Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with sirefef trojan


  • This topic is locked This topic is locked
19 replies to this topic

#1 darshil

darshil

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 24 June 2012 - 07:11 PM

Yesterday Microsoft Security Essentials wasn't protecting my pc and should have known something was up. Tried reinstalling it today and scanning to find I have the Sirefef trojan (two varieties Win.32). Now as I start windows I get an error that "Windows will restart in 1 minute due to a system problem etc." and it does restart. I can't fix the trojan through Security Essentials. I need your help. I have seen a similar post regarding Sirefef (http://www.bleepingcomputer.com/forums/topic458220.html) and have run Farbar Recovery Scan tool under System Repair to produce FRST.txt and search.txt where I searched for services.exe(which I have attached). I am on Windows 7 32 bit.

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 25-06-2012 14:19:24
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-18] (ASUS)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-16] (Synaptics Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-25] (Microsoft Corporation)
HKU\Darshil\...\Winlogon: [Shell] expstart.exe [x]
Startup: C:\Users\Darshil\Start Menu\Programs\Startup\Stickies.lnk
ShortcutTarget: Stickies.lnk -> C:\Program Files\Stickies\stickies.exe (Zhorn Software)

================================ Services (Whitelisted) ==================

2 AMD External Events Utility; C:\Windows\System32\atiesrxx.exe [163328 2012-03-08] (AMD)
2 ASLDRService; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-14] (ASUS)
3 BrYNSvc; "C:\Program Files\Browny02\BrYNSvc.exe" [245760 2010-01-24] (Brother Industries, Ltd.)
3 Desura Install Service; C:\Program Files\Common Files\Desura\desura_service.exe [131912 2012-01-13] (Desura Pty Ltd)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [124240 2010-03-17] (Microsoft Corporation)
4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-17] (Microsoft Corporation)
4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-17] (Microsoft Corporation)
4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-17] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-04-08] ()
2 SwOffScheduler; C:\Program Files\Airytec\Switch Off\swoff.exe -service [135168 2011-05-28] (Airytec)
2 SwOffWeb; C:\Program Files\Airytec\Switch Off\swoff.exe -service [135168 2011-05-28] (Airytec)
3 wbengine; "C:\Windows\system32\wbengine.exe" [1203200 2010-11-20] (Microsoft Corporation)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [9183232 2012-03-08] (Advanced Micro Devices, Inc.)
3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [25728 2009-08-20] (Google Inc)
3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [9183232 2012-03-08] (Advanced Micro Devices, Inc.)
2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x32.sys [24328 2012-03-08] (CPUID)
1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2009-05-12] (ASUS)
3 NETw5s32; C:\Windows\System32\DRIVERS\NETw5s32.sys [6114816 2009-09-15] (Intel Corporation)
3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [105984 2009-08-13] (QUALCOMM Incorporated)
3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1068032 2009-07-13] (Motorola Inc.)
3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [15872 2009-07-13] (Microsoft Corporation)
3 VClone; C:\Windows\System32\DRIVERS\VClone.sys [30208 2011-01-15] (Elaborate Bytes AG)
3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [17920 2009-07-13] (Microsoft Corporation)
3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-13] (Microsoft Corporation)
3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [66152 2009-08-20] (Microsoft Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-25 10:17 - 2012-06-25 14:19 - 00000000 ____D C:\FRST
2012-06-25 02:29 - 2012-06-25 05:42 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-06-24 15:33 - 2012-06-24 15:33 - 00000000 ____D C:\Windows\Mozilla
2012-06-24 15:21 - 2012-06-24 15:21 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-23 03:10 - 2012-06-23 03:10 - 00000000 ____D C:\Program Files\Free Video Joiner
2012-06-23 03:09 - 2012-05-21 09:18 - 06324201 ____A (FreeVideoJoiner.com ) C:\Users\Darshil\Downloads\freevideojoinersetup.exe
2012-06-23 02:53 - 2012-06-23 03:01 - 00000000 ____D C:\Users\Darshil\Downloads\In.the.Line.of.Fire.1993.DVDRip.XviD.AC3[5.1].AR
2012-06-23 02:38 - 2012-06-23 03:33 - 00000000 ____D C:\Users\Darshil\Downloads\Byah
2012-06-22 02:17 - 2012-06-22 02:17 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-21 13:55 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 13:55 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 13:55 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 13:55 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 13:54 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 13:54 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 13:54 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 13:54 - 2012-06-01 21:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 13:54 - 2012-06-01 21:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-21 04:10 - 2012-06-21 04:17 - 00000000 ____D C:\Users\Darshil\AppData\Local\Green Man Gaming
2012-06-21 04:09 - 2012-06-21 04:10 - 00000000 ____D C:\Program Files\Capsule
2012-06-21 04:09 - 2012-02-23 03:57 - 13092824 ____A (Green Man Gaming Limited) C:\Users\Darshil\Downloads\capsulesetup-v2.33.exe
2012-06-20 15:42 - 2012-06-20 16:38 - 00000000 ____D C:\Users\Darshil\Downloads\My Neighbour Totoro (Troma)
2012-06-19 03:51 - 2012-06-19 03:52 - 00000000 ____D C:\Users\Darshil\AppData\Local\www.dvbportal.de
2012-06-17 18:31 - 2012-06-17 18:31 - 252289818 ____A C:\Windows\MEMORY.DMP
2012-06-17 18:31 - 2012-06-17 18:31 - 00470360 ____A C:\Windows\Minidump\061812-13884-01.dmp
2012-06-17 16:28 - 2012-06-17 16:28 - 00000000 ____D C:\Program Files\SRWare Iron
2012-06-17 16:26 - 2012-05-24 06:53 - 03862112 ____A (Piriform Ltd) C:\Users\Darshil\Downloads\ccsetup319.exe
2012-06-17 16:25 - 2012-05-26 06:23 - 23171499 ____A (SRWare ) C:\Users\Darshil\Downloads\srware_iron.exe
2012-06-17 16:21 - 2012-06-17 16:26 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\Opera
2012-06-17 16:21 - 2012-06-17 16:26 - 00000000 ____D C:\Users\Darshil\AppData\Local\Opera
2012-06-17 16:21 - 2012-06-17 16:26 - 00000000 ____D C:\Program Files\Opera
2012-06-17 16:20 - 2012-06-13 07:05 - 12351992 ____A (Opera Software ASA) C:\Users\Darshil\Downloads\Opera_1200_int_Setup.exe
2012-06-14 13:54 - 2012-06-14 13:54 - 00000000 ____D C:\Users\Darshil\AppData\Local\Macromedia
2012-06-12 23:00 - 2012-06-12 23:00 - 00675661 ____A C:\Users\Darshil\Downloads\Minimal Steam UI V3.8.exe
2012-06-12 21:36 - 2010-06-01 10:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2012-06-12 21:36 - 2010-06-01 10:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2012-06-12 21:36 - 2010-06-01 10:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2012-06-12 21:36 - 2010-05-25 17:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2012-06-12 21:36 - 2010-05-25 17:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2012-06-12 21:36 - 2010-05-25 17:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2012-06-12 21:36 - 2010-05-25 17:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2012-06-12 21:36 - 2010-02-03 16:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2012-06-12 21:36 - 2010-02-03 16:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2012-06-12 21:36 - 2010-02-03 16:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2012-06-12 21:36 - 2010-02-03 16:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2012-06-12 21:36 - 2009-09-03 23:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2012-06-12 21:36 - 2009-09-03 23:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2012-06-12 21:36 - 2009-09-03 23:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2012-06-12 21:36 - 2009-09-03 23:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2012-06-12 21:36 - 2008-10-26 16:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2012-06-12 21:36 - 2008-10-26 16:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2012-06-12 21:36 - 2008-10-26 16:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2012-06-12 21:36 - 2008-10-26 16:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2012-06-12 21:36 - 2008-07-30 16:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2012-06-12 15:33 - 2012-06-12 15:33 - 00000000 ____D C:\Program Files\PuTTY
2012-06-12 15:33 - 2011-12-10 05:38 - 01849240 ____A (Simon Tatham ) C:\Users\Darshil\Downloads\putty-0.62-installer.exe
2012-06-12 13:43 - 2012-05-14 17:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 13:43 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-06-12 13:43 - 2012-04-27 19:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 13:43 - 2012-04-16 20:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-12 13:43 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-12 13:42 - 2012-04-30 20:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-12 13:42 - 2012-04-25 20:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 13:42 - 2012-04-25 20:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 13:42 - 2012-04-25 20:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 13:41 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-12 13:41 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-12 13:41 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-09 15:57 - 2012-06-09 15:57 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\FFSJ
2012-06-08 02:46 - 2012-06-08 02:49 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\Babbel
2012-06-07 17:21 - 2010-09-28 04:06 - 00608448 ____A (Microsoft Corporation) C:\Windows\System32\COMCTL32.ocx
2012-06-07 17:05 - 2012-06-07 17:05 - 00000000 ____D C:\Windows\ShellNew
2012-06-07 15:44 - 2012-05-23 06:13 - 211689472 ____A C:\Users\Darshil\Downloads\LibO_3.5.4_Win_x86_install_multi.msi
2012-06-06 21:18 - 2012-06-06 21:18 - 00000000 ____D C:\Users\Darshil\Downloads\Batman The Dark Knight [2008]-720p-BRrip-x264-KurdishAngel
2012-06-04 18:32 - 2012-06-07 17:12 - 00007403 ____A C:\Windows\DiabUnin.dat
2012-06-04 18:32 - 2012-06-04 18:32 - 00118784 ____A (Blizzard Entertainment) C:\Windows\DiabUnin.exe
2012-06-04 18:32 - 2012-06-04 18:32 - 00002829 ____A C:\Windows\DiabUnin.pif
2012-06-04 18:31 - 2012-06-07 17:28 - 00000000 ____D C:\Program Files\Diablo
2012-06-03 21:56 - 2012-06-03 21:56 - 00000000 ____D C:\Program Files\CPUID
2012-06-03 21:56 - 2012-03-08 16:57 - 00024328 ____A (CPUID) C:\Windows\System32\Drivers\cpuz135_x32.sys
2012-06-03 21:55 - 2012-04-22 18:17 - 04387080 ____A ( ) C:\Users\Darshil\Downloads\cpu-z_1.60.1-setup-en.exe
2012-06-03 17:47 - 2012-04-10 12:18 - 60193804 ____A C:\Users\Darshil\Downloads\4108819_R4JSW.mp4.mp4
2012-06-03 17:46 - 2012-06-16 17:06 - 00000000 ____D C:\Users\Darshil\dwhelper
2012-06-03 17:12 - 2012-06-03 17:21 - 00000000 ____D C:\Users\Darshil\Downloads\Blade.Runner (1997)
2012-06-03 15:50 - 2008-03-13 21:20 - 67717444 ____A C:\Users\Darshil\Downloads\400468_mp4_h264_aac.mp4
2012-06-02 16:11 - 2012-06-02 16:22 - 00000000 ____D C:\Users\Darshil\Downloads\Batman.Begins[2005]DVDrip.h264.[Eng]-phrax
2012-05-27 01:31 - 2012-05-27 01:39 - 00000000 ____D C:\Users\Darshil\Downloads\The Big Lebowski (1998)
2012-05-26 20:33 - 2012-05-26 20:38 - 00000000 ____D C:\Users\Darshil\Documents\AssaultCube_v1.1
2012-05-26 20:20 - 2012-05-26 20:37 - 00000000 ____D C:\Program Files\AssaultCube_v1.1.0.4
2012-05-26 16:53 - 2012-05-26 18:21 - 00000000 ____D C:\Program Files\Uplink
2012-05-26 16:52 - 2012-05-26 16:52 - 21255122 ____A (Introversion Software) C:\Users\Darshil\Downloads\UplinkSetup-1.6rc3.exe

