10.0257 5968 DAUpdaterSvc - ok
19:54:10.0303 5968 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:54:10.0303 5968 DcomLaunch - ok
19:54:10.0335 5968 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:54:10.0335 5968 DfsC - ok
19:54:10.0459 5968 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:54:10.0475 5968 DFSR - ok
19:54:10.0647 5968 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:54:10.0647 5968 Dhcp - ok
19:54:10.0693 5968 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:54:10.0693 5968 disk - ok
19:54:10.0740 5968 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:54:10.0740 5968 Dnscache - ok
19:54:10.0771 5968 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:54:10.0771 5968 dot3svc - ok
19:54:10.0787 5968 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:54:10.0803 5968 DPS - ok
19:54:10.0818 5968 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:54:10.0818 5968 drmkaud - ok
19:54:10.0881 5968 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:54:10.0896 5968 DXGKrnl - ok
19:54:10.0927 5968 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:54:10.0927 5968 E1G60 - ok
19:54:10.0974 5968 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:54:10.0974 5968 EapHost - ok
19:54:11.0005 5968 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:54:11.0005 5968 Ecache - ok
19:54:11.0068 5968 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:54:11.0068 5968 ehRecvr - ok
19:54:11.0099 5968 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:54:11.0099 5968 ehSched - ok
19:54:11.0115 5968 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:54:11.0115 5968 ehstart - ok
19:54:11.0146 5968 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
19:54:11.0146 5968 elxstor - ok
19:54:11.0208 5968 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:54:11.0208 5968 EMDMgmt - ok
19:54:11.0255 5968 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\Windows\system32\DRIVERS\ENTECH.sys
19:54:11.0255 5968 ENTECH - ok
19:54:11.0286 5968 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:54:11.0286 5968 EventSystem - ok
19:54:11.0317 5968 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:54:11.0317 5968 exfat - ok
19:54:11.0364 5968 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:54:11.0364 5968 fastfat - ok
19:54:11.0395 5968 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
19:54:11.0395 5968 Fax - ok
19:54:11.0427 5968 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:54:11.0427 5968 fdc - ok
19:54:11.0458 5968 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:54:11.0458 5968 fdPHost - ok
19:54:11.0458 5968 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:54:11.0473 5968 FDResPub - ok
19:54:11.0489 5968 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:54:11.0489 5968 FileInfo - ok
19:54:11.0505 5968 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:54:11.0505 5968 Filetrace - ok
19:54:11.0520 5968 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:54:11.0520 5968 flpydisk - ok
19:54:11.0551 5968 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:54:11.0551 5968 FltMgr - ok
19:54:11.0661 5968 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:54:11.0676 5968 FontCache - ok
19:54:11.0723 5968 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:54:11.0723 5968 FontCache3.0.0.0 - ok
19:54:11.0739 5968 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
19:54:11.0739 5968 Fs_Rec - ok
19:54:11.0754 5968 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
19:54:11.0754 5968 fvevol - ok
19:54:11.0785 5968 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
19:54:11.0785 5968 gagp30kx - ok
19:54:11.0832 5968 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
19:54:11.0832 5968 GEARAspiWDM - ok
19:54:11.0895 5968 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:54:11.0910 5968 gpsvc - ok
19:54:11.0988 5968 gupdate1c996d2acf00cdb (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
19:54:11.0988 5968 gupdate1c996d2acf00cdb - ok
19:54:12.0004 5968 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
19:54:12.0004 5968 gupdatem - ok
19:54:12.0035 5968 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:54:12.0035 5968 gusvc - ok
19:54:12.0097 5968 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
19:54:12.0097 5968 HdAudAddService - ok
19:54:12.0144 5968 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:54:12.0144 5968 HDAudBus - ok
19:54:12.0160 5968 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:54:12.0160 5968 HidBth - ok
19:54:12.0160 5968 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:54:12.0160 5968 HidIr - ok
19:54:12.0191 5968 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
19:54:12.0191 5968 hidserv - ok
19:54:12.0207 5968 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
19:54:12.0207 5968 HidUsb - ok
19:54:12.0222 5968 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:54:12.0238 5968 hkmsvc - ok
19:54:12.0238 5968 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
19:54:12.0238 5968 HpCISSs - ok
19:54:12.0300 5968 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:54:12.0300 5968 HTTP - ok
19:54:12.0316 5968 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
19:54:12.0316 5968 i2omp - ok
19:54:12.0347 5968 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:54:12.0363 5968 i8042prt - ok
19:54:12.0378 5968 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
19:54:12.0378 5968 iaStorV - ok
19:54:12.0456 5968 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:54:12.0456 5968 IDriverT - ok
19:54:12.0565 5968 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:54:12.0565 5968 idsvc - ok
19:54:12.0675 5968 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:54:12.0675 5968 iirsp - ok
19:54:12.0721 5968 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:54:12.0721 5968 IKEEXT - ok
19:54:12.0737 5968 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
19:54:12.0737 5968 intelide - ok
19:54:12.0768 5968 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:54:12.0768 5968 intelppm - ok
19:54:12.0799 5968 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:54:12.0799 5968 IPBusEnum - ok
19:54:12.0815 5968 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:54:12.0815 5968 IpFilterDriver - ok
19:54:12.0846 5968 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:54:12.0862 5968 iphlpsvc - ok
19:54:12.0862 5968 IpInIp - ok
19:54:12.0877 5968 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
19:54:12.0877 5968 IPMIDRV - ok
19:54:12.0924 5968 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:54:12.0924 5968 IPNAT - ok
19:54:13.0033 5968 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
19:54:13.0033 5968 iPod Service - ok
19:54:13.0049 5968 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:54:13.0049 5968 IRENUM - ok
19:54:13.0065 5968 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
19:54:13.0065 5968 isapnp - ok
19:54:13.0111 5968 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:54:13.0111 5968 iScsiPrt - ok