============ 3 Months Modified Files and Folders ===============

2012-06-25 14:19 - 2012-06-25 10:17 - 00000000 ____D C:\FRST
2012-06-25 05:42 - 2012-06-25 02:29 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-06-24 19:52 - 2012-04-30 01:25 - 00022213 ____A C:\Windows\setupact.log
2012-06-24 19:52 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-24 19:51 - 2012-02-14 02:54 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\stickies
2012-06-24 15:33 - 2012-06-24 15:33 - 00000000 ____D C:\Windows\Mozilla
2012-06-24 15:30 - 2012-01-10 22:30 - 00000000 __SHD C:\Users\Darshil\AppData\Local\{ee6686e5-3f29-1f24-b6fe-ad8590ec4f8e}
2012-06-24 15:29 - 2012-01-03 22:43 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\uTorrent
2012-06-24 15:23 - 2012-01-24 20:09 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1365191924-137578127-4193770280-1003UA.job
2012-06-24 15:23 - 2012-01-02 13:16 - 01395548 ____A C:\Windows\WindowsUpdate.log
2012-06-24 15:21 - 2012-06-24 15:21 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-24 15:21 - 2012-01-03 03:03 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-24 15:21 - 2012-01-02 13:08 - 00788116 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-24 15:06 - 2009-07-13 20:34 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-24 15:06 - 2009-07-13 20:34 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-24 00:11 - 2012-03-28 19:07 - 00000000 ___RD C:\Users\Darshil\Desktop\Stuff
2012-06-23 23:42 - 2012-01-03 02:47 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\vlc
2012-06-23 23:38 - 2012-01-04 14:29 - 00000000 ____D C:\Program Files\Steam
2012-06-23 23:23 - 2012-01-24 20:09 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1365191924-137578127-4193770280-1003Core.job
2012-06-23 03:33 - 2012-06-23 02:38 - 00000000 ____D C:\Users\Darshil\Downloads\Byah
2012-06-23 03:10 - 2012-06-23 03:10 - 00000000 ____D C:\Program Files\Free Video Joiner
2012-06-23 03:01 - 2012-06-23 02:53 - 00000000 ____D C:\Users\Darshil\Downloads\In.the.Line.of.Fire.1993.DVDRip.XviD.AC3[5.1].AR
2012-06-23 02:35 - 2012-01-03 19:43 - 00000000 ____D C:\Program Files\JDownloader
2012-06-23 02:07 - 2012-03-18 20:52 - 00000000 ____D C:\Program Files\Smuxi
2012-06-22 02:17 - 2012-06-22 02:17 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-21 04:17 - 2012-06-21 04:10 - 00000000 ____D C:\Users\Darshil\AppData\Local\Green Man Gaming
2012-06-21 04:10 - 2012-06-21 04:09 - 00000000 ____D C:\Program Files\Capsule
2012-06-20 16:38 - 2012-06-20 15:42 - 00000000 ____D C:\Users\Darshil\Downloads\My Neighbour Totoro (Troma)
2012-06-19 03:52 - 2012-06-19 03:51 - 00000000 ____D C:\Users\Darshil\AppData\Local\www.dvbportal.de
2012-06-19 03:18 - 2012-03-06 02:37 - 00000213 ____A C:\Users\Darshil\.swfinfo
2012-06-18 23:56 - 2012-01-03 22:07 - 00000000 ____D C:\Users\Darshil\AppData\Local\Paint.NET
2012-06-18 01:59 - 2012-01-11 01:31 - 00000000 ____D C:\Users\Darshil\Downloads\Buuf
2012-06-17 23:29 - 2012-01-09 22:59 - 00000000 ____D C:\Program Files\Pale Moon
2012-06-17 20:58 - 2012-01-19 18:07 - 00000735 ____A C:\Users\Darshil\AppData\Roaming\burnaware.ini
2012-06-17 18:31 - 2012-06-17 18:31 - 252289818 ____A C:\Windows\MEMORY.DMP
2012-06-17 18:31 - 2012-06-17 18:31 - 00470360 ____A C:\Windows\Minidump\061812-13884-01.dmp
2012-06-17 18:31 - 2012-01-27 17:56 - 00000000 ____D C:\Windows\Minidump
2012-06-17 16:28 - 2012-06-17 16:28 - 00000000 ____D C:\Program Files\SRWare Iron
2012-06-17 16:27 - 2012-01-03 22:42 - 00000000 ____D C:\Program Files\CCleaner
2012-06-17 16:26 - 2012-06-17 16:21 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\Opera
2012-06-17 16:26 - 2012-06-17 16:21 - 00000000 ____D C:\Users\Darshil\AppData\Local\Opera
2012-06-17 16:26 - 2012-06-17 16:21 - 00000000 ____D C:\Program Files\Opera
2012-06-16 18:14 - 2012-01-02 13:09 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-06-16 17:06 - 2012-06-03 17:46 - 00000000 ____D C:\Users\Darshil\dwhelper
2012-06-15 16:56 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2012-06-15 16:03 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2012-06-14 13:54 - 2012-06-14 13:54 - 00000000 ____D C:\Users\Darshil\AppData\Local\Macromedia
2012-06-14 13:53 - 2012-04-03 23:26 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-14 13:53 - 2012-01-03 01:43 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-13 07:05 - 2012-06-17 16:20 - 12351992 ____A (Opera Software ASA) C:\Users\Darshil\Downloads\Opera_1200_int_Setup.exe
2012-06-13 01:06 - 2009-07-13 20:33 - 00308080 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-12 23:00 - 2012-06-12 23:00 - 00675661 ____A C:\Users\Darshil\Downloads\Minimal Steam UI V3.8.exe
2012-06-12 15:33 - 2012-06-12 15:33 - 00000000 ____D C:\Program Files\PuTTY
2012-06-11 20:16 - 2012-04-11 18:01 - 00000000 ____D C:\Users\Darshil\Downloads\Billy
2012-06-09 19:59 - 2009-07-13 20:53 - 00032546 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-09 15:57 - 2012-06-09 15:57 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\FFSJ
2012-06-08 02:49 - 2012-06-08 02:46 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\Babbel
2012-06-08 01:31 - 2012-01-03 01:37 - 00069136 ____A C:\Users\Darshil\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-07 17:28 - 2012-06-04 18:31 - 00000000 ____D C:\Program Files\Diablo
2012-06-07 17:28 - 2012-01-03 22:52 - 00000000 ____D C:\Users\Darshil\Games
2012-06-07 17:12 - 2012-06-04 18:32 - 00007403 ____A C:\Windows\DiabUnin.dat
2012-06-07 17:05 - 2012-06-07 17:05 - 00000000 ____D C:\Windows\ShellNew
2012-06-07 17:05 - 2012-04-29 03:32 - 00000000 ____D C:\Program Files\LibreOffice 3.5
2012-06-06 21:18 - 2012-06-06 21:18 - 00000000 ____D C:\Users\Darshil\Downloads\Batman The Dark Knight [2008]-720p-BRrip-x264-KurdishAngel
2012-06-04 18:32 - 2012-06-04 18:32 - 00118784 ____A (Blizzard Entertainment) C:\Windows\DiabUnin.exe
2012-06-04 18:32 - 2012-06-04 18:32 - 00002829 ____A C:\Windows\DiabUnin.pif
2012-06-03 21:56 - 2012-06-03 21:56 - 00000000 ____D C:\Program Files\CPUID
2012-06-03 17:46 - 2012-01-02 13:06 - 00000000 ___AD C:\users\Darshil
2012-06-03 17:21 - 2012-06-03 17:12 - 00000000 ____D C:\Users\Darshil\Downloads\Blade.Runner (1997)
2012-06-02 16:22 - 2012-06-02 16:11 - 00000000 ____D C:\Users\Darshil\Downloads\Batman.Begins[2005]DVDrip.h264.[Eng]-phrax
2012-06-02 14:19 - 2012-06-21 13:55 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 13:55 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 13:55 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 13:54 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 13:54 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-21 13:55 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 13:54 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-01 21:19 - 2012-06-21 13:54 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-01 21:12 - 2012-06-21 13:54 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-27 01:39 - 2012-05-27 01:31 - 00000000 ____D C:\Users\Darshil\Downloads\The Big Lebowski (1998)
2012-05-26 20:38 - 2012-05-26 20:33 - 00000000 ____D C:\Users\Darshil\Documents\AssaultCube_v1.1
2012-05-26 20:37 - 2012-05-26 20:20 - 00000000 ____D C:\Program Files\AssaultCube_v1.1.0.4
2012-05-26 20:21 - 2012-01-03 01:29 - 00444952 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-05-26 20:21 - 2012-01-03 01:29 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-05-26 18:21 - 2012-05-26 16:53 - 00000000 ____D C:\Program Files\Uplink
2012-05-26 16:52 - 2012-05-26 16:52 - 21255122 ____A (Introversion Software) C:\Users\Darshil\Downloads\UplinkSetup-1.6rc3.exe
2012-05-26 06:23 - 2012-06-17 16:25 - 23171499 ____A (SRWare ) C:\Users\Darshil\Downloads\srware_iron.exe
2012-05-26 03:37 - 2012-05-07 22:07 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\NationRed
2012-05-24 06:53 - 2012-06-17 16:26 - 03862112 ____A (Piriform Ltd) C:\Users\Darshil\Downloads\ccsetup319.exe
2012-05-23 06:13 - 2012-06-07 15:44 - 211689472 ____A C:\Users\Darshil\Downloads\LibO_3.5.4_Win_x86_install_multi.msi
2012-05-23 02:14 - 2012-05-23 15:10 - 176238278 ____A (Jonas Kyratzes ) C:\Users\Darshil\Downloads\TSWCE_upd.exe
2012-05-21 09:18 - 2012-06-23 03:09 - 06324201 ____A (FreeVideoJoiner.com ) C:\Users\Darshil\Downloads\freevideojoinersetup.exe
2012-05-21 00:34 - 2012-04-08 15:49 - 00000000 ____D C:\Program Files\Bitfighter
2012-05-19 22:22 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-05-19 22:13 - 2012-05-07 23:48 - 00000000 ____D C:\Users\All Users\AMD
2012-05-19 22:01 - 2012-02-07 16:12 - 00000000 ____D C:\Users\Darshil\Documents\My Games
2012-05-19 15:40 - 2012-05-19 15:39 - 00000000 ____D C:\Users\Darshil\AppData\Local\Runic Games
2012-05-19 15:37 - 2012-05-19 15:37 - 00000000 ____D C:\Users\Public\Games
2012-05-19 15:37 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public
2012-05-18 21:37 - 2012-05-18 21:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_androidusb_01005.Wdf
2012-05-18 21:35 - 2012-05-18 21:35 - 00020994 ____A C:\Windows\DPINST.LOG
2012-05-18 21:35 - 2012-05-18 21:35 - 00000000 ____D C:\Program Files\DIFX
2012-05-18 21:35 - 2012-05-18 21:35 - 00000000 ____D C:\Program Files\Acer Inc
2012-05-18 15:17 - 2012-01-11 02:20 - 00000000 ____D C:\Program Files\BurnAware Free
2012-05-18 03:04 - 2012-01-03 01:14 - 00000000 ____D C:\Program Files\ATI Technologies
2012-05-18 03:00 - 2012-05-07 23:39 - 115013576 ____A (Advanced Micro Devices, Inc.) C:\Users\Darshil\Downloads\12-4_mobility_vista_win7_32_dd_ccc.exe
2012-05-16 14:46 - 2012-05-16 14:46 - 00000053 ____A C:\Windows\Eraser.INI
2012-05-14 17:05 - 2012-06-12 13:43 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-13 21:42 - 2012-04-22 23:06 - 00000607 ____A C:\Windows\uninstallstickies.bat
2012-05-12 21:17 - 2012-05-12 21:17 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-05-12 14:49 - 2012-05-12 14:49 - 00000000 ____D C:\Program Files\Grinding Gear Games
2012-05-12 02:13 - 2012-01-03 22:44 - 00000000 ____D C:\Program Files\uTorrent
2012-05-11 14:32 - 2012-05-12 14:48 - 07077888 ____A C:\Users\Darshil\Downloads\PathOfExileInstaller.msi
2012-05-11 10:34 - 2012-05-19 15:36 - 22270064 ____A C:\Users\Darshil\Downloads\tl2.beta.setup.exe
2012-05-09 21:48 - 2012-04-30 01:25 - 00001940 ____A C:\Windows\PFRO.log
2012-05-09 20:39 - 2012-05-09 20:37 - 00000000 ____D C:\Program Files\Red Eclipse
2012-05-09 18:54 - 2012-05-09 18:54 - 00000000 ____D C:\Program Files\Subvein
2012-05-09 18:52 - 2012-05-09 18:52 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\Soldat
2012-05-09 18:52 - 2012-05-09 18:52 - 00000000 ____D C:\Program Files\Soldat
2012-05-09 18:49 - 2012-05-09 18:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-05-09 14:37 - 2012-01-03 19:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-09 03:33 - 2012-05-09 03:31 - 00000000 ____D C:\Users\Darshil\Downloads\Pink Floyd - The Dark Side of the Moon
2012-05-08 23:36 - 2012-01-13 20:13 - 00000000 ____D C:\Program Files\Desura
2012-05-08 03:04 - 2012-05-08 03:04 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\LolClient
2012-05-07 23:21 - 2012-05-07 23:21 - 00000000 ____D C:\Riot Games
2012-05-07 23:21 - 2012-01-03 03:12 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2012-05-07 23:20 - 2012-05-07 22:41 - 00000000 ____D C:\Users\Darshil\Downloads\League Of Legends
2012-05-07 22:40 - 2012-01-21 18:52 - 00000000 ____D C:\Program Files\Pando Networks
2012-05-07 22:07 - 2012-05-07 22:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-05-07 22:07 - 2012-05-07 22:07 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-05-07 10:22 - 2012-05-12 01:37 - 04419192 ____A (Krzysztof Kowalczyk) C:\Users\Darshil\Downloads\SumatraPDF-2.1.1-install.exe
2012-05-07 09:09 - 2012-05-13 21:41 - 01073152 ____A (Zhorn Software) C:\Users\Darshil\Downloads\stickies_setup_7.1d.exe
2012-05-05 03:09 - 2012-01-03 01:42 - 00000000 ____D C:\Windows\System32\directx
2012-05-05 03:08 - 2012-01-03 01:42 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-05-04 01:59 - 2012-06-12 13:43 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 01:23 - 2012-02-24 22:58 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\Scoregasm
2012-05-01 22:44 - 2012-05-01 22:44 - 00027632 ____A C:\Windows\DirectX.log
2012-05-01 22:44 - 2012-05-01 22:44 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2012-05-01 22:44 - 2012-05-01 22:44 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2012-04-30 23:49 - 2012-04-30 23:49 - 00000000 ____D C:\Windows\solcache
2012-04-30 23:49 - 2012-04-30 23:45 - 00000393 ____A C:\Windows\SIERRA.INI
2012-04-30 23:49 - 2012-04-30 23:45 - 00000000 ____D C:\SIERRA
2012-04-30 23:49 - 2012-04-30 23:45 - 00000000 ____D C:\Program Files\Sierra On-Line
2012-04-30 20:44 - 2012-06-12 13:42 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 01:25 - 2012-04-30 01:25 - 00000000 ____A C:\Windows\setuperr.log
2012-04-30 01:25 - 2012-01-21 18:33 - 00000000 ____D C:\Program Files\Common Files\Blizzard Entertainment
2012-04-30 00:10 - 2012-04-30 00:10 - 00009599 ____A C:\Users\Darshil\Documents\Income Statement.ods
2012-04-29 22:46 - 2012-01-07 15:12 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\Notepad++
2012-04-29 22:24 - 2012-04-29 22:24 - 00339918 ____A C:\Users\Darshil\Documents\cc_20120430_162400.reg
2012-04-29 22:21 - 2012-04-08 16:44 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\RIFT
2012-04-29 22:20 - 2012-04-29 22:20 - 00000062 ____A C:\Windows\wininit.ini
2012-04-29 22:20 - 2012-02-11 21:44 - 00000000 ____D C:\Program Files\OpenRA
2012-04-29 22:17 - 2012-03-28 15:19 - 00000000 ____D C:\Program Files\FeedReader30
2012-04-29 22:16 - 2012-04-08 21:19 - 00000000 ____D C:\Users\Darshil\Documents\Battlefield Heroes
2012-04-29 14:31 - 2012-04-29 14:31 - 00000000 ____D C:\Users\Darshil\Documents\My Media
2012-04-29 14:31 - 2012-04-29 14:31 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\OverDrive
2012-04-29 03:31 - 2012-01-03 19:24 - 00000000 ____D C:\Program Files\LibreOffice 3.4
2012-04-28 04:46 - 2012-04-28 04:46 - 00000801 ____A C:\Users\Darshil\.recently-used.xbel
2012-04-28 04:46 - 2012-04-28 04:46 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\gtk-2.0
2012-04-28 04:46 - 2012-04-28 04:39 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\gedit
2012-04-28 04:45 - 2012-04-28 04:39 - 00000000 ____D C:\Users\Darshil\.gconfd
2012-04-28 04:45 - 2012-04-28 04:39 - 00000000 ____D C:\Users\Darshil\.gconf
2012-04-28 04:40 - 2012-04-28 04:40 - 00000000 ____D C:\Users\Darshil\AppData\Local\Studio_pomaranca_d.o.o__O
2012-04-28 01:26 - 2012-04-28 01:24 - 00000000 ____D C:\Users\Darshil\.jedit
2012-04-28 01:16 - 2012-04-28 01:14 - 00000000 ____D C:\Users\Darshil\Documents\ZenWriter
2012-04-28 01:14 - 2012-04-28 01:14 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\Beenokle
2012-04-27 19:17 - 2012-06-12 13:43 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 20:45 - 2012-06-12 13:42 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:45 - 2012-06-12 13:42 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:41 - 2012-06-12 13:42 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 12:51 - 2012-04-28 04:03 - 03981480 ____A (PortableApps.com) C:\Users\Darshil\Downloads\NotepadPlusPlusPortable_6.1.1.paf.exe
2012-04-24 17:19 - 2012-04-24 17:19 - 00000000 ____D C:\Counter-Strike 2D
2012-04-24 16:07 - 2012-04-24 16:07 - 00000000 ____D C:\Program Files\gta2gh
2012-04-24 16:02 - 2012-04-24 16:02 - 00000000 ____D C:\Program Files\Rockstar Games
2012-04-24 16:02 - 2012-04-24 16:02 - 00000000 ____D C:\Program Files\directx
2012-04-24 07:39 - 2012-04-01 02:15 - 00975792 ____A (AMD Inc.) C:\Users\Darshil\Downloads\catalyst_mobility_32-bit_util.exe
2012-04-23 20:36 - 2012-06-12 13:41 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 20:36 - 2012-06-12 13:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 20:36 - 2012-06-12 13:41 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-22 23:06 - 2012-04-22 23:06 - 00000000 ____D C:\Program Files\Stickies
2012-04-22 23:02 - 2012-04-15 22:56 - 00000000 ____D C:\Program Files\KNote
2012-04-22 23:00 - 2012-04-22 23:00 - 00000000 ____D C:\Users\Darshil\AppData\Local\Eraser 6
2012-04-22 22:55 - 2012-04-22 22:54 - 00000000 ____D C:\Program Files\Eraser
2012-04-22 22:54 - 2012-04-04 00:01 - 00000000 ____D C:\Users\Darshil\GameMaker 8.1
2012-04-22 22:22 - 2012-04-22 22:22 - 00000000 ____D C:\Users\Darshil\Documents\Diablo III
2012-04-22 18:17 - 2012-06-03 21:55 - 04387080 ____A ( ) C:\Users\Darshil\Downloads\cpu-z_1.60.1-setup-en.exe
2012-04-21 23:08 - 2012-04-21 23:08 - 00000000 ____D C:\Users\All Users\Battle.net
2012-04-17 23:04 - 2012-04-17 23:04 - 00065835 ____A C:\Users\Darshil\Downloads\220px-Bob's_Burgers_promo.png
2012-04-17 16:35 - 2012-04-05 22:19 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\dvdcss
2012-04-17 16:06 - 2012-03-12 02:58 - 00000000 ____D C:\Program Files\DoomRL
2012-04-17 03:17 - 2012-04-17 03:17 - 00000000 ____D C:\Users\All Users\dvdfab
2012-04-17 03:17 - 2012-01-11 02:20 - 00000000 ____D C:\Program Files\DVDFab 8 Qt
2012-04-17 00:13 - 2012-04-17 00:13 - 00000218 ____A C:\Users\Darshil\AppData\Local\recently-used.xbel
2012-04-16 20:34 - 2012-06-12 13:43 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-16 14:22 - 2012-04-16 14:22 - 07963447 ____A ( ) C:\Users\Darshil\Downloads\WikidPad-2.1.exe
2012-04-16 01:43 - 2012-04-16 01:42 - 22121195 ____A C:\Users\Darshil\Downloads\Zim-setup-0.56_2012-04-03.exe
2012-04-15 22:55 - 2012-04-15 22:54 - 16658944 ____A C:\Users\Darshil\Downloads\KNoteSetup0.96.msi
2012-04-14 15:03 - 2012-04-02 22:17 - 00001947 ____A C:\Users\Darshil\Desktop\Games.lnk
2012-04-13 21:15 - 2012-04-17 03:15 - 20750016 ____A (Fengtao Software Inc. ) C:\Users\Darshil\Downloads\DVDFab8176Qt.exe
2012-04-13 02:46 - 2012-04-13 02:46 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\IrfanView
2012-04-13 02:46 - 2012-04-13 02:46 - 00000000 ____D C:\Program Files\IrfanView
2012-04-11 17:41 - 2012-04-11 17:41 - 80987106 ____A C:\Users\Darshil\Downloads\vvvvvvvmp3.zip
2012-04-10 20:44 - 2012-04-28 01:39 - 143000048 ____A (PortableApps.com) C:\Users\Darshil\Downloads\LibreOfficePortable_3.5.2_MultilingualNormal.paf.exe
2012-04-10 12:18 - 2012-06-03 17:47 - 60193804 ____A C:\Users\Darshil\Downloads\4108819_R4JSW.mp4.mp4
2012-04-09 14:58 - 2012-04-28 00:43 - 60565065 ____A (Beenokle ) C:\Users\Darshil\Downloads\zenwriter_setup.exe
2012-04-09 04:46 - 2012-05-09 18:53 - 23478129 ____A (Ben Johnson ) C:\Users\Darshil\Downloads\SubveinSetup.exe
2012-04-08 21:25 - 2012-04-08 21:25 - 00270240 ____A C:\Windows\System32\PnkBstrB.xtr
2012-04-08 21:25 - 2012-04-08 21:18 - 00270240 ____A C:\Windows\System32\PnkBstrB.exe
2012-04-08 21:25 - 2012-04-08 21:18 - 00139080 ____A C:\Windows\System32\Drivers\PnkBstrK.sys
2012-04-08 21:24 - 2012-04-08 21:24 - 00000000 ____D C:\Users\Darshil\AppData\Local\PunkBuster
2012-04-08 21:18 - 2012-04-08 21:18 - 00189248 ____A C:\Windows\System32\PnkBstrB.ex0
2012-04-08 21:18 - 2012-04-08 21:18 - 00138056 ____A C:\Users\Darshil\AppData\Roaming\PnkBstrK.sys
2012-04-08 21:18 - 2012-04-08 21:18 - 00075136 ____A C:\Windows\System32\PnkBstrA.exe
2012-04-08 21:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
2012-04-08 21:09 - 2012-04-08 21:09 - 00000000 ____D C:\Program Files\EA Games
2012-04-08 19:36 - 2012-01-04 17:06 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\WinRAR
2012-04-08 19:35 - 2012-04-08 19:35 - 00000000 ____D C:\Program Files\WinRAR
2012-04-08 15:49 - 2012-04-08 15:49 - 00000000 ____D C:\Users\Darshil\Documents\Bitfighter
2012-04-07 03:26 - 2012-06-12 13:43 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-04 14:52 - 2012-04-04 14:52 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-04-04 14:52 - 2012-04-04 14:52 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-04-04 14:52 - 2012-04-04 14:52 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-04-04 14:52 - 2012-04-04 14:52 - 00000000 ____D C:\Program Files\Java
2012-04-04 14:52 - 2012-04-04 14:52 - 00000000 ____D C:\Program Files\Common Files\Java
2012-04-04 14:52 - 2012-01-03 03:13 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-04-04 00:02 - 2012-04-04 00:02 - 00000000 ____D C:\Users\Darshil\AppData\Local\YoYo_Games_Ltd
2012-04-04 00:01 - 2012-04-04 00:01 - 00000000 ____D C:\Users\Darshil\AppData\Local\GameMaker8.1
2012-04-03 22:43 - 2012-04-03 21:21 - 00000091 ____A C:\Users\Darshil\StencylWorks.prefs
2012-04-03 22:12 - 2012-04-03 21:20 - 00000000 ____D C:\Program Files\StencylWorks
2012-04-03 21:27 - 2012-04-03 21:21 - 00000000 ____D C:\Users\Darshil\stencylworks
2012-04-03 15:45 - 2012-04-16 21:14 - 13118057 ____A (PortableApps.com) C:\Users\Darshil\Downloads\ZimDesktopWikiPortable_0.56.paf.exe
2012-04-02 22:35 - 2012-04-02 22:35 - 00000000 ____D C:\Users\Darshil\AppData\Local\Frameworkx.com
2012-04-02 22:34 - 2012-04-02 22:34 - 00000000 ____D C:\Program Files\Frameworkx
2012-04-02 22:33 - 2012-04-02 22:33 - 01733632 ____A C:\Users\Darshil\Downloads\FxVisor32.msi
2012-04-02 22:23 - 2012-04-02 22:23 - 00000000 ____D C:\Program Files\Vista Game Explorer Editor
2012-04-02 22:02 - 2012-03-18 20:52 - 00000000 ____D C:\Users\Darshil\AppData\Local\smuxi
2012-04-01 22:25 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2012-04-01 02:20 - 2012-04-01 02:16 - 121756776 ____A (Advanced Micro Devices, Inc.) C:\Users\Darshil\Downloads\12-2_mobility_vista_win7_32_dd_ccc.exe
2012-04-01 02:09 - 2012-03-31 03:05 - 00000000 ____D C:\Program Files\TeamViewer
2012-03-31 06:50 - 2012-04-08 15:49 - 02654418 ____A C:\Users\Darshil\Downloads\Bitfighter-Installer-017a.exe
2012-03-31 03:04 - 2012-03-31 03:02 - 03526040 ____A (TeamViewer GmbH) C:\Users\Darshil\Downloads\TeamViewer_Setup_en.exe
2012-03-31 02:05 - 2012-04-24 16:07 - 01146254 ____A C:\Users\Darshil\Downloads\gta2gh1537k.exe
2012-03-30 20:39 - 2012-05-08 20:58 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-08 20:58 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 02:23 - 2012-05-08 20:57 - 01291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-30 01:44 - 2012-01-03 02:34 - 00000000 ____D C:\Program Files\7-Zip
2012-03-29 10:34 - 2012-04-05 21:48 - 06118990 ____A (LIGHTNING UK!) C:\Users\Darshil\Downloads\SetupImgBurn_2.5.7.0.exe
2012-03-29 10:11 - 2012-05-19 22:07 - 123409812 ____A (Advanced Micro Devices, Inc.) C:\Users\Darshil\Downloads\12-3_mobility_vista_win7_32_dd_ccc.exe
2012-03-28 18:35 - 2012-01-16 02:52 - 00916480 ____A C:\Windows\expstart.exe
2012-03-28 18:35 - 2012-01-16 02:51 - 00000000 ____D C:\Windows\W7SOC
2012-03-28 15:37 - 2012-03-28 15:37 - 00000000 ____D C:\Users\Darshil\Documents\VVVVVV
2012-03-28 15:21 - 2012-03-28 15:19 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\Feedreader
2012-03-28 15:02 - 2012-03-28 14:30 - 00000000 ____D C:\Users\Darshil\.rssowl2
2012-03-28 11:13 - 2012-04-13 02:45 - 01539072 ____A (Irfan Skiljan) C:\Users\Darshil\Downloads\iview433_setup.exe
2012-03-28 00:09 - 2012-01-03 23:03 - 00000000 ____D C:\Users\Darshil\AppData\Roaming\X-Chat 2