19:54:13.0127 5968 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:54:13.0127 5968 iteatapi - ok
19:54:13.0143 5968 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:54:13.0143 5968 iteraid - ok
19:54:13.0158 5968 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:54:13.0158 5968 kbdclass - ok
19:54:13.0158 5968 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
19:54:13.0158 5968 kbdhid - ok
19:54:13.0189 5968 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:54:13.0189 5968 KeyIso - ok
19:54:13.0236 5968 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:54:13.0236 5968 KSecDD - ok
19:54:13.0299 5968 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:54:13.0299 5968 KtmRm - ok
19:54:13.0330 5968 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\Windows\system32\DRIVERS\L8042Kbd.sys
19:54:13.0330 5968 L8042Kbd - ok
19:54:13.0345 5968 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\Windows\system32\DRIVERS\L8042mou.Sys
19:54:13.0361 5968 L8042mou - ok
19:54:13.0392 5968 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
19:54:13.0392 5968 LanmanServer - ok
19:54:13.0423 5968 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:54:13.0423 5968 LanmanWorkstation - ok
19:54:13.0486 5968 Lavasoft Kernexplorer - ok
19:54:13.0517 5968 Lbd - ok
19:54:13.0564 5968 LBTServ (a0f7dc0080e4f97dc97de08b699e231b) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
19:54:13.0564 5968 LBTServ - ok
19:54:13.0595 5968 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
19:54:13.0595 5968 lirsgt - ok
19:54:13.0626 5968 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:54:13.0626 5968 lltdio - ok
19:54:13.0657 5968 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:54:13.0657 5968 lltdsvc - ok
19:54:13.0689 5968 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:54:13.0689 5968 lmhosts - ok
19:54:13.0704 5968 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\Windows\system32\DRIVERS\LMouKE.Sys
19:54:13.0704 5968 LMouKE - ok
19:54:13.0735 5968 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
19:54:13.0735 5968 LSI_FC - ok
19:54:13.0751 5968 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
19:54:13.0751 5968 LSI_SAS - ok
19:54:13.0782 5968 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
19:54:13.0782 5968 LSI_SCSI - ok
19:54:13.0798 5968 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:54:13.0798 5968 luafv - ok
19:54:13.0829 5968 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:54:13.0829 5968 Mcx2Svc - ok
19:54:13.0845 5968 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
19:54:13.0845 5968 megasas - ok
19:54:13.0860 5968 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:54:13.0860 5968 MMCSS - ok
19:54:13.0876 5968 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:54:13.0876 5968 Modem - ok
19:54:13.0907 5968 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:54:13.0907 5968 monitor - ok
19:54:13.0954 5968 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:54:13.0954 5968 mouclass - ok
19:54:13.0969 5968 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
19:54:13.0969 5968 mouhid - ok
19:54:13.0985 5968 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:54:13.0985 5968 MountMgr - ok
19:54:14.0047 5968 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:54:14.0047 5968 MozillaMaintenance - ok
19:54:14.0079 5968 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
19:54:14.0079 5968 mpio - ok
19:54:14.0094 5968 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:54:14.0094 5968 mpsdrv - ok
19:54:14.0094 5968 MpsSvc - ok
19:54:14.0110 5968 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:54:14.0110 5968 Mraid35x - ok
19:54:14.0141 5968 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:54:14.0141 5968 MRxDAV - ok
19:54:14.0172 5968 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:54:14.0172 5968 mrxsmb - ok
19:54:14.0203 5968 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:54:14.0203 5968 mrxsmb10 - ok
19:54:14.0219 5968 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:54:14.0219 5968 mrxsmb20 - ok
19:54:14.0219 5968 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
19:54:14.0219 5968 msahci - ok
19:54:14.0250 5968 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
19:54:14.0250 5968 msdsm - ok
19:54:14.0281 5968 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:54:14.0281 5968 MSDTC - ok
19:54:14.0313 5968 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:54:14.0313 5968 Msfs - ok
19:54:14.0344 5968 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:54:14.0344 5968 msisadrv - ok
19:54:14.0375 5968 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:54:14.0375 5968 MSiSCSI - ok
19:54:14.0375 5968 msiserver - ok
19:54:14.0406 5968 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:54:14.0406 5968 MSKSSRV - ok
19:54:14.0437 5968 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:54:14.0437 5968 MSPCLOCK - ok
19:54:14.0437 5968 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:54:14.0437 5968 MSPQM - ok
19:54:14.0469 5968 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:54:14.0469 5968 MsRPC - ok
19:54:14.0484 5968 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:54:14.0484 5968 mssmbios - ok
19:54:14.0484 5968 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:54:14.0484 5968 MSTEE - ok
19:54:14.0515 5968 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys
19:54:14.0515 5968 MTsensor - ok
19:54:14.0531 5968 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:54:14.0531 5968 Mup - ok
19:54:14.0562 5968 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:54:14.0562 5968 napagent - ok
19:54:14.0609 5968 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:54:14.0609 5968 NativeWifiP - ok
19:54:14.0749 5968 NBService (b498a14133bd09ad0817590ace4470ad) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
19:54:14.0749 5968 NBService - ok
19:54:14.0796 5968 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:54:14.0796 5968 NDIS - ok
19:54:14.0827 5968 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:54:14.0827 5968 NdisTapi - ok
19:54:14.0843 5968 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:54:14.0843 5968 Ndisuio - ok
19:54:14.0874 5968 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:54:14.0874 5968 NdisWan - ok
19:54:14.0905 5968 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:54:14.0921 5968 NDProxy - ok
19:54:14.0937 5968 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:54:14.0937 5968 NetBIOS - ok
19:54:14.0968 5968 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:54:14.0968 5968 netbt - ok
19:54:14.0968 5968 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:54:14.0968 5968 Netlogon - ok
19:54:14.0999 5968 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:54:15.0015 5968 Netman - ok
19:54:15.0046 5968 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:54:15.0046 5968 netprofm - ok