ZeroAccess:
C:\Windows\Installer\{ee6686e5-3f29-1f24-b6fe-ad8590ec4f8e}
C:\Windows\Installer\{ee6686e5-3f29-1f24-b6fe-ad8590ec4f8e}\@
C:\Windows\Installer\{ee6686e5-3f29-1f24-b6fe-ad8590ec4f8e}\L
C:\Windows\Installer\{ee6686e5-3f29-1f24-b6fe-ad8590ec4f8e}\n
C:\Windows\Installer\{ee6686e5-3f29-1f24-b6fe-ad8590ec4f8e}\U

ZeroAccess:
C:\Users\Darshil\AppData\Local\{ee6686e5-3f29-1f24-b6fe-ad8590ec4f8e}
C:\Users\Darshil\AppData\Local\{ee6686e5-3f29-1f24-b6fe-ad8590ec4f8e}\@
C:\Users\Darshil\AppData\Local\{ee6686e5-3f29-1f24-b6fe-ad8590ec4f8e}\L
C:\Users\Darshil\AppData\Local\{ee6686e5-3f29-1f24-b6fe-ad8590ec4f8e}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe
[2012-01-16 02:51] - [2011-02-24 21:30] - 2616320 ____A (Microsoft Corporation) 697651F303443F98F7EC76D4DCAE6789

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 25%
Total physical RAM: 2047.11 MB
Available physical RAM: 1522.02 MB
Total Pagefile: 2047.11 MB
Available Pagefile: 1606.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.62 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:232.79 GB) (Free:108.56 GB) NTFS
3 Drive f: () (Removable) (Total:1.92 GB) (Free:1.92 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 1968 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 232 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 232 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1968 MB 0 B

======================================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-06-18 23:07

======================= End Of Log ==========================

Search.txt
Farbar Recovery Scan Tool Version: 20-06-2012 01
Ran by SYSTEM at 2012-06-25 13:55:27
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===



edit: currently running kaspersky rescue disk virus scan to see if I can get rid of it.

Thank you all very much. Appreciate it.

Attached Files


Edited by darshil, 24 June 2012 - 11:28 PM.


BC AdBot (Login to Remove)

 


#2 darshil

darshil
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 24 June 2012 - 11:18 PM

The Kaspersky scan did nothing. Still in the same boat. I really need your help.

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 24 June 2012 - 11:32 PM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.



Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{ee6686e5-3f29-1f24-b6fe-ad8590ec4f8e}
C:\Users\Darshil\AppData\Local\{ee6686e5-3f29-1f24-b6fe-ad8590ec4f8e}
 


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 darshil

darshil
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 25 June 2012 - 12:16 AM

Hello Gringo,

I really appreciate you replying to this topic.

Sorry about getting ahead of myself ;-) I just want this darned virus gone :-)

Here is Fixlog.txt:
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 2012-06-25 15:13:34 Run:1
Running from F:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{ee6686e5-3f29-1f24-b6fe-ad8590ec4f8e} moved successfully.
C:\Users\Darshil\AppData\Local\{ee6686e5-3f29-1f24-b6fe-ad8590ec4f8e} moved successfully.

==== End of Fixlog ====

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 25 June 2012 - 12:19 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 darshil

darshil
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 25 June 2012 - 12:49 AM

Hello,

Here is the Combofix Log:

Combofix log:
ComboFix 12-06-24.03 - Darshil 25/06/2012 15:27:17.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.2047.1299 [GMT 10:00]
Running from: c:\users\Darshil\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Darshil\_2.exe
c:\users\Darshil\AppData\Local\TempDIR
c:\users\Darshil\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\Darshil\AppData\Roaming\FFSJ
c:\users\Darshil\AppData\Roaming\FFSJ\FFSJ.cfg
c:\users\Darshil\AppData\Roaming\RIFT
c:\users\Darshil\AppData\Roaming\RIFT\rift.cfg
c:\users\Darshil\Downloads\pmMIg.exe
c:\windows\explorers.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\tmp3B3B.tmp
c:\windows\system32\tmp3B4C.tmp
c:\windows\system32\tmpA969.tmp
E:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))))
.
.
2012-06-25 18:17 . 2012-06-25 22:20 -------- d-----w- C:\FRST
2012-06-25 14:54 . 2012-06-25 14:54 -------- d-----w- C:\.Trash-ubuntu
2012-06-25 10:29 . 2012-06-25 13:42 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-25 05:38 . 2012-06-25 05:38 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{412A08E3-FFFC-4BC3-A2D7-0D4E7B8F3025}\offreg.dll
2012-06-25 05:36 . 2012-06-25 05:42 -------- d-----w- c:\users\Darshil\AppData\Local\temp
2012-06-25 03:51 . 2012-06-25 05:38 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F1C9A22-154C-4762-B9CD-330D54D02054}\offreg.dll
2012-06-24 23:33 . 2012-06-24 23:33 -------- d-----w- c:\windows\Mozilla
2012-06-24 23:23 . 2012-06-24 23:23 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E058BAE-BADC-43B9-A0EA-7CECC6E6874A}\gapaengine.dll
2012-06-24 23:23 . 2012-05-30 10:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F1C9A22-154C-4762-B9CD-330D54D02054}\mpengine.dll
2012-06-24 23:21 . 2012-06-24 23:21 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-23 11:10 . 2012-06-23 11:10 -------- d-----w- c:\program files\Free Video Joiner
2012-06-22 10:17 . 2012-06-22 10:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-21 21:55 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 21:55 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 21:55 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 21:55 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 21:54 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 21:54 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 21:54 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 21:54 . 2012-06-02 05:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 21:54 . 2012-06-02 05:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 12:10 . 2012-06-21 12:17 -------- d-----w- c:\users\Darshil\AppData\Local\Green Man Gaming
2012-06-21 12:09 . 2012-06-21 12:10 -------- d-----w- c:\program files\Capsule
2012-06-19 11:51 . 2012-06-19 11:52 -------- d-----w- c:\users\Darshil\AppData\Local\www.dvbportal.de
2012-06-18 00:28 . 2012-06-18 00:28 -------- d-----w- c:\program files\SRWare Iron
2012-06-18 00:21 . 2012-06-18 00:26 -------- d-----w- c:\users\Darshil\AppData\Local\Opera
2012-06-18 00:21 . 2012-06-18 00:26 -------- d-----w- c:\program files\Opera
2012-06-14 21:54 . 2012-06-14 21:54 -------- d-----w- c:\users\Darshil\AppData\Local\Macromedia
2012-06-12 23:33 . 2012-06-12 23:33 -------- d-----w- c:\program files\PuTTY
2012-06-12 21:43 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-12 21:43 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-06-12 21:43 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 21:43 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 21:42 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-12 21:42 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 21:42 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-12 21:42 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 21:41 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 21:41 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 21:41 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-08 10:46 . 2012-06-08 10:49 -------- d-----w- c:\users\Darshil\AppData\Roaming\Babbel
2012-06-08 01:21 . 2010-09-28 12:06 608448 ----a-w- c:\windows\system32\COMCTL32.ocx
2012-06-08 01:05 . 2012-06-08 01:05 -------- d-----w- c:\windows\ShellNew
2012-06-05 02:32 . 2012-06-05 02:32 2829 ----a-w- c:\windows\DiabUnin.pif
2012-06-05 02:32 . 2012-06-05 02:32 118784 ----a-w- c:\windows\DiabUnin.exe
2012-06-05 02:31 . 2012-06-08 01:28 -------- d-----w- c:\program files\Diablo
2012-06-04 05:56 . 2012-03-09 00:57 24328 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-06-04 05:56 . 2012-06-04 05:56 -------- d-----w- c:\program files\CPUID
2012-06-04 01:46 . 2012-06-17 01:06 -------- d-----w- c:\users\Darshil\dwhelper
2012-05-27 04:20 . 2012-05-27 04:37 -------- d-----w- c:\program files\AssaultCube_v1.1.0.4
2012-05-27 00:53 . 2012-05-27 02:21 -------- d-----w- c:\program files\Uplink
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 21:53 . 2012-04-04 07:26 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 21:53 . 2012-01-03 09:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-27 04:21 . 2012-01-03 09:29 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-27 04:21 . 2012-01-03 09:29 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-14 05:42 . 2012-04-23 07:06 607 ----a-w- c:\windows\uninstallstickies.bat
2012-04-09 05:25 . 2012-04-09 05:18 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-04-09 05:25 . 2012-04-09 05:25 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-04-09 05:25 . 2012-04-09 05:18 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-04-09 05:18 . 2012-04-09 05:18 138056 ----a-w- c:\users\Darshil\AppData\Roaming\PnkBstrK.sys
2012-04-09 05:18 . 2012-04-09 05:18 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-04-09 05:18 . 2012-04-09 05:18 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-04-04 22:52 . 2012-01-03 11:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-31 04:39 . 2012-05-09 04:58 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 04:58 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-09 04:57 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 02:35 . 2012-01-16 10:52 916480 ----a-w- c:\windows\expstart.exe
2011-12-21 07:42 . 2012-01-02 21:09 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.20910] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[7] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16768] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7601.21669] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[-] 2011-02-25 . 697651F303443F98F7EC76D4DCAE6789 . 2616320 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[-] 2011-02-25 . 697651F303443F98F7EC76D4DCAE6789 . 2616320 . . [6.1.7601.17567] . . c:\windows\W7SOC\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7601.17567] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.20563] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16450] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.20500] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16404] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-18 105016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-17 1549608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\Darshil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stickies.lnk - c:\program files\Stickies\stickies.exe [2012-4-23 1134592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Darshil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CBC.exe]
path=c:\users\Darshil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CBC.exe
backup=c:\windows\pss\CBC.exe.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
start AMD Accelerated Video Transcoding device initialization [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
2010-02-09 05:43 2621440 ------r- c:\program files\Browny02\Brother\BrStMonW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-23 23:26 114688 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2011-11-05 02:17 980368 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 04:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2009-09-30 07:57 718688 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe
.
R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\Airytec\Switch Off\swoff.exe [2011-05-28 135168]
R2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\Airytec\Switch Off\swoff.exe [2011-05-28 135168]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2009-08-21 25728]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-24 245760]
R3 Desura Install Service;Desura Install Service;c:\program files\Common Files\Desura\desura_service.exe [2012-01-14 131912]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 qcusbser;ACER Android USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2009-08-13 105984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-03 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 163328]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-03-09 24328]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-09 9183232]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-09 265216]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-12-05 86032]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.forumswatcher.com/search.htm
uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Darshil\AppData\Roaming\Mozilla\Firefox\Profiles\p68ey796.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.google.com.au
.
.
------- File Associations -------
.
.txt=Notepad++_file
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1365191924-137578127-4193770280-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*P*D*T*V*đ -?\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-06-25 15:46:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-25 05:46
.
Pre-Run: 118,929,362,944 bytes free
Post-Run: 119,060,955,136 bytes free
.
- - End Of File - - 05E17C5BB9D9075906611BE0D92AE8B2

No problems. I started Firefox just now and it seems it wasn't the default browser any more(though, I suspect that's from Combofix). The computer is not restarting and everything seems normal. Do you think the virus went away well or do you recommend that I format my computer?

Thank you Gringo.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 25 June 2012 - 12:55 AM

Greetings

The virus has been removed and all we are doing now is sweeping up and soon we will be locking the doors - but for the most part things are looking good at this point :thumbup2:

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 darshil

darshil
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 25 June 2012 - 02:24 AM

Hello,

Thanks for all your ongoing support. Appreciate it. Both scan results below:


TDDSKiller log:
17:22:14.0101 2332 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
17:22:16.0143 2332 ============================================================
17:22:16.0143 2332 Current date / time: 2012/06/25 17:22:16.0143
17:22:16.0143 2332 SystemInfo:
17:22:16.0143 2332
17:22:16.0143 2332 OS Version: 6.1.7601 ServicePack: 1.0
17:22:16.0143 2332 Product type: Workstation
17:22:16.0143 2332 ComputerName: DOUBLETHINK
17:22:16.0143 2332 UserName: Darshil
17:22:16.0143 2332 Windows directory: C:\Windows
17:22:16.0143 2332 System windows directory: C:\Windows
17:22:16.0143 2332 Processor architecture: Intel x86
17:22:16.0143 2332 Number of processors: 2
17:22:16.0143 2332 Page size: 0x1000
17:22:16.0143 2332 Boot type: Normal boot
17:22:16.0143 2332 ============================================================
17:22:18.0421 2332 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:22:18.0461 2332 Drive \Device\Harddisk1\DR1 - Size: 0x7B000000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:22:18.0461 2332 ============================================================
17:22:18.0461 2332 \Device\Harddisk0\DR0:
17:22:18.0461 2332 MBR partitions:
17:22:18.0461 2332 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:22:18.0461 2332 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
17:22:18.0461 2332 \Device\Harddisk1\DR1:
17:22:18.0461 2332 MBR partitions:
17:22:18.0461 2332 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x8B, StartLBA 0x6F6F42C3, BlocksNum 0x72652074
17:22:18.0461 2332 ============================================================
17:22:18.0511 2332 C: <-> \Device\Harddisk0\DR0\Partition1
17:22:18.0671 2332 ============================================================
17:22:18.0671 2332 Initialize success
17:22:18.0671 2332 ============================================================
17:22:21.0481 3848 ============================================================
17:22:21.0481 3848 Scan started
17:22:21.0481 3848 Mode: Manual;
17:22:21.0481 3848 ============================================================
17:22:23.0621 3848 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
17:22:23.0631 3848 1394ohci - ok
17:22:23.0721 3848 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
17:22:23.0741 3848 ACPI - ok
17:22:23.0841 3848 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
17:22:23.0841 3848 AcpiPmi - ok
17:22:23.0921 3848 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
17:22:23.0951 3848 adp94xx - ok
17:22:23.0981 3848 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
17:22:23.0981 3848 adpahci - ok
17:22:24.0052 3848 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
17:22:24.0052 3848 adpu320 - ok
17:22:24.0162 3848 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
17:22:24.0162 3848 AeLookupSvc - ok
17:22:24.0567 3848 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
17:22:24.0583 3848 AFD - ok
17:22:24.0630 3848 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
17:22:24.0630 3848 agp440 - ok
17:22:24.0708 3848 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
17:22:24.0708 3848 aic78xx - ok
17:22:24.0769 3848 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
17:22:24.0769 3848 ALG - ok
17:22:24.0819 3848 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
17:22:24.0819 3848 aliide - ok
17:22:24.0879 3848 AMD External Events Utility (4b9298fd6707980ab8e3a8f0e642ec9a) C:\Windows\system32\atiesrxx.exe
17:22:24.0879 3848 AMD External Events Utility - ok
17:22:24.0899 3848 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
17:22:24.0899 3848 amdagp - ok
17:22:24.0919 3848 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
17:22:24.0919 3848 amdide - ok
17:22:24.0979 3848 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
17:22:24.0979 3848 AmdK8 - ok
17:22:25.0469 3848 amdkmdag (5c297f25a4a09d14bfe2cab5de2f1457) C:\Windows\system32\DRIVERS\atikmdag.sys
17:22:25.0699 3848 amdkmdag - ok
17:22:25.0909 3848 amdkmdap (ff2e35d9bd35f36a0126a0ca7556e43d) C:\Windows\system32\DRIVERS\atikmpag.sys
17:22:25.0919 3848 amdkmdap - ok
17:22:25.0989 3848 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
17:22:25.0989 3848 AmdPPM - ok
17:22:26.0059 3848 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
17:22:26.0059 3848 amdsata - ok
17:22:26.0079 3848 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
17:22:26.0089 3848 amdsbs - ok
17:22:26.0119 3848 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
17:22:26.0119 3848 amdxata - ok
17:22:26.0169 3848 androidusb (f71671248134ea39bfd10401ee5fd825) C:\Windows\system32\Drivers\androidusb.sys
17:22:26.0169 3848 androidusb - ok
17:22:26.0229 3848 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
17:22:26.0229 3848 AppID - ok
17:22:26.0299 3848 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
17:22:26.0299 3848 AppIDSvc - ok
17:22:26.0369 3848 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
17:22:26.0369 3848 Appinfo - ok
17:22:26.0439 3848 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
17:22:26.0439 3848 arc - ok
17:22:26.0459 3848 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
17:22:26.0459 3848 arcsas - ok
17:22:26.0539 3848 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
17:22:26.0549 3848 ASLDRService - ok
17:22:26.0649 3848 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:22:26.0649 3848 aspnet_state - ok
17:22:26.0699 3848 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
17:22:26.0699 3848 AsyncMac - ok
17:22:26.0739 3848 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
17:22:26.0739 3848 atapi - ok
17:22:26.0816 3848 AtiHDAudioService (4d201d8b576be4473405b2a86a2d28b3) C:\Windows\system32\drivers\AtihdW73.sys
17:22:26.0831 3848 AtiHDAudioService - ok
17:22:27.0268 3848 atikmdag (5c297f25a4a09d14bfe2cab5de2f1457) C:\Windows\system32\DRIVERS\atikmdag.sys
17:22:27.0330 3848 atikmdag - ok
17:22:27.0502 3848 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:22:27.0518 3848 AudioEndpointBuilder - ok
17:22:27.0533 3848 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:22:27.0533 3848 Audiosrv - ok
17:22:27.0596 3848 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
17:22:27.0611 3848 AxInstSV - ok
17:22:27.0720 3848 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
17:22:27.0736 3848 b06bdrv - ok
17:22:27.0798 3848 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:22:27.0814 3848 b57nd60x - ok
17:22:27.0954 3848 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
17:22:27.0986 3848 BDESVC - ok
17:22:28.0079 3848 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
17:22:28.0079 3848 Beep - ok
17:22:28.0188 3848 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
17:22:28.0204 3848 BFE - ok
17:22:28.0251 3848 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
17:22:28.0282 3848 BITS - ok
17:22:28.0313 3848 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
17:22:28.0313 3848 blbdrive - ok
17:22:28.0360 3848 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
17:22:28.0360 3848 bowser - ok
17:22:28.0391 3848 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:22:28.0391 3848 BrFiltLo - ok
17:22:28.0391 3848 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:22:28.0391 3848 BrFiltUp - ok
17:22:28.0422 3848 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
17:22:28.0422 3848 BridgeMP - ok
17:22:28.0454 3848 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
17:22:28.0469 3848 Browser - ok
17:22:28.0516 3848 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
17:22:28.0532 3848 Brserid - ok
17:22:28.0547 3848 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
17:22:28.0547 3848 BrSerWdm - ok
17:22:28.0563 3848 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:22:28.0563 3848 BrUsbMdm - ok
17:22:28.0563 3848 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
17:22:28.0563 3848 BrUsbSer - ok
17:22:28.0670 3848 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe
17:22:28.0690 3848 BrYNSvc - ok
17:22:28.0750 3848 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
17:22:28.0750 3848 BthEnum - ok
17:22:28.0770 3848 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
17:22:28.0770 3848 BTHMODEM - ok
17:22:28.0830 3848 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
17:22:28.0840 3848 BthPan - ok
17:22:28.0910 3848 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
17:22:28.0930 3848 BTHPORT - ok
17:22:28.0980 3848 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
17:22:28.0990 3848 bthserv - ok
17:22:29.0020 3848 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
17:22:29.0030 3848 BTHUSB - ok
17:22:29.0180 3848 catchme - ok
17:22:29.0260 3848 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
17:22:29.0260 3848 cdfs - ok
17:22:29.0370 3848 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
17:22:29.0380 3848 cdrom - ok
17:22:29.0460 3848 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:22:29.0460 3848 CertPropSvc - ok
17:22:29.0510 3848 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
17:22:29.0520 3848 circlass - ok
17:22:29.0560 3848 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
17:22:29.0580 3848 CLFS - ok
17:22:29.0670 3848 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:22:29.0680 3848 clr_optimization_v2.0.50727_32 - ok
17:22:29.0740 3848 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:22:29.0740 3848 clr_optimization_v4.0.30319_32 - ok
17:22:29.0770 3848 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
17:22:29.0770 3848 CmBatt - ok
17:22:29.0800 3848 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
17:22:29.0800 3848 cmdide - ok
17:22:29.0840 3848 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
17:22:29.0860 3848 CNG - ok
17:22:29.0900 3848 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:22:29.0900 3848 Compbatt - ok
17:22:29.0960 3848 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
17:22:29.0960 3848 CompositeBus - ok
17:22:29.0990 3848 COMSysApp - ok
17:22:30.0070 3848 cpuz135 (26ce59f9fc8639fd7fed53ce3b785015) C:\Windows\system32\drivers\cpuz135_x32.sys
17:22:30.0080 3848 cpuz135 - ok
17:22:30.0110 3848 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
17:22:30.0110 3848 crcdisk - ok
17:22:30.0180 3848 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
17:22:30.0180 3848 CryptSvc - ok
17:22:30.0270 3848 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:22:30.0280 3848 DcomLaunch - ok
17:22:30.0310 3848 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
17:22:30.0330 3848 defragsvc - ok
17:22:30.0470 3848 Desura Install Service (2b9a817dc1bdad9ce5495099b6a7136a) C:\Program Files\Common Files\Desura\desura_service.exe
17:22:30.0480 3848 Desura Install Service - ok
17:22:30.0540 3848 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
17:22:30.0550 3848 DfsC - ok
17:22:30.0620 3848 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
17:22:30.0640 3848 Dhcp - ok
17:22:30.0650 3848 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:22:30.0660 3848 discache - ok
17:22:30.0730 3848 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
17:22:30.0740 3848 Disk - ok
17:22:30.0770 3848 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
17:22:30.0770 3848 Dnscache - ok
17:22:30.0810 3848 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
17:22:30.0830 3848 dot3svc - ok
17:22:30.0870 3848 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
17:22:30.0880 3848 DPS - ok
17:22:30.0940 3848 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:22:30.0940 3848 drmkaud - ok
17:22:31.0000 3848 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
17:22:31.0020 3848 DXGKrnl - ok
17:22:31.0060 3848 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
17:22:31.0070 3848 EapHost - ok
17:22:31.0320 3848 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
17:22:31.0420 3848 ebdrv - ok
17:22:31.0540 3848 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
17:22:31.0550 3848 EFS - ok
17:22:31.0640 3848 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
17:22:31.0640 3848 ElbyCDIO - ok
17:22:31.0730 3848 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
17:22:31.0750 3848 elxstor - ok
17:22:31.0790 3848 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
17:22:31.0790 3848 ErrDev - ok
17:22:31.0850 3848 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
17:22:31.0860 3848 EventSystem - ok
17:22:31.0880 3848 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:22:31.0880 3848 exfat - ok
17:22:31.0910 3848 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:22:31.0920 3848 fastfat - ok
17:22:32.0000 3848 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
17:22:32.0030 3848 Fax - ok
17:22:32.0050 3848 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
17:22:32.0050 3848 fdc - ok
17:22:32.0080 3848 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
17:22:32.0080 3848 fdPHost - ok
17:22:32.0100 3848 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
17:22:32.0100 3848 FDResPub - ok
17:22:32.0120 3848 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:22:32.0120 3848 FileInfo - ok
17:22:32.0130 3848 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:22:32.0130 3848 Filetrace - ok
17:22:32.0150 3848 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
17:22:32.0150 3848 flpydisk - ok
17:22:32.0180 3848 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:22:32.0190 3848 FltMgr - ok
17:22:32.0280 3848 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
17:22:32.0320 3848 FontCache - ok
17:22:32.0430 3848 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:22:32.0430 3848 FontCache3.0.0.0 - ok
17:22:32.0460 3848 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:22:32.0460 3848 FsDepends - ok
17:22:32.0490 3848 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
17:22:32.0490 3848 Fs_Rec - ok
17:22:32.0536 3848 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
17:22:32.0536 3848 fvevol - ok
17:22:32.0583 3848 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:22:32.0583 3848 gagp30kx - ok
17:22:32.0661 3848 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
17:22:32.0677 3848 gpsvc - ok
17:22:32.0802 3848 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:22:32.0802 3848 gusvc - ok
17:22:32.0833 3848 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:22:32.0833 3848 hcw85cir - ok
17:22:32.0895 3848 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
17:22:32.0911 3848 HdAudAddService - ok
17:22:32.0973 3848 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
17:22:32.0973 3848 HDAudBus - ok
17:22:33.0004 3848 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
17:22:33.0004 3848 HidBatt - ok
17:22:33.0020 3848 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
17:22:33.0020 3848 HidBth - ok
17:22:33.0051 3848 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
17:22:33.0051 3848 HidIr - ok
17:22:33.0114 3848 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
17:22:33.0114 3848 hidserv - ok
17:22:33.0160 3848 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
17:22:33.0176 3848 HidUsb - ok
17:22:33.0207 3848 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
17:22:33.0207 3848 hkmsvc - ok
17:22:33.0238 3848 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
17:22:33.0238 3848 HomeGroupListener - ok
17:22:33.0268 3848 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
17:22:33.0278 3848 HomeGroupProvider - ok
17:22:33.0308 3848 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
17:22:33.0318 3848 HpSAMD - ok
17:22:33.0358 3848 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
17:22:33.0378 3848 HTTP - ok
17:22:33.0408 3848 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
17:22:33.0408 3848 hwpolicy - ok
17:22:33.0468 3848 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
17:22:33.0468 3848 i8042prt - ok
17:22:33.0548 3848 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
17:22:33.0558 3848 iaStorV - ok
17:22:33.0698 3848 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:22:33.0718 3848 idsvc - ok
17:22:33.0778 3848 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
17:22:33.0778 3848 iirsp - ok
17:22:33.0878 3848 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
17:22:33.0898 3848 IKEEXT - ok
17:22:33.0918 3848 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
17:22:33.0918 3848 intelide - ok
17:22:33.0968 3848 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:22:33.0968 3848 intelppm - ok
17:22:34.0018 3848 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
17:22:34.0018 3848 IPBusEnum - ok
17:22:34.0038 3848 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:22:34.0038 3848 IpFilterDriver - ok
17:22:34.0138 3848 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
17:22:34.0168 3848 iphlpsvc - ok
17:22:34.0198 3848 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
17:22:34.0198 3848 IPMIDRV - ok
17:22:34.0228 3848 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:22:34.0228 3848 IPNAT - ok
17:22:34.0278 3848 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:22:34.0278 3848 IRENUM - ok
17:22:34.0308 3848 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
17:22:34.0308 3848 isapnp - ok
17:22:34.0338 3848 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
17:22:34.0348 3848 iScsiPrt - ok
17:22:34.0398 3848 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:22:34.0408 3848 kbdclass - ok
17:22:34.0458 3848 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
17:22:34.0458 3848 kbdhid - ok
17:22:34.0488 3848 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:22:34.0488 3848 KeyIso - ok
17:22:34.0508 3848 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
17:22:34.0508 3848 KSecDD - ok
17:22:34.0528 3848 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
17:22:34.0538 3848 KSecPkg - ok
17:22:34.0578 3848 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
17:22:34.0588 3848 KtmRm - ok
17:22:34.0658 3848 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
17:22:34.0678 3848 LanmanServer - ok
17:22:34.0698 3848 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
17:22:34.0708 3848 LanmanWorkstation - ok
17:22:34.0768 3848 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:22:34.0768 3848 lltdio - ok
17:22:34.0838 3848 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
17:22:34.0848 3848 lltdsvc - ok
17:22:34.0868 3848 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
17:22:34.0878 3848 lmhosts - ok
17:22:34.0928 3848 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:22:34.0938 3848 LSI_FC - ok
17:22:34.0978 3848 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:22:34.0988 3848 LSI_SAS - ok
17:22:35.0018 3848 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:22:35.0018 3848 LSI_SAS2 - ok
17:22:35.0038 3848 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:22:35.0038 3848 LSI_SCSI - ok
17:22:35.0088 3848 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:22:35.0088 3848 luafv - ok
17:22:35.0118 3848 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
17:22:35.0118 3848 megasas - ok
17:22:35.0158 3848 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
17:22:35.0168 3848 MegaSR - ok
17:22:35.0188 3848 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:22:35.0188 3848 MMCSS - ok
17:22:35.0208 3848 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:22:35.0208 3848 Modem - ok
17:22:35.0258 3848 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:22:35.0258 3848 monitor - ok
17:22:35.0288 3848 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
17:22:35.0298 3848 mouclass - ok
17:22:35.0348 3848 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:22:35.0348 3848 mouhid - ok
17:22:35.0388 3848 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
17:22:35.0388 3848 mountmgr - ok
17:22:35.0448 3848 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
17:22:35.0458 3848 MpFilter - ok
17:22:35.0498 3848 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
17:22:35.0498 3848 mpio - ok
17:22:35.0528 3848 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:22:35.0538 3848 mpsdrv - ok
17:22:35.0638 3848 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
17:22:35.0658 3848 MpsSvc - ok
17:22:35.0698 3848 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
17:22:35.0698 3848 MRxDAV - ok
17:22:35.0728 3848 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:22:35.0728 3848 mrxsmb - ok
17:22:35.0758 3848 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:22:35.0768 3848 mrxsmb10 - ok
17:22:35.0778 3848 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:22:35.0778 3848 mrxsmb20 - ok
17:22:35.0808 3848 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
17:22:35.0808 3848 msahci - ok
17:22:35.0838 3848 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
17:22:35.0838 3848 msdsm - ok
17:22:35.0868 3848 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
17:22:35.0878 3848 MSDTC - ok
17:22:35.0898 3848 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:22:35.0908 3848 Msfs - ok
17:22:35.0908 3848 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:22:35.0908 3848 mshidkmdf - ok
17:22:35.0928 3848 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
17:22:35.0928 3848 msisadrv - ok
17:22:35.0998 3848 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
17:22:35.0998 3848 MSiSCSI - ok
17:22:35.0998 3848 msiserver - ok
17:22:36.0068 3848 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:22:36.0068 3848 MSKSSRV - ok
17:22:36.0178 3848 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:22:36.0178 3848 MsMpSvc - ok
17:22:36.0198 3848 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:22:36.0198 3848 MSPCLOCK - ok
17:22:36.0198 3848 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:22:36.0208 3848 MSPQM - ok
17:22:36.0238 3848 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:22:36.0248 3848 MsRPC - ok
17:22:36.0288 3848 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
17:22:36.0288 3848 mssmbios - ok
17:22:36.0328 3848 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:22:36.0328 3848 MSTEE - ok
17:22:36.0328 3848 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
17:22:36.0328 3848 MTConfig - ok
17:22:36.0398 3848 MTsensor (2e71504a74be4e3d4ea94568eff7556e) C:\Windows\system32\DRIVERS\ATKACPI.sys
17:22:36.0398 3848 MTsensor - ok
17:22:36.0418 3848 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:22:36.0428 3848 Mup - ok
17:22:36.0468 3848 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
17:22:36.0488 3848 napagent - ok
17:22:36.0558 3848 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:22:36.0568 3848 NativeWifiP - ok
17:22:36.0638 3848 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
17:22:36.0658 3848 NDIS - ok
17:22:36.0718 3848 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:22:36.0718 3848 NdisCap - ok
17:22:36.0768 3848 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:22:36.0768 3848 NdisTapi - ok
17:22:36.0808 3848 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
17:22:36.0808 3848 Ndisuio - ok
17:22:36.0848 3848 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
17:22:36.0858 3848 NdisWan - ok