19:54:15.0077 5968 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:54:15.0077 5968 NetTcpPortSharing - ok
19:54:15.0093 5968 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:54:15.0108 5968 nfrd960 - ok
19:54:15.0124 5968 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:54:15.0124 5968 NlaSvc - ok
19:54:15.0217 5968 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
19:54:15.0217 5968 NMIndexingService - ok
19:54:15.0249 5968 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:54:15.0249 5968 Npfs - ok
19:54:15.0264 5968 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:54:15.0264 5968 nsi - ok
19:54:15.0295 5968 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:54:15.0295 5968 nsiproxy - ok
19:54:15.0373 5968 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:54:15.0373 5968 Ntfs - ok
19:54:15.0373 5968 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:54:15.0389 5968 ntrigdigi - ok
19:54:15.0389 5968 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:54:15.0389 5968 Null - ok
19:54:15.0483 5968 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
19:54:15.0483 5968 NVENETFD - ok
19:54:15.0514 5968 NVHDA (3d7fb57354703809b5f0c23287fac1d6) C:\Windows\system32\drivers\nvhda32v.sys
19:54:15.0529 5968 NVHDA - ok
19:54:16.0091 5968 nvlddmkm (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:54:16.0153 5968 nvlddmkm - ok
19:54:16.0263 5968 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
19:54:16.0278 5968 nvraid - ok
19:54:16.0278 5968 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
19:54:16.0278 5968 nvstor - ok
19:54:16.0309 5968 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
19:54:16.0309 5968 nvstor32 - ok
19:54:16.0372 5968 NVSvc (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
19:54:16.0387 5968 NVSvc - ok
19:54:16.0575 5968 nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:54:16.0590 5968 nvUpdatusService - ok
19:54:16.0715 5968 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
19:54:16.0715 5968 nv_agp - ok
19:54:16.0715 5968 NwlnkFlt - ok
19:54:16.0731 5968 NwlnkFwd - ok
19:54:16.0762 5968 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:54:16.0762 5968 ohci1394 - ok
19:54:16.0809 5968 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:54:16.0809 5968 ose - ok
19:54:16.0855 5968 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:54:16.0871 5968 p2pimsvc - ok
19:54:16.0871 5968 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:54:16.0871 5968 p2psvc - ok
19:54:16.0902 5968 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:54:16.0902 5968 Parport - ok
19:54:16.0918 5968 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
19:54:16.0918 5968 partmgr - ok
19:54:16.0933 5968 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:54:16.0933 5968 Parvdm - ok
19:54:16.0965 5968 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:54:16.0965 5968 PcaSvc - ok
19:54:16.0996 5968 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:54:16.0996 5968 pci - ok
19:54:17.0011 5968 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
19:54:17.0011 5968 pciide - ok
19:54:17.0043 5968 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:54:17.0043 5968 pcmcia - ok
19:54:17.0136 5968 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:54:17.0136 5968 PEAUTH - ok
19:54:17.0245 5968 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:54:17.0245 5968 pla - ok
19:54:17.0355 5968 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:54:17.0370 5968 PlugPlay - ok
19:54:17.0433 5968 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:54:17.0433 5968 PNRPAutoReg - ok
19:54:17.0433 5968 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:54:17.0448 5968 PNRPsvc - ok
19:54:17.0479 5968 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:54:17.0495 5968 PolicyAgent - ok
19:54:17.0542 5968 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:54:17.0542 5968 PptpMiniport - ok
19:54:17.0557 5968 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
19:54:17.0557 5968 Processor - ok
19:54:17.0573 5968 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:54:17.0573 5968 ProfSvc - ok
19:54:17.0604 5968 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:54:17.0604 5968 ProtectedStorage - ok
19:54:17.0620 5968 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:54:17.0620 5968 PSched - ok
19:54:17.0698 5968 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
19:54:17.0698 5968 ql2300 - ok
19:54:17.0713 5968 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:54:17.0713 5968 ql40xx - ok
19:54:17.0760 5968 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:54:17.0760 5968 QWAVE - ok
19:54:17.0791 5968 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:54:17.0791 5968 QWAVEdrv - ok
19:54:17.0854 5968 RapiMgr (70dbdab246c18b78e2200d6401d038be) C:\Windows\WindowsMobile\rapimgr.dll
19:54:17.0854 5968 RapiMgr - ok
19:54:17.0885 5968 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:54:17.0885 5968 RasAcd - ok
19:54:17.0916 5968 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:54:17.0916 5968 RasAuto - ok
19:54:17.0947 5968 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:54:17.0947 5968 Rasl2tp - ok
19:54:17.0994 5968 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:54:17.0994 5968 RasMan - ok
19:54:18.0025 5968 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:54:18.0025 5968 RasPppoe - ok
19:54:18.0057 5968 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:54:18.0057 5968 RasSstp - ok
19:54:18.0088 5968 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:54:18.0103 5968 rdbss - ok
19:54:18.0135 5968 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:54:18.0135 5968 RDPCDD - ok
19:54:18.0181 5968 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
19:54:18.0181 5968 rdpdr - ok
19:54:18.0197 5968 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:54:18.0197 5968 RDPENCDD - ok
19:54:18.0228 5968 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
19:54:18.0228 5968 RDPWD - ok
19:54:18.0259 5968 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:54:18.0259 5968 RemoteAccess - ok
19:54:18.0275 5968 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:54:18.0275 5968 RemoteRegistry - ok
19:54:18.0306 5968 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:54:18.0306 5968 RpcLocator - ok
19:54:18.0353 5968 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:54:18.0369 5968 RpcSs - ok
19:54:18.0384 5968 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:54:18.0400 5968 rspndr - ok
19:54:18.0415 5968 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:54:18.0415 5968 SamSs - ok
19:54:18.0447 5968 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:54:18.0447 5968 sbp2port - ok
19:54:18.0478 5968 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:54:18.0478 5968 SCardSvr - ok
19:54:18.0540 5968 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:54:18.0540 5968 Schedule - ok
19:54:18.0571 5968 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:54:18.0571 5968 SCPolicySvc - ok