17:22:36.0888 3848 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
17:22:36.0888 3848 NDProxy - ok
17:22:36.0938 3848 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:22:36.0938 3848 NetBIOS - ok
17:22:36.0968 3848 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
17:22:36.0978 3848 NetBT - ok
17:22:37.0008 3848 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:22:37.0008 3848 Netlogon - ok
17:22:37.0098 3848 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
17:22:37.0118 3848 Netman - ok
17:22:37.0268 3848 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:22:37.0268 3848 NetMsmqActivator - ok
17:22:37.0288 3848 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:22:37.0298 3848 NetPipeActivator - ok
17:22:37.0348 3848 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
17:22:37.0368 3848 netprofm - ok
17:22:37.0388 3848 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:22:37.0388 3848 NetTcpActivator - ok
17:22:37.0398 3848 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:22:37.0398 3848 NetTcpPortSharing - ok
17:22:37.0708 3848 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
17:22:37.0868 3848 NETw5s32 - ok
17:22:38.0448 3848 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
17:22:38.0568 3848 netw5v32 - ok
17:22:38.0748 3848 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
17:22:38.0748 3848 nfrd960 - ok
17:22:38.0818 3848 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:22:38.0828 3848 NisDrv - ok
17:22:38.0938 3848 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
17:22:38.0958 3848 NisSrv - ok
17:22:38.0998 3848 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
17:22:39.0018 3848 NlaSvc - ok
17:22:39.0038 3848 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:22:39.0038 3848 Npfs - ok
17:22:39.0078 3848 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
17:22:39.0088 3848 nsi - ok
17:22:39.0108 3848 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:22:39.0108 3848 nsiproxy - ok
17:22:39.0228 3848 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
17:22:39.0268 3848 Ntfs - ok
17:22:39.0288 3848 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:22:39.0288 3848 Null - ok
17:22:39.0318 3848 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
17:22:39.0318 3848 nvraid - ok
17:22:39.0348 3848 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
17:22:39.0348 3848 nvstor - ok
17:22:39.0368 3848 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
17:22:39.0378 3848 nv_agp - ok
17:22:39.0408 3848 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
17:22:39.0408 3848 ohci1394 - ok
17:22:39.0458 3848 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:22:39.0468 3848 p2pimsvc - ok
17:22:39.0498 3848 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
17:22:39.0508 3848 p2psvc - ok
17:22:39.0548 3848 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
17:22:39.0548 3848 Parport - ok
17:22:39.0588 3848 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
17:22:39.0588 3848 partmgr - ok
17:22:39.0608 3848 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
17:22:39.0608 3848 Parvdm - ok
17:22:39.0638 3848 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
17:22:39.0638 3848 PcaSvc - ok
17:22:39.0678 3848 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
17:22:39.0688 3848 pci - ok
17:22:39.0708 3848 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
17:22:39.0708 3848 pciide - ok
17:22:39.0738 3848 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
17:22:39.0738 3848 pcmcia - ok
17:22:39.0758 3848 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:22:39.0758 3848 pcw - ok
17:22:39.0828 3848 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:22:39.0848 3848 PEAUTH - ok
17:22:39.0948 3848 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
17:22:39.0998 3848 pla - ok
17:22:40.0138 3848 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
17:22:40.0168 3848 PlugPlay - ok
17:22:40.0258 3848 PnkBstrA (3a2bdd76e7d2a5f40a7174793d1ba794) C:\Windows\system32\PnkBstrA.exe
17:22:40.0268 3848 PnkBstrA - ok
17:22:40.0308 3848 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
17:22:40.0318 3848 PNRPAutoReg - ok
17:22:40.0348 3848 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:22:40.0348 3848 PNRPsvc - ok
17:22:40.0398 3848 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
17:22:40.0408 3848 PolicyAgent - ok
17:22:40.0438 3848 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
17:22:40.0438 3848 Power - ok
17:22:40.0528 3848 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:22:40.0538 3848 PptpMiniport - ok
17:22:40.0548 3848 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
17:22:40.0558 3848 Processor - ok
17:22:40.0598 3848 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
17:22:40.0608 3848 ProfSvc - ok
17:22:40.0648 3848 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:22:40.0648 3848 ProtectedStorage - ok
17:22:40.0708 3848 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:22:40.0708 3848 Psched - ok
17:22:40.0788 3848 qcusbser (59b96dbe2acb872cc1c9f4c14dbb7690) C:\Windows\system32\DRIVERS\qcusbser.sys
17:22:40.0788 3848 qcusbser - ok
17:22:40.0868 3848 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
17:22:40.0908 3848 ql2300 - ok
17:22:41.0058 3848 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
17:22:41.0058 3848 ql40xx - ok
17:22:41.0098 3848 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
17:22:41.0108 3848 QWAVE - ok
17:22:41.0138 3848 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:22:41.0138 3848 QWAVEdrv - ok
17:22:41.0158 3848 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:22:41.0158 3848 RasAcd - ok
17:22:41.0218 3848 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:22:41.0218 3848 RasAgileVpn - ok
17:22:41.0258 3848 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
17:22:41.0268 3848 RasAuto - ok
17:22:41.0308 3848 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:22:41.0308 3848 Rasl2tp - ok
17:22:41.0378 3848 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
17:22:41.0398 3848 RasMan - ok
17:22:41.0438 3848 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:22:41.0438 3848 RasPppoe - ok
17:22:41.0488 3848 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:22:41.0498 3848 RasSstp - ok
17:22:41.0548 3848 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
17:22:41.0558 3848 rdbss - ok
17:22:41.0588 3848 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
17:22:41.0588 3848 rdpbus - ok
17:22:41.0628 3848 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:22:41.0628 3848 RDPCDD - ok
17:22:41.0688 3848 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:22:41.0698 3848 RDPENCDD - ok
17:22:41.0708 3848 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:22:41.0708 3848 RDPREFMP - ok
17:22:41.0758 3848 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
17:22:41.0768 3848 RDPWD - ok
17:22:41.0838 3848 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
17:22:41.0858 3848 rdyboost - ok
17:22:41.0918 3848 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
17:22:41.0928 3848 RemoteAccess - ok
17:22:41.0968 3848 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
17:22:41.0968 3848 RemoteRegistry - ok
17:22:42.0028 3848 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
17:22:42.0028 3848 RFCOMM - ok
17:22:42.0088 3848 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
17:22:42.0088 3848 rismxdp - ok
17:22:42.0108 3848 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
17:22:42.0108 3848 RpcEptMapper - ok
17:22:42.0138 3848 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
17:22:42.0138 3848 RpcLocator - ok
17:22:42.0178 3848 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:22:42.0188 3848 RpcSs - ok
17:22:42.0248 3848 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:22:42.0248 3848 rspndr - ok
17:22:42.0308 3848 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
17:22:42.0318 3848 RTL8167 - ok
17:22:42.0348 3848 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:22:42.0358 3848 SamSs - ok
17:22:42.0418 3848 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
17:22:42.0428 3848 sbp2port - ok
17:22:42.0468 3848 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
17:22:42.0488 3848 SCardSvr - ok
17:22:42.0528 3848 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
17:22:42.0528 3848 scfilter - ok
17:22:42.0598 3848 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
17:22:42.0628 3848 Schedule - ok
17:22:42.0658 3848 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:22:42.0658 3848 SCPolicySvc - ok
17:22:42.0718 3848 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
17:22:42.0728 3848 sdbus - ok
17:22:42.0758 3848 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
17:22:42.0758 3848 SDRSVC - ok
17:22:42.0818 3848 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:22:42.0818 3848 secdrv - ok
17:22:42.0848 3848 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
17:22:42.0858 3848 seclogon - ok
17:22:42.0908 3848 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
17:22:42.0908 3848 SENS - ok
17:22:42.0938 3848 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
17:22:42.0948 3848 SensrSvc - ok
17:22:42.0958 3848 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
17:22:42.0958 3848 Serenum - ok
17:22:43.0008 3848 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
17:22:43.0008 3848 Serial - ok
17:22:43.0038 3848 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
17:22:43.0038 3848 sermouse - ok
17:22:43.0088 3848 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
17:22:43.0108 3848 SessionEnv - ok
17:22:43.0138 3848 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
17:22:43.0148 3848 sffdisk - ok
17:22:43.0158 3848 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
17:22:43.0168 3848 sffp_mmc - ok
17:22:43.0188 3848 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:22:43.0188 3848 sffp_sd - ok
17:22:43.0208 3848 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
17:22:43.0208 3848 sfloppy - ok
17:22:43.0318 3848 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
17:22:43.0328 3848 SharedAccess - ok
17:22:43.0388 3848 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
17:22:43.0408 3848 ShellHWDetection - ok
17:22:43.0438 3848 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
17:22:43.0448 3848 sisagp - ok
17:22:43.0488 3848 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:22:43.0488 3848 SiSRaid2 - ok
17:22:43.0508 3848 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
17:22:43.0508 3848 SiSRaid4 - ok
17:22:43.0548 3848 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:22:43.0548 3848 Smb - ok
17:22:43.0658 3848 smserial (19301c27f3425dc39f6c599f527e507d) C:\Windows\system32\DRIVERS\smserial.sys
17:22:43.0688 3848 smserial - ok
17:22:43.0748 3848 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
17:22:43.0758 3848 SNMPTRAP - ok
17:22:43.0778 3848 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:22:43.0778 3848 spldr - ok
17:22:43.0818 3848 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
17:22:43.0848 3848 Spooler - ok
17:22:44.0008 3848 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
17:22:44.0118 3848 sppsvc - ok
17:22:44.0238 3848 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
17:22:44.0248 3848 sppuinotify - ok
17:22:44.0348 3848 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
17:22:44.0368 3848 srv - ok
17:22:44.0408 3848 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
17:22:44.0418 3848 srv2 - ok
17:22:44.0438 3848 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
17:22:44.0448 3848 srvnet - ok
17:22:44.0468 3848 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
17:22:44.0488 3848 SSDPSRV - ok
17:22:44.0498 3848 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
17:22:44.0508 3848 SstpSvc - ok
17:22:44.0558 3848 Steam Client Service - ok
17:22:44.0588 3848 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
17:22:44.0588 3848 stexstor - ok
17:22:44.0648 3848 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
17:22:44.0648 3848 StillCam - ok
17:22:44.0738 3848 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
17:22:44.0758 3848 StiSvc - ok
17:22:44.0788 3848 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
17:22:44.0798 3848 swenum - ok
17:22:44.0858 3848 SwOffScheduler - ok
17:22:44.0878 3848 SwOffWeb - ok
17:22:44.0918 3848 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
17:22:44.0938 3848 swprv - ok
17:22:45.0008 3848 SynTP (3f4982de07d89a1084861e9d59f7ebb1) C:\Windows\system32\DRIVERS\SynTP.sys
17:22:45.0028 3848 SynTP - ok
17:22:45.0138 3848 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
17:22:45.0168 3848 SysMain - ok
17:22:45.0208 3848 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
17:22:45.0208 3848 TabletInputService - ok
17:22:45.0238 3848 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
17:22:45.0258 3848 TapiSrv - ok
17:22:45.0288 3848 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
17:22:45.0298 3848 TBS - ok
17:22:45.0468 3848 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
17:22:45.0518 3848 Tcpip - ok
17:22:45.0568 3848 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
17:22:45.0578 3848 TCPIP6 - ok
17:22:45.0618 3848 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
17:22:45.0618 3848 tcpipreg - ok
17:22:45.0678 3848 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
17:22:45.0678 3848 TDPIPE - ok
17:22:45.0718 3848 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
17:22:45.0718 3848 TDTCP - ok
17:22:45.0758 3848 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
17:22:45.0758 3848 tdx - ok
17:22:45.0798 3848 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
17:22:45.0798 3848 TermDD - ok
17:22:45.0848 3848 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
17:22:45.0868 3848 TermService - ok
17:22:45.0898 3848 Themes (59cfda4eacb3788f8b17f87b49b0ac0e) C:\Windows\system32\themeservice.dll
17:22:45.0898 3848 Themes - ok
17:22:45.0928 3848 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:22:45.0928 3848 THREADORDER - ok
17:22:45.0958 3848 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
17:22:45.0958 3848 TrkWks - ok
17:22:46.0008 3848 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
17:22:46.0028 3848 TrustedInstaller - ok
17:22:46.0068 3848 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:22:46.0068 3848 tssecsrv - ok
17:22:46.0148 3848 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
17:22:46.0158 3848 TsUsbFlt - ok
17:22:46.0238 3848 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
17:22:46.0248 3848 tunnel - ok
17:22:46.0288 3848 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
17:22:46.0288 3848 uagp35 - ok
17:22:46.0318 3848 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
17:22:46.0328 3848 udfs - ok
17:22:46.0368 3848 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
17:22:46.0378 3848 UI0Detect - ok
17:22:46.0438 3848 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
17:22:46.0438 3848 uliagpkx - ok
17:22:46.0508 3848 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
17:22:46.0508 3848 umbus - ok
17:22:46.0548 3848 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
17:22:46.0548 3848 UmPass - ok
17:22:46.0588 3848 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
17:22:46.0618 3848 upnphost - ok
17:22:46.0648 3848 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
17:22:46.0658 3848 usbccgp - ok
17:22:46.0678 3848 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
17:22:46.0688 3848 usbcir - ok
17:22:46.0718 3848 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
17:22:46.0718 3848 usbehci - ok
17:22:46.0788 3848 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
17:22:46.0798 3848 usbhub - ok
17:22:46.0818 3848 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
17:22:46.0818 3848 usbohci - ok
17:22:46.0838 3848 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
17:22:46.0838 3848 usbprint - ok
17:22:46.0858 3848 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:22:46.0858 3848 USBSTOR - ok
17:22:46.0878 3848 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
17:22:46.0878 3848 usbuhci - ok
17:22:46.0948 3848 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
17:22:46.0958 3848 usbvideo - ok
17:22:47.0008 3848 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
17:22:47.0018 3848 usb_rndisx - ok
17:22:47.0038 3848 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
17:22:47.0048 3848 UxSms - ok
17:22:47.0088 3848 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:22:47.0088 3848 VaultSvc - ok
17:22:47.0148 3848 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
17:22:47.0148 3848 VClone - ok
17:22:47.0198 3848 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
17:22:47.0198 3848 vdrvroot - ok
17:22:47.0248 3848 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
17:22:47.0278 3848 vds - ok
17:22:47.0328 3848 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:22:47.0338 3848 vga - ok
17:22:47.0358 3848 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:22:47.0358 3848 VgaSave - ok
17:22:47.0398 3848 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
17:22:47.0408 3848 vhdmp - ok
17:22:47.0458 3848 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
17:22:47.0458 3848 viaagp - ok
17:22:47.0468 3848 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
17:22:47.0468 3848 ViaC7 - ok
17:22:47.0488 3848 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
17:22:47.0488 3848 viaide - ok
17:22:47.0498 3848 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
17:22:47.0508 3848 volmgr - ok
17:22:47.0528 3848 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:22:47.0548 3848 volmgrx - ok
17:22:47.0588 3848 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
17:22:47.0598 3848 volsnap - ok
17:22:47.0648 3848 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
17:22:47.0648 3848 vsmraid - ok
17:22:47.0718 3848 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
17:22:47.0748 3848 VSS - ok
17:22:47.0768 3848 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
17:22:47.0768 3848 vwifibus - ok
17:22:47.0808 3848 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
17:22:47.0808 3848 vwififlt - ok
17:22:47.0868 3848 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
17:22:47.0868 3848 vwifimp - ok
17:22:47.0918 3848 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
17:22:47.0938 3848 W32Time - ok
17:22:47.0978 3848 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:22:47.0978 3848 WacomPen - ok
17:22:48.0028 3848 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:22:48.0028 3848 WANARP - ok
17:22:48.0038 3848 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:22:48.0048 3848 Wanarpv6 - ok
17:22:48.0188 3848 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
17:22:48.0248 3848 WatAdminSvc - ok
17:22:48.0458 3848 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
17:22:48.0498 3848 wbengine - ok
17:22:48.0578 3848 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
17:22:48.0598 3848 WbioSrvc - ok
17:22:48.0648 3848 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
17:22:48.0658 3848 wcncsvc - ok
17:22:48.0668 3848 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
17:22:48.0678 3848 WcsPlugInService - ok
17:22:48.0728 3848 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:22:48.0728 3848 Wd - ok
17:22:48.0778 3848 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
17:22:48.0778 3848 WDC_SAM - ok
17:22:48.0828 3848 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:22:48.0838 3848 Wdf01000 - ok
17:22:48.0858 3848 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:22:48.0868 3848 WdiServiceHost - ok
17:22:48.0868 3848 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:22:48.0878 3848 WdiSystemHost - ok
17:22:48.0908 3848 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
17:22:48.0928 3848 WebClient - ok
17:22:48.0968 3848 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
17:22:48.0978 3848 Wecsvc - ok
17:22:48.0988 3848 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
17:22:48.0988 3848 wercplsupport - ok
17:22:49.0038 3848 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
17:22:49.0058 3848 WerSvc - ok
17:22:49.0108 3848 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:22:49.0118 3848 WfpLwf - ok
17:22:49.0138 3848 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:22:49.0138 3848 WIMMount - ok
17:22:49.0268 3848 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
17:22:49.0288 3848 WinDefend - ok
17:22:49.0298 3848 WinHttpAutoProxySvc - ok
17:22:49.0368 3848 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
17:22:49.0388 3848 Winmgmt - ok
17:22:49.0498 3848 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
17:22:49.0528 3848 WinRM - ok
17:22:49.0658 3848 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
17:22:49.0658 3848 WinUsb - ok
17:22:49.0728 3848 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
17:22:49.0758 3848 Wlansvc - ok
17:22:49.0778 3848 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
17:22:49.0778 3848 WmiAcpi - ok
17:22:49.0848 3848 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
17:22:49.0868 3848 wmiApSrv - ok
17:22:50.0048 3848 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:22:50.0088 3848 WMPNetworkSvc - ok
17:22:50.0118 3848 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
17:22:50.0128 3848 WPCSvc - ok
17:22:50.0158 3848 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
17:22:50.0168 3848 WPDBusEnum - ok
17:22:50.0218 3848 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:22:50.0218 3848 ws2ifsl - ok
17:22:50.0298 3848 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
17:22:50.0308 3848 wscsvc - ok
17:22:50.0358 3848 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
17:22:50.0358 3848 WSDPrintDevice - ok
17:22:50.0358 3848 WSearch - ok
17:22:50.0488 3848 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
17:22:50.0558 3848 wuauserv - ok
17:22:50.0698 3848 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
17:22:50.0708 3848 WudfPf - ok
17:22:50.0768 3848 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:22:50.0778 3848 WUDFRd - ok
17:22:50.0848 3848 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
17:22:50.0858 3848 wudfsvc - ok
17:22:50.0898 3848 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
17:22:50.0928 3848 WwanSvc - ok
17:22:51.0008 3848 xnacc (ce0c846127d6abb1e2a22e59682b2527) C:\Windows\system32\DRIVERS\xnacc.sys
17:22:51.0038 3848 xnacc - ok
17:22:51.0118 3848 xusb21 (276842a27953be204a2507096f09b1f3) C:\Windows\system32\DRIVERS\xusb21.sys
17:22:51.0118 3848 xusb21 - ok
17:22:51.0208 3848 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:22:51.0708 3848 \Device\Harddisk0\DR0 - ok
17:22:51.0718 3848 MBR (0x1B8) (ce7f3de9c768abb7dd8f09333d09df9a) \Device\Harddisk1\DR1
17:22:51.0728 3848 \Device\Harddisk1\DR1 - ok
17:22:51.0738 3848 Boot (0x1200) (bdbbaa05790c7aefa6ad25e7121f636f) \Device\Harddisk0\DR0\Partition0
17:22:51.0738 3848 \Device\Harddisk0\DR0\Partition0 - ok
17:22:51.0788 3848 Boot (0x1200) (b6aefffafbb91e1024080e0fe9e967bb) \Device\Harddisk0\DR0\Partition1
17:22:51.0788 3848 \Device\Harddisk0\DR0\Partition1 - ok
17:22:51.0798 3848 ============================================================
17:22:51.0798 3848 Scan finished
17:22:51.0798 3848 ============================================================
17:22:51.0808 1164 Detected object count: 0
17:22:51.0808 1164 Actual detected object count: 0
17:22:56.0106 3884 Deinitialize success





aswMBR log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-25 16:41:06
-----------------------------
16:41:06.480 OS Version: Windows 6.1.7601 Service Pack 1
16:41:06.480 Number of processors: 2 586 0xF0D
16:41:06.480 ComputerName: DOUBLETHINK UserName: Darshil
16:41:07.884 Initialize success
16:41:12.689 AVAST engine defs: 12062401
16:41:19.677 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:41:19.677 Disk 0 Vendor: ST9250827AS 3.AAA Size: 238475MB BusType: 11
16:41:19.709 Disk 0 MBR read successfully
16:41:19.709 Disk 0 MBR scan
16:41:19.724 Disk 0 Windows 7 default MBR code
16:41:19.724 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:41:19.740 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
16:41:19.755 Disk 0 scanning sectors +488394752
16:41:19.833 Disk 0 scanning C:\Windows\system32\drivers
16:41:31.331 Service scanning
16:41:59.052 Modules scanning
16:42:11.579 Disk 0 trace - called modules:
16:42:11.594 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
16:42:12.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a95948]
16:42:12.125 3 CLASSPNP.SYS[88fba59e] -> nt!IofCallDriver -> [0x859adc10]
16:42:12.125 5 ACPI.sys[88c893d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x859b6908]
16:42:13.622 AVAST engine scan C:\Windows
16:42:18.864 AVAST engine scan C:\Windows\system32
16:45:15.253 AVAST engine scan C:\Windows\system32\drivers
16:45:28.077 AVAST engine scan C:\Users\Darshil
17:15:41.681 AVAST engine scan C:\ProgramData
17:19:24.944 Scan finished successfully
17:21:30.675 Disk 0 MBR has been saved successfully to "C:\Users\Darshil\Desktop\MBR.dat"
17:21:30.675 The log file has been saved successfully to "C:\Users\Darshil\Desktop\aswMBR.txt"