19:54:18.0587 5968 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:54:18.0603 5968 SDRSVC - ok
19:54:18.0603 5968 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:54:18.0603 5968 secdrv - ok
19:54:18.0634 5968 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:54:18.0634 5968 seclogon - ok
19:54:18.0649 5968 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
19:54:18.0649 5968 SENS - ok
19:54:18.0665 5968 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:54:18.0665 5968 Serenum - ok
19:54:18.0681 5968 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:54:18.0681 5968 Serial - ok
19:54:18.0696 5968 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:54:18.0696 5968 sermouse - ok
19:54:18.0727 5968 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:54:18.0727 5968 SessionEnv - ok
19:54:18.0727 5968 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
19:54:18.0727 5968 sffdisk - ok
19:54:18.0759 5968 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
19:54:18.0759 5968 sffp_mmc - ok
19:54:18.0774 5968 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
19:54:18.0774 5968 sffp_sd - ok
19:54:18.0774 5968 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:54:18.0774 5968 sfloppy - ok
19:54:18.0805 5968 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:54:18.0805 5968 SharedAccess - ok
19:54:18.0852 5968 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:54:18.0852 5968 ShellHWDetection - ok
19:54:18.0868 5968 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
19:54:18.0868 5968 sisagp - ok
19:54:18.0883 5968 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
19:54:18.0883 5968 SiSRaid2 - ok
19:54:18.0899 5968 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
19:54:18.0899 5968 SiSRaid4 - ok
19:54:19.0102 5968 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:54:19.0117 5968 slsvc - ok
19:54:19.0227 5968 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:54:19.0227 5968 SLUINotify - ok
19:54:19.0273 5968 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:54:19.0273 5968 Smb - ok
19:54:19.0289 5968 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:54:19.0289 5968 SNMPTRAP - ok
19:54:19.0320 5968 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:54:19.0320 5968 spldr - ok
19:54:19.0351 5968 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:54:19.0351 5968 Spooler - ok
19:54:19.0429 5968 sptd (e8b705f9abe446aaf7a315ef8b4aea5a) C:\Windows\system32\Drivers\sptd.sys
19:54:19.0429 5968 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: e8b705f9abe446aaf7a315ef8b4aea5a
19:54:19.0429 5968 sptd ( LockedFile.Multi.Generic ) - warning
19:54:19.0429 5968 sptd - detected LockedFile.Multi.Generic (1)
19:54:19.0476 5968 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:54:19.0476 5968 srv - ok
19:54:19.0507 5968 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:54:19.0507 5968 srv2 - ok
19:54:19.0523 5968 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:54:19.0523 5968 srvnet - ok
19:54:19.0539 5968 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:54:19.0554 5968 SSDPSRV - ok
19:54:19.0585 5968 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:54:19.0585 5968 ssmdrv - ok
19:54:19.0617 5968 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:54:19.0617 5968 SstpSvc - ok
19:54:19.0679 5968 Steam Client Service - ok
19:54:19.0726 5968 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:54:19.0726 5968 stisvc - ok
19:54:19.0741 5968 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:54:19.0741 5968 swenum - ok
19:54:19.0788 5968 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:54:19.0788 5968 swprv - ok
19:54:19.0804 5968 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:54:19.0804 5968 Symc8xx - ok
19:54:19.0819 5968 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:54:19.0819 5968 Sym_hi - ok
19:54:19.0835 5968 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:54:19.0835 5968 Sym_u3 - ok
19:54:19.0897 5968 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:54:19.0897 5968 SysMain - ok
19:54:19.0913 5968 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:54:19.0929 5968 TabletInputService - ok
19:54:19.0960 5968 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:54:19.0960 5968 TapiSrv - ok
19:54:19.0975 5968 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:54:19.0991 5968 TBS - ok
19:54:20.0069 5968 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
19:54:20.0069 5968 Tcpip - ok
19:54:20.0085 5968 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
19:54:20.0085 5968 Tcpip6 - ok
19:54:20.0116 5968 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:54:20.0116 5968 tcpipreg - ok
19:54:20.0147 5968 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:54:20.0147 5968 TDPIPE - ok
19:54:20.0178 5968 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:54:20.0178 5968 TDTCP - ok
19:54:20.0194 5968 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:54:20.0194 5968 tdx - ok
19:54:20.0225 5968 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:54:20.0225 5968 TermDD - ok
19:54:20.0272 5968 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:54:20.0272 5968 TermService - ok
19:54:20.0319 5968 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:54:20.0319 5968 Themes - ok
19:54:20.0350 5968 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:54:20.0350 5968 THREADORDER - ok
19:54:20.0365 5968 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:54:20.0365 5968 TrkWks - ok
19:54:20.0412 5968 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:54:20.0412 5968 TrustedInstaller - ok
19:54:20.0428 5968 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:54:20.0428 5968 tssecsrv - ok
19:54:20.0459 5968 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:54:20.0459 5968 tunmp - ok
19:54:20.0506 5968 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:54:20.0506 5968 tunnel - ok
19:54:20.0537 5968 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
19:54:20.0537 5968 uagp35 - ok
19:54:20.0568 5968 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:54:20.0568 5968 udfs - ok
19:54:20.0599 5968 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:54:20.0599 5968 UI0Detect - ok
19:54:20.0615 5968 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
19:54:20.0615 5968 uliagpkx - ok
19:54:20.0631 5968 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
19:54:20.0631 5968 uliahci - ok
19:54:20.0646 5968 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:54:20.0646 5968 UlSata - ok
19:54:20.0677 5968 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:54:20.0677 5968 ulsata2 - ok
19:54:20.0693 5968 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:54:20.0693 5968 umbus - ok
19:54:20.0724 5968 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
19:54:20.0740 5968 UmRdpService - ok
19:54:20.0771 5968 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:54:20.0771 5968 upnphost - ok
19:54:20.0787 5968 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
19:54:20.0787 5968 usbccgp - ok
19:54:20.0818 5968 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:54:20.0818 5968 usbcir - ok
19:54:20.0833 5968 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:54:20.0833 5968 usbehci - ok
19:54:20.0865 5968 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:54:20.0865 5968 usbhub - ok
19:54:20.0880 5968 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
19:54:20.0880 5968 usbohci - ok
19:54:20.0880 5968 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
19:54:20.0880 5968 usbprint - ok
19:54:20.0911 5968 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:54:20.0911 5968 USBSTOR - ok
19:54:20.0911 5968 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
19:54:20.0911 5968 usbuhci - ok
19:54:20.0943 5968 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
19:54:20.0943 5968 usb_rndisx - ok
19:54:20.0958 5968 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:54:20.0958 5968 UxSms - ok
19:54:21.0005 5968 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:54:21.0005 5968 vds - ok
19:54:21.0052 5968 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:54:21.0052 5968 vga - ok
19:54:21.0067 5968 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:54:21.0067 5968 VgaSave - ok
19:54:21.0083 5968 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
19:54:21.0083 5968 viaagp - ok
19:54:21.0099 5968 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
19:54:21.0099 5968 ViaC7 - ok
19:54:21.0114 5968 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
19:54:21.0114 5968 viaide - ok
19:54:21.0145 5968 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:54:21.0145 5968 volmgr - ok
19:54:21.0177 5968 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:54:21.0177 5968 volmgrx - ok
19:54:21.0223 5968 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:54:21.0239 5968 volsnap - ok
19:54:21.0255 5968 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
19:54:21.0255 5968 vsmraid - ok
19:54:21.0317 5968 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:54:21.0317 5968 VSS - ok
19:54:21.0364 5968 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:54:21.0364 5968 W32Time - ok
19:54:21.0395 5968 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:54:21.0395 5968 WacomPen - ok
19:54:21.0426 5968 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:54:21.0426 5968 Wanarp - ok
19:54:21.0426 5968 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:54:21.0426 5968 Wanarpv6 - ok
19:54:21.0489 5968 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
19:54:21.0489 5968 wbengine - ok
19:54:21.0551 5968 WcesComm (779f9c90d3fe9c70b6ffd8ef035f3e83) C:\Windows\WindowsMobile\wcescomm.dll
19:54:21.0551 5968 WcesComm - ok
19:54:21.0645 5968 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:54:21.0660 5968 wcncsvc - ok
19:54:21.0676 5968 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:54:21.0676 5968 WcsPlugInService - ok
19:54:21.0707 5968 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
19:54:21.0707 5968 Wd - ok
19:54:21.0754 5968 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:54:21.0754 5968 Wdf01000 - ok
19:54:21.0785 5968 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:54:21.0785 5968 WdiServiceHost - ok
19:54:21.0785 5968 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:54:21.0785 5968 WdiSystemHost - ok
19:54:21.0816 5968 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:54:21.0832 5968 WebClient - ok
19:54:21.0863 5968 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:54:21.0863 5968 Wecsvc - ok
19:54:21.0894 5968 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:54:21.0894 5968 wercplsupport - ok
19:54:21.0910 5968 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:54:21.0910 5968 WerSvc - ok
19:54:21.0988 5968 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:54:21.0988 5968 WinDefend - ok
19:54:21.0988 5968 WinHttpAutoProxySvc - ok
19:54:22.0019 5968 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:54:22.0019 5968 Winmgmt - ok
19:54:22.0128 5968 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:54:22.0128 5968 WinRM - ok
19:54:22.0191 5968 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:54:22.0191 5968 Wlansvc - ok
19:54:22.0393 5968 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:54:22.0393 5968 wlidsvc - ok
19:54:22.0534 5968 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
19:54:22.0534 5968 WmiAcpi - ok
19:54:22.0581 5968 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:54:22.0581 5968 wmiApSrv - ok
19:54:22.0674 5968 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:54:22.0674 5968 WMPNetworkSvc - ok
19:54:22.0690 5968 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:54:22.0690 5968 WPCSvc - ok
19:54:22.0721 5968 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:54:22.0721 5968 WPDBusEnum - ok
19:54:22.0783 5968 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:54:22.0783 5968 WpdUsb - ok
19:54:22.0908 5968 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:54:22.0924 5968 WPFFontCache_v0400 - ok
19:54:22.0955 5968 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:54:22.0955 5968 ws2ifsl - ok
19:54:22.0971 5968 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
19:54:22.0986 5968 wscsvc - ok
19:54:22.0986 5968 WSearch - ok
19:54:23.0127 5968 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
19:54:23.0142 5968 wuauserv - ok
19:54:23.0298 5968 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:54:23.0298 5968 WUDFRd - ok
19:54:23.0329 5968 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:54:23.0329 5968 wudfsvc - ok
19:54:23.0329 5968 XDva020 - ok
19:54:23.0376 5968 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:54:23.0595 5968 \Device\Harddisk0\DR0 - ok
19:54:23.0595 5968 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:54:23.0595 5968 \Device\Harddisk1\DR1 - ok
19:54:23.0595 5968 Boot (0x1200) (97b396aa354bf4c39f3d2dbdcce53ea6) \Device\Harddisk0\DR0\Partition0
19:54:23.0595 5968 \Device\Harddisk0\DR0\Partition0 - ok
19:54:23.0626 5968 Boot (0x1200) (671827190c942bf4a225d8a06c349b25) \Device\Harddisk0\DR0\Partition1
19:54:23.0626 5968 \Device\Harddisk0\DR0\Partition1 - ok
19:54:23.0626 5968 Boot (0x1200) (0a5d681bf59f0585fc814537af93cda8) \Device\Harddisk1\DR1\Partition0
19:54:23.0626 5968 \Device\Harddisk1\DR1\Partition0 - ok
19:54:23.0626 5968 Boot (0x1200) (315c0fb8d36378cad13a5fc05a9909d7) \Device\Harddisk1\DR1\Partition1
19:54:23.0626 5968 \Device\Harddisk1\DR1\Partition1 - ok
19:54:23.0626 5968 ============================================================
19:54:23.0626 5968 Scan finished
19:54:23.0626 5968 ============================================================
19:54:23.0641 0536 Detected object count: 1
19:54:23.0641 0536 Actual detected object count: 1
19:54:27.0916 0536 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:54:27.0916 0536 sptd ( LockedFile.Multi.Generic ) - User select action: Skip