Computer seems to be running all right. Had a Blue screen of death while doing the aswmbr scan but I think that was due to me fiddling with my external HDD:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 3081

Additional information about the problem:
BCCode: d1
BCP1: 00000000
BCP2: 000000FF
BCP3: 00000008
BCP4: 00000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\062512-19047-01.dmp
C:\Users\Darshil\AppData\Local\temp\WER-49577-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 25 June 2012 - 02:30 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 darshil

darshil
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 25 June 2012 - 02:47 AM

Hiya,

Here is the new report:

Combofix with script supplied log:
ComboFix 12-06-25.01 - Darshil 25/06/2012 17:37:25.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.2047.871 [GMT 10:00]
Running from: c:\users\Darshil\Desktop\ComboFix.exe
Command switches used :: c:\users\Darshil\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))))
.
.
2012-06-25 18:17 . 2012-06-25 22:20 -------- d-----w- C:\FRST
2012-06-25 14:54 . 2012-06-25 14:54 -------- d-----w- C:\.Trash-ubuntu
2012-06-25 10:29 . 2012-06-25 13:42 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-25 07:44 . 2012-06-25 07:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-25 05:38 . 2012-06-25 06:30 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{412A08E3-FFFC-4BC3-A2D7-0D4E7B8F3025}\offreg.dll
2012-06-25 05:36 . 2012-06-25 07:44 -------- d-----w- c:\users\Darshil\AppData\Local\temp
2012-06-25 03:51 . 2012-06-25 06:29 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F1C9A22-154C-4762-B9CD-330D54D02054}\offreg.dll
2012-06-24 23:33 . 2012-06-24 23:33 -------- d-----w- c:\windows\Mozilla
2012-06-24 23:23 . 2012-06-24 23:23 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E058BAE-BADC-43B9-A0EA-7CECC6E6874A}\gapaengine.dll
2012-06-24 23:23 . 2012-05-30 10:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F1C9A22-154C-4762-B9CD-330D54D02054}\mpengine.dll
2012-06-24 23:21 . 2012-06-24 23:21 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-23 11:10 . 2012-06-23 11:10 -------- d-----w- c:\program files\Free Video Joiner
2012-06-22 10:17 . 2012-06-22 10:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-21 21:55 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 21:55 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 21:55 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 21:55 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 21:54 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 21:54 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 21:54 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 21:54 . 2012-06-02 05:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 21:54 . 2012-06-02 05:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 12:10 . 2012-06-21 12:17 -------- d-----w- c:\users\Darshil\AppData\Local\Green Man Gaming
2012-06-21 12:09 . 2012-06-21 12:10 -------- d-----w- c:\program files\Capsule
2012-06-19 11:51 . 2012-06-19 11:52 -------- d-----w- c:\users\Darshil\AppData\Local\www.dvbportal.de
2012-06-18 00:28 . 2012-06-18 00:28 -------- d-----w- c:\program files\SRWare Iron
2012-06-18 00:21 . 2012-06-18 00:26 -------- d-----w- c:\users\Darshil\AppData\Local\Opera
2012-06-18 00:21 . 2012-06-18 00:26 -------- d-----w- c:\program files\Opera
2012-06-14 21:54 . 2012-06-14 21:54 -------- d-----w- c:\users\Darshil\AppData\Local\Macromedia
2012-06-12 23:33 . 2012-06-12 23:33 -------- d-----w- c:\program files\PuTTY
2012-06-12 21:43 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-12 21:43 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-06-12 21:43 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 21:43 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 21:42 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-12 21:42 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 21:42 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-12 21:42 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 21:41 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 21:41 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 21:41 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-08 10:46 . 2012-06-08 10:49 -------- d-----w- c:\users\Darshil\AppData\Roaming\Babbel
2012-06-08 01:21 . 2010-09-28 12:06 608448 ----a-w- c:\windows\system32\COMCTL32.ocx
2012-06-08 01:05 . 2012-06-08 01:05 -------- d-----w- c:\windows\ShellNew
2012-06-05 02:32 . 2012-06-05 02:32 2829 ----a-w- c:\windows\DiabUnin.pif
2012-06-05 02:32 . 2012-06-05 02:32 118784 ----a-w- c:\windows\DiabUnin.exe
2012-06-05 02:31 . 2012-06-08 01:28 -------- d-----w- c:\program files\Diablo
2012-06-04 05:56 . 2012-03-09 00:57 24328 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-06-04 05:56 . 2012-06-04 05:56 -------- d-----w- c:\program files\CPUID
2012-06-04 01:46 . 2012-06-17 01:06 -------- d-----w- c:\users\Darshil\dwhelper
2012-05-27 04:20 . 2012-05-27 04:37 -------- d-----w- c:\program files\AssaultCube_v1.1.0.4
2012-05-27 00:53 . 2012-05-27 02:21 -------- d-----w- c:\program files\Uplink
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 21:53 . 2012-04-04 07:26 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 21:53 . 2012-01-03 09:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-27 04:21 . 2012-01-03 09:29 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-27 04:21 . 2012-01-03 09:29 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-14 05:42 . 2012-04-23 07:06 607 ----a-w- c:\windows\uninstallstickies.bat
2012-04-09 05:25 . 2012-04-09 05:18 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-04-09 05:25 . 2012-04-09 05:25 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-04-09 05:25 . 2012-04-09 05:18 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-04-09 05:18 . 2012-04-09 05:18 138056 ----a-w- c:\users\Darshil\AppData\Roaming\PnkBstrK.sys
2012-04-09 05:18 . 2012-04-09 05:18 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-04-09 05:18 . 2012-04-09 05:18 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-04-04 22:52 . 2012-01-03 11:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-31 04:39 . 2012-05-09 04:58 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 04:58 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-09 04:57 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 02:35 . 2012-01-16 10:52 916480 ----a-w- c:\windows\expstart.exe
2011-12-21 07:42 . 2012-01-02 21:09 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.20910] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[7] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16768] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7601.21669] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[-] 2011-02-25 . 697651F303443F98F7EC76D4DCAE6789 . 2616320 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[-] 2011-02-25 . 697651F303443F98F7EC76D4DCAE6789 . 2616320 . . [6.1.7601.17567] . . c:\windows\W7SOC\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7601.17567] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.20563] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16450] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.20500] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16404] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-18 105016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-17 1549608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\Darshil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stickies.lnk - c:\program files\Stickies\stickies.exe [2012-4-23 1134592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Darshil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CBC.exe]
path=c:\users\Darshil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CBC.exe
backup=c:\windows\pss\CBC.exe.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
start AMD Accelerated Video Transcoding device initialization [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
2010-02-09 05:43 2621440 ------r- c:\program files\Browny02\Brother\BrStMonW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-23 23:26 114688 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2011-11-05 02:17 980368 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 04:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2009-09-30 07:57 718688 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe
.
R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\Airytec\Switch Off\swoff.exe [2011-05-28 135168]
R2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\Airytec\Switch Off\swoff.exe [2011-05-28 135168]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2009-08-21 25728]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-24 245760]
R3 Desura Install Service;Desura Install Service;c:\program files\Common Files\Desura\desura_service.exe [2012-01-14 131912]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 qcusbser;ACER Android USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2009-08-13 105984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-03 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 163328]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-03-09 24328]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-09 9183232]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-09 265216]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-12-05 86032]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 46540234
*Deregistered* - 46540234
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.forumswatcher.com/search.htm
uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Darshil\AppData\Roaming\Mozilla\Firefox\Profiles\p68ey796.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.google.com.au
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1365191924-137578127-4193770280-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*P*D*T*V*đ -?\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-25 17:46:07
ComboFix-quarantined-files.txt 2012-06-25 07:46
ComboFix2.txt 2012-06-25 05:46
.
Pre-Run: 119,374,716,928 bytes free
Post-Run: 119,433,904,128 bytes free
.
- - End Of File - - D4844C9A473984D2C5E46064C9E6E642


Computer seems to be running fine. Should I enable my virus software now?

Thank you ever so much!

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 25 June 2012 - 02:53 AM

Hello darshil

Should I enable my virus software now? - yes now is a good time


I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 darshil

darshil
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 25 June 2012 - 02:55 AM

Lovely!

Here is the list of programs:

7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Airytec Switch Off
AMD Catalyst Install Manager
Armagetron Advanced 0.2.8.3.1.gcc
AssaultCube v1.1.0.4
ATK Hotkey
µTorrent
Bastion
BIT.TRIP RUNNER (remove only)
Bitfighter (remove only)
Brother MFL-Pro Suite DCP-J515W
BurnAware Free 4.9
Capsule
Catalyst Control Center InstallProxy
CCleaner
Counter-Strike 2D 0.1.2.0
CPUID CPU-Z 1.60.1
D-Fend Reloaded 1.2.1 (deinstall)
Default Programs Editor
Defraggler
Desura
Diablo
DoomRL version 0.9.9.6
DVDFab 8.1.7.6 (12/04/2012) Qt
Eraser 6.0.9.2343
Free Video Joiner
Freemake Video Converter version 3.0.2
Frozen Synapse
GTA2
GTA2 Game Hunter
Gtk# for .Net 2.12.10
GTK2-Themes
Half-Life
ImgBurn
IrfanView (remove only)
Jamestown: Legend of the Lost Colony
Java Auto Updater
Java™ 6 Update 31
JDownloader 0.9
League of Legends
LibreOffice 3.5
Logon Screen
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Xbox 360 Accessories 1.2
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 9.0.1 (x86 en-GB)
Nation Red
Notepad++
NVIDIA PhysX
OpenAL
Paint.NET v3.5.10
Pale Moon 12.2.1 (x86 en-US)
Path of Exile
Picasa 3
PokerTH
Psychonauts
PunkBuster Services
PuTTY version 0.62
Rayman Origins Demo
Red Eclipse
Remote Control USB Driver
Revenge of the Titans
Scoregasm
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Serious Sam HD: The First Encounter
Sierra Utilities
Smuxi 0.8.9.2
Soldat 1.6.3
SRWare Iron version SRWare Iron 19.0.1100.0
Steam
StencylWorks
Stickies 7.1d
Subvein v0.698
SumatraPDF
Synaptics Pointing Device Driver
TeraCopy 2.27
Time Gentlemen, Please!
Twine 1.3.5 (remove only)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Uplink (remove only)
VirtualCloneDrive
Vista Shortcut Manager
VLC media player 2.0.1
Windows Driver Package - Acer, Inc (androidusb) USB (08/16/2010 1.0.0010.00000)
Windows Driver Package - Linux Developer Community Net (08/16/2010 5.1.2600.2781)
WinRAR 4.11 (32-bit)
XChat-WDK (x86)

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 25 June 2012 - 02:57 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 darshil

darshil
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 25 June 2012 - 04:18 AM

Hiya,

I have updated Java and ran CCleaner. I understand your concerns about P2P and will be more careful.

Here are the logs:

Hijack This Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:16:34 PM, on 25/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Stickies\stickies.exe
C:\Windows\notepad.exe
C:\Program Files\Pale Moon\palemoon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forumswatcher.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.forumswatcher.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files\Common Files\Desura\desura_service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Airytec Switch Off - Task Scheduler (SwOffScheduler) - Airytec - C:\Program Files\Airytec\Switch Off\swoff.exe
O23 - Service: Airytec Switch Off - Web Interface (SwOffWeb) - Airytec - C:\Program Files\Airytec\Switch Off\swoff.exe

--
End of file - 3318 bytes



MBAM Report:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.25.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Darshil :: DOUBLETHINK [administrator]

25/06/2012 6:30:34 PM
mbam-log-2012-06-25 (18-30-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191316
Time elapsed: 9 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
------------------------------

Computer is running fine, nothing out of the ordinary. Virus protection enabled.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:58 PM

Posted 25 June 2012 - 07:54 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users