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 19:56:02
-----------------------------
19:56:02.171 OS Version: Windows 6.0.6002 Service Pack 2
19:56:02.171 Number of processors: 2 586 0xF06
19:56:02.171 ComputerName: YVES-PC UserName: Yves
19:56:03.357 Initialize success
19:57:45.697 AVAST engine defs: 12062300
19:57:53.310 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
19:57:53.310 Disk 0 Vendor: SAMSUNG_ CR10 Size: 476940MB BusType: 6
19:57:53.310 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000065
19:57:53.310 Disk 1 Vendor: WDC_WD16 08.0 Size: 152627MB BusType: 6
19:57:53.326 Disk 0 MBR read successfully
19:57:53.326 Disk 0 MBR scan
19:57:53.326 Disk 0 Windows VISTA default MBR code
19:57:53.326 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 255720 MB offset 2048
19:57:53.341 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 221218 MB offset 523716608
19:57:53.357 Disk 0 scanning sectors +976771072
19:57:53.419 Disk 0 scanning C:\Windows\system32\drivers
19:58:00.861 Service scanning
19:58:12.077 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
19:58:16.897 Modules scanning
19:58:21.733 Disk 0 trace - called modules:
19:58:21.749 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0xc34ef1e8]<<
19:58:21.749 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xc4a908d8]
19:58:21.765 3 CLASSPNP.SYS[c97c88b3] -> nt!IofCallDriver -> [0xc3554e00]
19:58:21.765 5 acpi.sys[c8fa46bc] -> nt!IofCallDriver -> \Device\00000063[0xc35a31b8]
19:58:21.765 \Driver\nvstor32[0xc357fd28] -> IRP_MJ_CREATE -> 0xc34ef1e8
19:58:22.513 AVAST engine scan C:\Windows
19:58:25.041 AVAST engine scan C:\Windows\system32
20:01:08.622 AVAST engine scan C:\Windows\system32\drivers
20:01:36.453 AVAST engine scan C:\Users\Yves
20:06:38.827 AVAST engine scan C:\ProgramData
20:09:02.004 Scan finished successfully
20:33:51.946 Disk 0 MBR has been saved successfully to "C:\Users\Yves\Desktop\MBR.dat"
20:33:51.946 The log file has been saved successfully to "C:\Users\Yves\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 23 June 2012 - 04:10 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\Yves\AppData\Roaming\Mozilla\Firefox\Profiles\qp45c9st.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 4

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 bisc

bisc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 24 June 2012 - 05:31 AM

Thank You Gringo.

Here is the new ComboFix report. I was asked to update ComboFix, which i did.
I still can't start the windows firewall and some other windows services also seem to be disabled. Other than that everything seems to be back to normal.



ComboFix 12-06-23.06 - Yves 24.06.2012 11:51:33.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.41.1033.18.3326.2298 [GMT 2:00]
ausgeführt von:: c:\users\Yves\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Yves\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-24 bis 2012-06-24 ))))))))))))))))))))))))))))))
.
.
2012-06-24 09:59 . 2012-06-24 09:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-24 09:59 . 2012-06-24 09:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 20:31 . 2012-06-23 20:31 -------- d-----w- c:\users\Yves\AppData\Local\MediaMonkey
2012-06-23 20:30 . 2012-06-23 22:17 -------- d-----w- c:\users\Yves\AppData\Roaming\MediaMonkey
2012-06-23 20:30 . 2012-06-23 20:30 -------- d-----w- c:\programdata\MediaMonkey
2012-06-23 20:30 . 2012-06-23 20:30 -------- d-----w- c:\program files\MediaMonkey
2012-06-22 17:45 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 17:45 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 17:45 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 17:45 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 17:45 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 17:45 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 17:45 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 17:45 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 17:45 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 22:59 . 2012-06-19 22:59 -------- d-----w- c:\users\Yves\AppData\Roaming\Avira
2012-06-19 22:55 . 2012-06-19 22:55 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-19 22:53 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-19 22:53 . 2012-04-24 22:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-19 22:53 . 2012-04-16 19:17 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-19 22:53 . 2012-06-19 22:53 -------- d-----w- c:\programdata\Avira
2012-06-19 22:53 . 2012-06-19 22:53 -------- d-----w- c:\program files\Avira
2012-06-19 22:15 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-19 22:15 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-19 22:15 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-19 22:14 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-19 22:14 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-17 20:35 . 2012-06-17 20:35 -------- d-----w- c:\users\Yves\AppData\Local\Macromedia
2012-06-17 20:29 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6BCFB982-2A51-4147-998F-0E55A78BDC21}\mpengine.dll
2012-06-14 22:33 . 2012-06-14 22:33 -------- d-----w- c:\program files\iPod
2012-06-14 22:33 . 2012-06-14 22:34 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 21:35 . 2012-04-02 10:58 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 21:35 . 2011-05-14 16:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 13:56 . 2009-02-18 20:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16 . 2012-05-16 18:40 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-16 18:40 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39 . 2012-05-16 18:41 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-05-06 12:22 . 2011-05-08 11:11 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-24 39408]
"BandwidthMonitor"="c:\program files\BandwidthMonitor\BWMonitor.exe" [2007-09-16 213398]
"RGSC"="c:\program files\Games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-04-25 306088]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 1866864]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-05-30 185896]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Name of App"="c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2008-01-04 684118]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\VistaCodecPack\QT\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-10 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 15:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 21:35]
.
2012-06-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-04 20:19]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 22:53]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 22:53]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
IE: {{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - c:\windows\system32\mscoree.DLL
Trusted Zone: steampowered.com\www
TCP: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158
FF - ProfilePath - c:\users\Yves\AppData\Roaming\Mozilla\Firefox\Profiles\qp45c9st.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-24 12:03
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,59,a3,3b,96,90,c0,47,a9,7a,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,59,a3,3b,96,90,c0,47,a9,7a,40,\
.
[HKEY_USERS\S-1-5-21-1969598894-3179018686-3415232182-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:49,2d,4e,78,6f,32,16,e6,09,20,3a,84,d9,5c,6b,38,9e,a2,e5,a6,c6,85,41,
29,37,e3,1e,e0,13,2b,d1,89,f2,f0,28,02,a7,ec,08,08,7d,3e,93,df,a8,18,dd,b9,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1969598894-3179018686-3415232182-1000\Software\SecuROM\License information*]
"datasecu"=hex:9a,61,8f,8b,22,77,43,03,30,c8,9c,1c,ba,46,0b,99,fe,d7,b5,81,02,
7e,b3,5f,75,cb,c0,0b,11,47,22,db,eb,49,d3,a3,61,78,3a,ed,43,78,6f,6c,f3,0e,\
"rkeysecu"=hex:c6,4f,68,73,01,35,2f,f2,40,81,70,01,e7,57,d2,73
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3984)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
c:\program files\ASUS\AASP\1.00.25\aaCenter.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-24 12:09:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-24 10:09
ComboFix2.txt 2012-06-23 15:10
.
Vor Suchlauf: 9'877'471'232 bytes free
Nach Suchlauf: 10'852'425'728 bytes free
.
- - End Of File - - 79FC906D5DD9435D07DE66AE4988F448

Edited by bisc, 24 June 2012 - 05:41 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 24 June 2012 - 12:23 PM

Greetings

see if this helps the firewall - http://download.bleepingcomputer.com/sUBs/MiniFixes/RestoreBFE.exe



Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 8.1.3
µTorrent
Java™ 6 Update 24
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 bisc

bisc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 25 June 2012 - 06:13 AM

Hello Gringo,

Thank you for sticking around with me.

Your HijackThis link did not work for me. The version I downloaded from Sourceforge ran without installing itself.
Also, after running RestoreBFE, I still can't start my Windows firewall. I get the error message: "Windows cannot start the MpsSvc service."
I get a similar message when trying to start Windows Defender: "Application failed to initialize: 0x800106ba. A problem caused this program's service to stop."

I'm aware that uTorrent is a potential source for viruses, trojan and co. I only use it to download from trusted sources so I decided to keep it.


Here are the logs you wanted:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:50:40, on 25.06.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BandwidthMonitor\BWMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Yves\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BandwidthMonitor] C:\Program Files\BandwidthMonitor\BWMonitor.exe
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\Windows\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\Windows\system32\mscoree.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Google Update Service (gupdate1c996d2acf00cdb) (gupdate1c996d2acf00cdb) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MpsSvc - Unknown owner - C:\Windows\.
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8273 bytes



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.25.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Yves :: YVES-PC [administrator]

25.06.2012 12:36:06
mbam-log-2012-06-25 (12-36-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231664
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 25 June 2012 - 08:03 AM

Download both the registry files

http://www.mediafire.com/?317ea53a883288d

http://www.mediafire.com/?z6aw8j7997qa7j9

Launch and import them to registry

Restart your PC

Now,open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 bisc

bisc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 25 June 2012 - 11:51 AM

Hey Gringo,

I followed all your instructions, unfortunately I can't start the windows firewall service in the last step. I get the error message:

"Windows could not start the windows firewall on local Computer. For more information, review the system Event Log.
If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code5."

Thanks,

bisc

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 25 June 2012 - 12:53 PM

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the boxes are checked
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 bisc

bisc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 26 June 2012 - 01:01 PM

Thanks Gringo,

here is the new log:

Farbar Service Scanner Version: 25-06-2012 01
Ran by Yves (administrator) on 26-06-2012 at 19:58:02
Running from "C:\Users\Yves\Desktop"
Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-16 20:41] - [2012-03-30 14:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-06-20 00:15] - [2012-04-23 18:00] - 0133120 ____A (Microsoft Corporation) 75C6A297E364014840B48ECCD7525E30

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:34 PM

Posted 26 June 2012 - 09:34 PM

Greetings


try the fixit button here - http://support.microsoft.com/mats/windows_firewall_diagnostic/en-us


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 bisc

bisc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:34 PM

Posted 28 June 2012 - 01:55 AM

Hey Gringo,

I'm sorry for the delay. I will try it as soon as I get home from work tonight.

-bisc




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users